Where does Linux keep 'ruid' and 'euid'?

Question

I wonder where Linux kernel keeps 'ruid' and 'euid'.

Below is what I know about them.

When an user runs a file and the file turns to a process, the process gets to have ruid and euid.

If the file had been set to use setuid, euid of the process would change to user id of the owner of that file, and if not, euid would not change and be the same as ruid.

Then, Linux kernel allows the process to run another process or use other resources in the system according to ruid and euid.

So, I think that means kernel has to keep ruid and euid of each process somewhere in RAM.

I thought the 'somewhere' is in PCB, but PCB block does not have fields for ruid and euid.

I tried to find them in the process file of '/proc' directory, but failed.

Where does Linux keep ruid and euid of running processes?

Answer 1

Here is an explanation of how it works in new kernels:

• From user-space point of view, real and effective user ID can be changed using setreuid() syscall. See man 2 setreuid for usage details

• Kernel is using struct cred for storing UID and EUID

• Each process has its own struct cred; take a look at .cred field in struct task_struct

• RUID is stored in .uid field of struct cred; see setreuid() syscall code:

    struct cred *new;
    kuid_t kruid, keuid;
    ...
    kruid = make_kuid(ns, ruid);
    keuid = make_kuid(ns, euid);
    ...
    new->uid = kruid;
    new->euid = keuid;
    ...
    return commit_creds(new);
  

• commit_creds() function is actually sets RUID and EUID to current process

See also this answer to get a clue about older kernels: How to get current process's UID and EUID in Linux Kernel 4.2?