Mixing
Can a superuser process change the real user ID and group ID of a process, not matching those in the password file?
Clash Royale CLAN TAG#URR8PPP
up vote
9
down vote
favorite
From APUE
The real user ID and real group ID of a process identify who we really are. These two fields are taken from our entry in the password ï¬Âle when we log in. Normally, these values don’t change during a login session, although there are ways for a superuser process to change them
Can a superuser process change the real user ID and real group ID of a process, so that the relation between the real user ID and real group ID doesn't match those in the password file? For example, if user Tim isn't a member of group ocean per the password file, can a superuser process change the real user ID and real group ID of a process to be Tim and ocean respectively?
linux users group
edited Sep 3 at 22:38
ctrl-alt-delor
9,06431948
asked Sep 3 at 21:47
Tim
22.9k66225407
add a comment |Â
up vote
9
down vote
favorite
From APUE
The real user ID and real group ID of a process identify who we really are. These two fields are taken from our entry in the password ï¬Âle when we log in. Normally, these values don’t change during a login session, although there are ways for a superuser process to change them
Can a superuser process change the real user ID and real group ID of a process, so that the relation between the real user ID and real group ID doesn't match those in the password file? For example, if user Tim isn't a member of group ocean per the password file, can a superuser process change the real user ID and real group ID of a process to be Tim and ocean respectively?
linux users group
edited Sep 3 at 22:38
ctrl-alt-delor
9,06431948
asked Sep 3 at 21:47
Tim
22.9k66225407
5
One important clarification here: a process running with superuser privileges has the ability of changing its own UID and GID, not those of another process.
– Filipe Brandenburger
Sep 3 at 22:28
Helpful - stackoverflow.com/questions/8499296/….
– slm♦
Sep 3 at 22:47
add a comment |Â
up vote
9
down vote
favorite
up vote
9
down vote
favorite
From APUE
The real user ID and real group ID of a process identify who we really are. These two fields are taken from our entry in the password ï¬Âle when we log in. Normally, these values don’t change during a login session, although there are ways for a superuser process to change them
Can a superuser process change the real user ID and real group ID of a process, so that the relation between the real user ID and real group ID doesn't match those in the password file? For example, if user Tim isn't a member of group ocean per the password file, can a superuser process change the real user ID and real group ID of a process to be Tim and ocean respectively?
linux users group
edited Sep 3 at 22:38
ctrl-alt-delor
9,06431948
asked Sep 3 at 21:47
Tim
22.9k66225407
From APUE
The real user ID and real group ID of a process identify who we really are. These two fields are taken from our entry in the password ï¬Âle when we log in. Normally, these values don’t change during a login session, although there are ways for a superuser process to change them
Can a superuser process change the real user ID and real group ID of a process, so that the relation between the real user ID and real group ID doesn't match those in the password file? For example, if user Tim isn't a member of group ocean per the password file, can a superuser process change the real user ID and real group ID of a process to be Tim and ocean respectively?
linux users group
edited Sep 3 at 22:38
ctrl-alt-delor
9,06431948
asked Sep 3 at 21:47
Tim
22.9k66225407
edited Sep 3 at 22:38
ctrl-alt-delor
9,06431948
edited Sep 3 at 22:38
ctrl-alt-delor
9,06431948
edited Sep 3 at 22:38
ctrl-alt-delor
9,06431948
9,06431948
asked Sep 3 at 21:47
Tim
22.9k66225407
asked Sep 3 at 21:47
Tim
22.9k66225407
asked Sep 3 at 21:47
Tim
22.9k66225407
22.9k66225407
5
One important clarification here: a process running with superuser privileges has the ability of changing its own UID and GID, not those of another process.
– Filipe Brandenburger
Sep 3 at 22:28
Helpful - stackoverflow.com/questions/8499296/….
– slm♦
Sep 3 at 22:47
add a comment |Â
5
One important clarification here: a process running with superuser privileges has the ability of changing its own UID and GID, not those of another process.
– Filipe Brandenburger
Sep 3 at 22:28
Helpful - stackoverflow.com/questions/8499296/….
– slm♦
Sep 3 at 22:47
5
5
One important clarification here: a process running with superuser privileges has the ability of changing its own UID and GID, not those of another process.
– Filipe Brandenburger
Sep 3 at 22:28
One important clarification here: a process running with superuser privileges has the ability of changing its own UID and GID, not those of another process.
– Filipe Brandenburger
Sep 3 at 22:28
Helpful - stackoverflow.com/questions/8499296/….
– slm♦
Sep 3 at 22:47
Helpful - stackoverflow.com/questions/8499296/….
– slm♦
Sep 3 at 22:47
add a comment |Â
3 Answers
3
active
oldest
votes
up vote
13
down vote
Yes, a superuser process can change its real user ID and real group ID to any value it desires. The values in /etc/passwd and /etc/shadow are the configuration for what values should be set, but not a limitation of possible values.
Edit #1
It means programs like login will read the values from the files, so the files are configuration files or input files. They are not constraints on what a program can do. A superuser process can pass any value to the kernel, and the kernel will not check any files.
A program could call
setgid (54321);
setuid (12345);
and this would work, even if neither of the id's are mentioned in any file.
answered Sep 3 at 22:21
RalfFriedl
3,1801522
add a comment |Â
up vote
9
down vote
The password file and group file is not read, they are only read by the login process, to set real user id, and real group id.
There is nothing in the kernel mentioning these files. Login has to open the files, process them and set the two IDs. It could be written differently to get these IDs from somewhere else. E.g. from a networked database.
Any process with capability CAP_SETUID can set these IDs, root has this capability.
The security model in Unix, is part implemented in the kernel, and part implemented in process that run with elevated capabilities (e.g. as root).
Note that /etc/passwd and /etc/group are also read by ls, ps and any other program that needs to translate user/group names to/from user/group IDs. (They may do this through a library, than knows about alternative methods of storing these details.)
answered Sep 3 at 22:43
ctrl-alt-delor
9,06431948
1
They (/etc/passwd,/etc/groups) are also read by processes which want to show or process user names instead of the internal numeric IDs, e.g.psandls.
– Jonas Schäfer
Sep 4 at 8:10
add a comment |Â
up vote
3
down vote
Among other things, the purpose of /etc/passwd is to translate a user's name to a user's UID. If you don't care what bob's UID is, you don't need that file. If you just want to change to an arbitrary UID/GID, use the relevant syscalls:
int setuid(uid_t uid);
int setgid(gid_t gid);
Note that a privileged process with the CAP_SETUID and CAP_SETGID capabilities (which a root process generally has) can only change its own UID and GID, not that of another running process.
answered Sep 4 at 8:03
forest
4149
add a comment |Â
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
13
down vote
Yes, a superuser process can change its real user ID and real group ID to any value it desires. The values in /etc/passwd and /etc/shadow are the configuration for what values should be set, but not a limitation of possible values.
Edit #1
It means programs like login will read the values from the files, so the files are configuration files or input files. They are not constraints on what a program can do. A superuser process can pass any value to the kernel, and the kernel will not check any files.
A program could call
setgid (54321);
setuid (12345);
and this would work, even if neither of the id's are mentioned in any file.
answered Sep 3 at 22:21
RalfFriedl
3,1801522
add a comment |Â
up vote
13
down vote
Yes, a superuser process can change its real user ID and real group ID to any value it desires. The values in /etc/passwd and /etc/shadow are the configuration for what values should be set, but not a limitation of possible values.
Edit #1
It means programs like login will read the values from the files, so the files are configuration files or input files. They are not constraints on what a program can do. A superuser process can pass any value to the kernel, and the kernel will not check any files.
A program could call
setgid (54321);
setuid (12345);
and this would work, even if neither of the id's are mentioned in any file.
answered Sep 3 at 22:21
RalfFriedl
3,1801522
add a comment |Â
up vote
13
down vote
up vote
13
down vote
Yes, a superuser process can change its real user ID and real group ID to any value it desires. The values in /etc/passwd and /etc/shadow are the configuration for what values should be set, but not a limitation of possible values.
Edit #1
It means programs like login will read the values from the files, so the files are configuration files or input files. They are not constraints on what a program can do. A superuser process can pass any value to the kernel, and the kernel will not check any files.
A program could call
setgid (54321);
setuid (12345);
and this would work, even if neither of the id's are mentioned in any file.
answered Sep 3 at 22:21
RalfFriedl
3,1801522
Yes, a superuser process can change its real user ID and real group ID to any value it desires. The values in /etc/passwd and /etc/shadow are the configuration for what values should be set, but not a limitation of possible values.
Edit #1
It means programs like login will read the values from the files, so the files are configuration files or input files. They are not constraints on what a program can do. A superuser process can pass any value to the kernel, and the kernel will not check any files.
A program could call
setgid (54321);
setuid (12345);
and this would work, even if neither of the id's are mentioned in any file.
answered Sep 3 at 22:21
RalfFriedl
3,1801522
edited Sep 3 at 22:53
answered Sep 3 at 22:21
RalfFriedl
3,1801522
answered Sep 3 at 22:21
RalfFriedl
3,1801522
answered Sep 3 at 22:21
RalfFriedl
3,1801522
3,1801522
add a comment |Â
add a comment |Â
up vote
9
down vote
The password file and group file is not read, they are only read by the login process, to set real user id, and real group id.
There is nothing in the kernel mentioning these files. Login has to open the files, process them and set the two IDs. It could be written differently to get these IDs from somewhere else. E.g. from a networked database.
Any process with capability CAP_SETUID can set these IDs, root has this capability.
The security model in Unix, is part implemented in the kernel, and part implemented in process that run with elevated capabilities (e.g. as root).
Note that /etc/passwd and /etc/group are also read by ls, ps and any other program that needs to translate user/group names to/from user/group IDs. (They may do this through a library, than knows about alternative methods of storing these details.)
answered Sep 3 at 22:43
ctrl-alt-delor
9,06431948
1
They (/etc/passwd,/etc/groups) are also read by processes which want to show or process user names instead of the internal numeric IDs, e.g.psandls.
– Jonas Schäfer
Sep 4 at 8:10
add a comment |Â
up vote
9
down vote
The password file and group file is not read, they are only read by the login process, to set real user id, and real group id.
There is nothing in the kernel mentioning these files. Login has to open the files, process them and set the two IDs. It could be written differently to get these IDs from somewhere else. E.g. from a networked database.
Any process with capability CAP_SETUID can set these IDs, root has this capability.
The security model in Unix, is part implemented in the kernel, and part implemented in process that run with elevated capabilities (e.g. as root).
Note that /etc/passwd and /etc/group are also read by ls, ps and any other program that needs to translate user/group names to/from user/group IDs. (They may do this through a library, than knows about alternative methods of storing these details.)
answered Sep 3 at 22:43
ctrl-alt-delor
9,06431948
1
They (/etc/passwd,/etc/groups) are also read by processes which want to show or process user names instead of the internal numeric IDs, e.g.psandls.
– Jonas Schäfer
Sep 4 at 8:10
add a comment |Â
up vote
9
down vote
up vote
9
down vote
The password file and group file is not read, they are only read by the login process, to set real user id, and real group id.
There is nothing in the kernel mentioning these files. Login has to open the files, process them and set the two IDs. It could be written differently to get these IDs from somewhere else. E.g. from a networked database.
Any process with capability CAP_SETUID can set these IDs, root has this capability.
The security model in Unix, is part implemented in the kernel, and part implemented in process that run with elevated capabilities (e.g. as root).
Note that /etc/passwd and /etc/group are also read by ls, ps and any other program that needs to translate user/group names to/from user/group IDs. (They may do this through a library, than knows about alternative methods of storing these details.)
answered Sep 3 at 22:43
ctrl-alt-delor
9,06431948
The password file and group file is not read, they are only read by the login process, to set real user id, and real group id.
There is nothing in the kernel mentioning these files. Login has to open the files, process them and set the two IDs. It could be written differently to get these IDs from somewhere else. E.g. from a networked database.
Any process with capability CAP_SETUID can set these IDs, root has this capability.
The security model in Unix, is part implemented in the kernel, and part implemented in process that run with elevated capabilities (e.g. as root).
Note that /etc/passwd and /etc/group are also read by ls, ps and any other program that needs to translate user/group names to/from user/group IDs. (They may do this through a library, than knows about alternative methods of storing these details.)
answered Sep 3 at 22:43
ctrl-alt-delor
9,06431948
edited Sep 4 at 8:14
answered Sep 3 at 22:43
ctrl-alt-delor
9,06431948
answered Sep 3 at 22:43
ctrl-alt-delor
9,06431948
answered Sep 3 at 22:43
ctrl-alt-delor
9,06431948
9,06431948
1
They (/etc/passwd,/etc/groups) are also read by processes which want to show or process user names instead of the internal numeric IDs, e.g.psandls.
– Jonas Schäfer
Sep 4 at 8:10
add a comment |Â
1
They (/etc/passwd,/etc/groups) are also read by processes which want to show or process user names instead of the internal numeric IDs, e.g.psandls.
– Jonas Schäfer
Sep 4 at 8:10
1
1
They (
/etc/passwd, /etc/groups) are also read by processes which want to show or process user names instead of the internal numeric IDs, e.g. ps and ls.– Jonas Schäfer
Sep 4 at 8:10
They (
/etc/passwd, /etc/groups) are also read by processes which want to show or process user names instead of the internal numeric IDs, e.g. ps and ls.– Jonas Schäfer
Sep 4 at 8:10
add a comment |Â
up vote
3
down vote
Among other things, the purpose of /etc/passwd is to translate a user's name to a user's UID. If you don't care what bob's UID is, you don't need that file. If you just want to change to an arbitrary UID/GID, use the relevant syscalls:
int setuid(uid_t uid);
int setgid(gid_t gid);
Note that a privileged process with the CAP_SETUID and CAP_SETGID capabilities (which a root process generally has) can only change its own UID and GID, not that of another running process.
answered Sep 4 at 8:03
forest
4149
add a comment |Â
up vote
3
down vote
Among other things, the purpose of /etc/passwd is to translate a user's name to a user's UID. If you don't care what bob's UID is, you don't need that file. If you just want to change to an arbitrary UID/GID, use the relevant syscalls:
int setuid(uid_t uid);
int setgid(gid_t gid);
Note that a privileged process with the CAP_SETUID and CAP_SETGID capabilities (which a root process generally has) can only change its own UID and GID, not that of another running process.
answered Sep 4 at 8:03
forest
4149
add a comment |Â
up vote
3
down vote
up vote
3
down vote
Among other things, the purpose of /etc/passwd is to translate a user's name to a user's UID. If you don't care what bob's UID is, you don't need that file. If you just want to change to an arbitrary UID/GID, use the relevant syscalls:
int setuid(uid_t uid);
int setgid(gid_t gid);
Note that a privileged process with the CAP_SETUID and CAP_SETGID capabilities (which a root process generally has) can only change its own UID and GID, not that of another running process.
answered Sep 4 at 8:03
forest
4149
Among other things, the purpose of /etc/passwd is to translate a user's name to a user's UID. If you don't care what bob's UID is, you don't need that file. If you just want to change to an arbitrary UID/GID, use the relevant syscalls:
int setuid(uid_t uid);
int setgid(gid_t gid);
Note that a privileged process with the CAP_SETUID and CAP_SETGID capabilities (which a root process generally has) can only change its own UID and GID, not that of another running process.
answered Sep 4 at 8:03
forest
4149
answered Sep 4 at 8:03
forest
4149
answered Sep 4 at 8:03
forest
4149
answered Sep 4 at 8:03
forest
4149
4149
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f466653%2fcan-a-superuser-process-change-the-real-user-id-and-group-id-of-a-process-not-m%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
5
One important clarification here: a process running with superuser privileges has the ability of changing its own UID and GID, not those of another process.
– Filipe Brandenburger
Sep 3 at 22:28
Helpful - stackoverflow.com/questions/8499296/….
– slm♦
Sep 3 at 22:47