The ability to change the persona of a process can be a source of
unintentional privacy violations, or even intentional abuse. Because of
the potential for problems, changing persona is restricted to special
circumstances.
You can't arbitrarily set your user ID or group ID to anything you want;
only privileged processes can do that. Instead, the normal way for a
program to change its persona is that it has been set up in advance to
change to a particular user or group. This is the function of the setuid
and setgid bits of a file's access mode. See Permission Bits.
When the setuid bit of an executable file is on, executing that file
gives the process a third user ID: the file user ID. This ID is
set to the owner ID of the file. The system then changes the effective
user ID to the file user ID. The real user ID remains as it was.
Likewise, if the setgid bit is on, the process is given a file
group ID equal to the group ID of the file, and its effective group ID
is changed to the file group ID.
If a process has a file ID (user or group), then it can at any time
change its effective ID to its real ID and back to its file ID.
Programs use this feature to relinquish their special privileges except
when they actually need them. This makes it less likely that they can
be tricked into doing something inappropriate with their privileges.
Portability Note: Older systems do not have file IDs.
To determine if a system has this feature, you can test the compiler
define _POSIX_SAVED_IDS. (In the POSIX standard, file IDs are
known as saved IDs.)
See File Attributes, for a more general discussion of file modes and
accessibility.
Published under the terms of the GNU General Public License