uids and gids

This week, I will introduce two fundamental concept of the Linux

process model: user ids (uid) and group ids (gid). Then, I will

exemplify how to use the relevant library functions for setting and

retrieving these attributes.

A process is associated with a user id (uid) and a group id (gid). Uids

and gids are integers that the system maps to the corresponding user

names and group name listed in the /etc/passwd and /etc/group

directories, respectively. The uid 0 is reserved for the system

administrator, or root. Security checks are disabled for processes with

this uid. Generally, a process has one uid and one gid associated with

it. However, in large projects where users of different groups access

the same files, this restriction can be limiting. The solution is to

assign supplemental groups to a process. Thus, a process may still have

a primary gid plus a set of supplemental groups. Consequently, security

checks that ensure that a process belongs to a specific group will

check whether it belongs to one of the supplemental groups. The

constant NGROUPS_MAX defined in

holds the maximum number of supplemental groups to which a process may belong. Setting and Retrieving Supplemental Groups from a Program The setgroups() syscall allows a process with root permissions to assign supplemental groups to itself. Here's its prototype: int setgroups(size_t n, const gid_t *glist); The argument n specifies the number of supplemental groups, or elements, in the array glist. The argument glist points to the beginning of an array of gids that will serve as a list of supplemental groups for the current process. To obtain the list of all supplemental groups to which a process belongs, use the getgroups() syscall. It has the following prototype: int getgroups(size_t n, gid_t * glist); The argument n specifies the maximum number of gids that the array glist may contain. The function returns -1 in case of an error, or the number of supplemental groups. As a special case, you can obtain the number of supplemental groups without copying them into an array by passing 0 as the first argument. In that case, the value returned from getgroups() is the number of supplemental groups of the process.
What’s wrong? The new clean desk test
View Comments
You Might Like
Join the discussion
Be the first to comment on this article. Our Commenting Policies