What's the purpose of each of the different UIDs a process can have?

Question

Real UID, effective UID, and some systems even have a "saved UID". What's the purpose of all these, especially the last one?

Answer 1

The accepted answer is not correct regarding that real UD's can not be changed by anyone except root. From the man page for setuid: (I could not make a comment)

The setuid() function sets the real and effective user IDs and the saved set-user-ID of the current process to the specified value. The setuid() function is permitted if the effective user ID is that of the super user, or if the specified user ID is the same as the effective user ID. If not, but the specified user ID is the same as the real user ID, setuid() will set the effective user ID to the real user ID.

Answer 2

Each Linux process has 3 UIDs associated to it.

• Real UID: The UID of the process that created THIS process.
• Effective UID: This is used to evaluate privileges of the process to perform a particular action.
• Saved UID: For the binary image file with a setuid bit on it.

Answer 3

Each UNIX process has 3 UIDs associated to it. Superuser privilege is UID=0.

Real UID

This is the UID of the user/process that created THIS process. It can be changed only if the running process has EUID=0.

Effective UID

This UID is used to evaluate privileges of the process to perform a particular action. EUID can be changed either to RUID, or SUID if EUID!=0. If EUID=0, it can be changed to anything.

Saved UID

If you run an executable with the set-UID bit set, then the resulting running process will start off with a real UID of the real user running it, and an effective and saved UID of the owner of the executable file. If the process then calls setuid() or seteuid() to change their effective UID, they can still get back their original privileges again thanks to the saved UID. If the set-UID bit is not set, SUID will be the RUID.

Answer 4

In addition to the real, effective, and saved UIDs, Unix systems with auditing enabled also have the audit UID. A process's AUID identifies the user who started the process; it is not changed by setuid(2) or seteuid(2). The intent is that it remains constant through the process and is used only to tag audit records. Thus, if a user executes a privileged shell (even an authorized user via su or sudo), the audit records of that process are tagged from that user.

Answer 5

The real uid is the id of the user that launched a process.

The effective uid typically is the same as the real uid. It is different only if:

• the executable had the set-uid bit set, and the executable owner is different than the user calling it

• or if a set-uid process calls setuid(2). If the process has superuser privileges, any argument to setuid(2) is allowed (but then all *-uids get set to the same value); otherwise, setuid(2) can be called with the real-uid or the effective-uid or the saved-uid.

The saved-uid is the effective-uid the process had when it started, and it's saved in order to be allowed as an argument to the various set*uid system calls.

Note that a process with superuser privilege calling setuid(2) to change its effective uid will also have the real uid and saved uid changed to the same value, so the non-POSIX seteuid(2) should be used instead.

All of the above apply to (real|effective|saved) group ids too.