mirror of https://github.com/mkerrisk/man-pages
399 lines
12 KiB
Groff
399 lines
12 KiB
Groff
.\" Copyright (c) 2007 by Michael Kerrisk <mtk.manpages@gmail.com>
|
|
.\"
|
|
.\" %%%LICENSE_START(VERBATIM)
|
|
.\" Permission is granted to make and distribute verbatim copies of this
|
|
.\" manual provided the copyright notice and this permission notice are
|
|
.\" preserved on all copies.
|
|
.\"
|
|
.\" Permission is granted to copy and distribute modified versions of this
|
|
.\" manual under the conditions for verbatim copying, provided that the
|
|
.\" entire resulting derived work is distributed under the terms of a
|
|
.\" permission notice identical to this one.
|
|
.\"
|
|
.\" Since the Linux kernel and libraries are constantly changing, this
|
|
.\" manual page may be incorrect or out-of-date. The author(s) assume no
|
|
.\" responsibility for errors or omissions, or for damages resulting from
|
|
.\" the use of the information contained herein. The author(s) may not
|
|
.\" have taken the same level of care in the production of this manual,
|
|
.\" which is licensed free of charge, as they might when working
|
|
.\" professionally.
|
|
.\"
|
|
.\" Formatted or processed versions of this manual, if unaccompanied by
|
|
.\" the source, must acknowledge the copyright and authors of this work.
|
|
.\" %%%LICENSE_END
|
|
.\"
|
|
.\" 2007-06-13 Creation
|
|
.\"
|
|
.TH CREDENTIALS 7 2019-08-02 "Linux" "Linux Programmer's Manual"
|
|
.SH NAME
|
|
credentials \- process identifiers
|
|
.SH DESCRIPTION
|
|
.SS Process ID (PID)
|
|
Each process has a unique nonnegative integer identifier
|
|
that is assigned when the process is created using
|
|
.BR fork (2).
|
|
A process can obtain its PID using
|
|
.BR getpid (2).
|
|
A PID is represented using the type
|
|
.I pid_t
|
|
(defined in
|
|
.IR <sys/types.h> ).
|
|
.PP
|
|
PIDs are used in a range of system calls to identify the process
|
|
affected by the call, for example:
|
|
.BR kill (2),
|
|
.BR ptrace (2),
|
|
.BR setpriority (2)
|
|
.\" .BR sched_rr_get_interval (2),
|
|
.\" .BR sched_getaffinity (2),
|
|
.\" .BR sched_setaffinity (2),
|
|
.\" .BR sched_getparam (2),
|
|
.\" .BR sched_setparam (2),
|
|
.\" .BR sched_setscheduler (2),
|
|
.\" .BR sched_getscheduler (2),
|
|
.BR setpgid (2),
|
|
.\" .BR getsid (2),
|
|
.BR setsid (2),
|
|
.BR sigqueue (3),
|
|
and
|
|
.BR waitpid (2).
|
|
.\" .BR waitid (2),
|
|
.\" .BR wait4 (2),
|
|
.PP
|
|
A process's PID is preserved across an
|
|
.BR execve (2).
|
|
.SS Parent process ID (PPID)
|
|
A process's parent process ID identifies the process that created
|
|
this process using
|
|
.BR fork (2).
|
|
A process can obtain its PPID using
|
|
.BR getppid (2).
|
|
A PPID is represented using the type
|
|
.IR pid_t .
|
|
.PP
|
|
A process's PPID is preserved across an
|
|
.BR execve (2).
|
|
.SS Process group ID and session ID
|
|
Each process has a session ID and a process group ID,
|
|
both represented using the type
|
|
.IR pid_t .
|
|
A process can obtain its session ID using
|
|
.BR getsid (2),
|
|
and its process group ID using
|
|
.BR getpgrp (2).
|
|
.PP
|
|
A child created by
|
|
.BR fork (2)
|
|
inherits its parent's session ID and process group ID.
|
|
A process's session ID and process group ID are preserved across an
|
|
.BR execve (2).
|
|
.PP
|
|
Sessions and process groups are abstractions devised to support shell
|
|
job control.
|
|
A process group (sometimes called a "job") is a collection of
|
|
processes that share the same process group ID;
|
|
the shell creates a new process group for the process(es) used
|
|
to execute single command or pipeline (e.g., the two processes
|
|
created to execute the command "ls\ |\ wc" are placed in the
|
|
same process group).
|
|
A process's group membership can be set using
|
|
.BR setpgid (2).
|
|
The process whose process ID is the same as its process group ID is the
|
|
\fIprocess group leader\fP for that group.
|
|
.PP
|
|
A session is a collection of processes that share the same session ID.
|
|
All of the members of a process group also have the same session ID
|
|
(i.e., all of the members of a process group always belong to the
|
|
same session, so that sessions and process groups form a strict
|
|
two-level hierarchy of processes.)
|
|
A new session is created when a process calls
|
|
.BR setsid (2),
|
|
which creates a new session whose session ID is the same
|
|
as the PID of the process that called
|
|
.BR setsid (2).
|
|
The creator of the session is called the \fIsession leader\fP.
|
|
.PP
|
|
All of the processes in a session share a
|
|
.IR "controlling terminal" .
|
|
The controlling terminal is established when the session leader
|
|
first opens a terminal (unless the
|
|
.BR O_NOCTTY
|
|
flag is specified when calling
|
|
.BR open (2)).
|
|
A terminal may be the controlling terminal of at most one session.
|
|
.PP
|
|
At most one of the jobs in a session may be the
|
|
.IR "foreground job" ;
|
|
other jobs in the session are
|
|
.IR "background jobs" .
|
|
Only the foreground job may read from the terminal;
|
|
when a process in the background attempts to read from the terminal,
|
|
its process group is sent a
|
|
.BR SIGTTIN
|
|
signal, which suspends the job.
|
|
If the
|
|
.BR TOSTOP
|
|
flag has been set for the terminal (see
|
|
.BR termios (3)),
|
|
then only the foreground job may write to the terminal;
|
|
writes from background job cause a
|
|
.BR SIGTTOU
|
|
signal to be generated, which suspends the job.
|
|
When terminal keys that generate a signal (such as the
|
|
.I interrupt
|
|
key, normally control-C)
|
|
are pressed, the signal is sent to the processes in the foreground job.
|
|
.PP
|
|
Various system calls and library functions
|
|
may operate on all members of a process group,
|
|
including
|
|
.BR kill (2),
|
|
.BR killpg (3),
|
|
.BR getpriority (2),
|
|
.BR setpriority (2),
|
|
.BR ioprio_get (2),
|
|
.BR ioprio_set (2),
|
|
.BR waitid (2),
|
|
and
|
|
.BR waitpid (2).
|
|
See also the discussion of the
|
|
.BR F_GETOWN ,
|
|
.BR F_GETOWN_EX ,
|
|
.BR F_SETOWN ,
|
|
and
|
|
.BR F_SETOWN_EX
|
|
operations in
|
|
.BR fcntl (2).
|
|
.SS User and group identifiers
|
|
Each process has various associated user and group IDs.
|
|
These IDs are integers, respectively represented using the types
|
|
.I uid_t
|
|
and
|
|
.I gid_t
|
|
(defined in
|
|
.IR <sys/types.h> ).
|
|
.PP
|
|
On Linux, each process has the following user and group identifiers:
|
|
.IP * 3
|
|
Real user ID and real group ID.
|
|
These IDs determine who owns the process.
|
|
A process can obtain its real user (group) ID using
|
|
.BR getuid (2)
|
|
.RB ( getgid (2)).
|
|
.IP *
|
|
Effective user ID and effective group ID.
|
|
These IDs are used by the kernel to determine the permissions
|
|
that the process will have when accessing shared resources such
|
|
as message queues, shared memory, and semaphores.
|
|
On most UNIX systems, these IDs also determine the
|
|
permissions when accessing files.
|
|
However, Linux uses the filesystem IDs described below
|
|
for this task.
|
|
A process can obtain its effective user (group) ID using
|
|
.BR geteuid (2)
|
|
.RB ( getegid (2)).
|
|
.IP *
|
|
Saved set-user-ID and saved set-group-ID.
|
|
These IDs are used in set-user-ID and set-group-ID programs to save
|
|
a copy of the corresponding effective IDs that were set when
|
|
the program was executed (see
|
|
.BR execve (2)).
|
|
A set-user-ID program can assume and drop privileges by
|
|
switching its effective user ID back and forth between the values
|
|
in its real user ID and saved set-user-ID.
|
|
This switching is done via calls to
|
|
.BR seteuid (2),
|
|
.BR setreuid (2),
|
|
or
|
|
.BR setresuid (2).
|
|
A set-group-ID program performs the analogous tasks using
|
|
.BR setegid (2),
|
|
.BR setregid (2),
|
|
or
|
|
.BR setresgid (2).
|
|
A process can obtain its saved set-user-ID (set-group-ID) using
|
|
.BR getresuid (2)
|
|
.RB ( getresgid (2)).
|
|
.IP *
|
|
Filesystem user ID and filesystem group ID (Linux-specific).
|
|
These IDs, in conjunction with the supplementary group IDs described
|
|
below, are used to determine permissions for accessing files; see
|
|
.BR path_resolution (7)
|
|
for details.
|
|
Whenever a process's effective user (group) ID is changed,
|
|
the kernel also automatically changes the filesystem user (group) ID
|
|
to the same value.
|
|
Consequently, the filesystem IDs normally have the same values
|
|
as the corresponding effective ID, and the semantics for file-permission
|
|
checks are thus the same on Linux as on other UNIX systems.
|
|
The filesystem IDs can be made to differ from the effective IDs
|
|
by calling
|
|
.BR setfsuid (2)
|
|
and
|
|
.BR setfsgid (2).
|
|
.IP *
|
|
Supplementary group IDs.
|
|
This is a set of additional group IDs that are used for permission
|
|
checks when accessing files and other shared resources.
|
|
On Linux kernels before 2.6.4,
|
|
a process can be a member of up to 32 supplementary groups;
|
|
since kernel 2.6.4,
|
|
a process can be a member of up to 65536 supplementary groups.
|
|
The call
|
|
.I sysconf(_SC_NGROUPS_MAX)
|
|
can be used to determine the number of supplementary groups
|
|
of which a process may be a member.
|
|
.\" Since kernel 2.6.4, the limit is visible via the read-only file
|
|
.\" /proc/sys/kernel/ngroups_max.
|
|
.\" As at 2.6.22-rc2, this file is still read-only.
|
|
A process can obtain its set of supplementary group IDs using
|
|
.BR getgroups (2).
|
|
.PP
|
|
A child process created by
|
|
.BR fork (2)
|
|
inherits copies of its parent's user and groups IDs.
|
|
During an
|
|
.BR execve (2),
|
|
a process's real user and group ID and supplementary
|
|
group IDs are preserved;
|
|
the effective and saved set IDs may be changed, as described in
|
|
.BR execve (2).
|
|
.PP
|
|
Aside from the purposes noted above,
|
|
a process's user IDs are also employed in a number of other contexts:
|
|
.IP * 3
|
|
when determining the permissions for sending signals (see
|
|
.BR kill (2));
|
|
.IP *
|
|
when determining the permissions for setting
|
|
process-scheduling parameters (nice value, real time
|
|
scheduling policy and priority, CPU affinity, I/O priority) using
|
|
.BR setpriority (2),
|
|
.BR sched_setaffinity (2),
|
|
.BR sched_setscheduler (2),
|
|
.BR sched_setparam (2),
|
|
.BR sched_setattr (2),
|
|
and
|
|
.BR ioprio_set (2);
|
|
.IP *
|
|
when checking resource limits (see
|
|
.BR getrlimit (2));
|
|
.IP *
|
|
when checking the limit on the number of inotify instances
|
|
that the process may create (see
|
|
.BR inotify (7)).
|
|
.\"
|
|
.SS Modifying process user and group IDs
|
|
.PP
|
|
Subject to rules described in the relevant manual pages,
|
|
a process can use the following APIs to modify its user and group IDs:
|
|
.TP
|
|
.BR setuid "(2) (" setgid (2))
|
|
Modify the process's real (and possibly effective and saved-set)
|
|
user (group) IDs.
|
|
.TP
|
|
.BR seteuid "(2) (" setegid (2))
|
|
Modify the process's effective user (group) ID.
|
|
.TP
|
|
.BR setfsuid "(2) (" setfsgid (2))
|
|
Modify the process's filesystem user (group) ID.
|
|
.TP
|
|
.BR setreuid "(2) (" setregid (2))
|
|
Modify the process's real and effective (and possibly saved-set)
|
|
user (group) IDs.
|
|
.TP
|
|
.BR setresuid "(2) (" setresgid (2))
|
|
Modify the process's real, effective, and saved-set user (group) IDs.
|
|
.TP
|
|
.BR setgroups (2)
|
|
Modify the process's supplementary group list.
|
|
.PP
|
|
Any changes to a process's effective user (group) ID
|
|
are automatically carried over to the process's
|
|
filesystem user (group) ID.
|
|
Changes to a process's effective user or group ID can also affect the
|
|
process "dumpable" attribute, as described in
|
|
.BR prctl (2).
|
|
.PP
|
|
Changes to process user and group IDs can affect the capabilities
|
|
of the process, as described in
|
|
.BR capabilities (7).
|
|
.SH CONFORMING TO
|
|
Process IDs, parent process IDs, process group IDs, and session IDs
|
|
are specified in POSIX.1.
|
|
The real, effective, and saved set user and groups IDs,
|
|
and the supplementary group IDs, are specified in POSIX.1.
|
|
The filesystem user and group IDs are a Linux extension.
|
|
.SH NOTES
|
|
Various fields in the
|
|
.IR /proc/[pid]/status
|
|
file show the process credentials described above.
|
|
See
|
|
.BR proc (5)
|
|
for further information.
|
|
.PP
|
|
The POSIX threads specification requires that
|
|
credentials are shared by all of the threads in a process.
|
|
However, at the kernel level, Linux maintains separate user and group
|
|
credentials for each thread.
|
|
The NPTL threading implementation does some work to ensure
|
|
that any change to user or group credentials
|
|
(e.g., calls to
|
|
.BR setuid (2),
|
|
.BR setresuid (2))
|
|
is carried through to all of the POSIX threads in a process.
|
|
See
|
|
.BR nptl (7)
|
|
for further details.
|
|
.SH SEE ALSO
|
|
.BR bash (1),
|
|
.BR csh (1),
|
|
.BR groups (1),
|
|
.BR id (1),
|
|
.BR newgrp (1),
|
|
.BR ps (1),
|
|
.BR runuser (1),
|
|
.BR setpriv (1),
|
|
.BR sg (1),
|
|
.BR su (1),
|
|
.BR access (2),
|
|
.BR execve (2),
|
|
.BR faccessat (2),
|
|
.BR fork (2),
|
|
.BR getgroups (2),
|
|
.BR getpgrp (2),
|
|
.BR getpid (2),
|
|
.BR getppid (2),
|
|
.BR getsid (2),
|
|
.BR kill (2),
|
|
.BR setegid (2),
|
|
.BR seteuid (2),
|
|
.BR setfsgid (2),
|
|
.BR setfsuid (2),
|
|
.BR setgid (2),
|
|
.BR setgroups (2),
|
|
.BR setpgid (2),
|
|
.BR setresgid (2),
|
|
.BR setresuid (2),
|
|
.BR setsid (2),
|
|
.BR setuid (2),
|
|
.BR waitpid (2),
|
|
.BR euidaccess (3),
|
|
.BR initgroups (3),
|
|
.BR killpg (3),
|
|
.BR tcgetpgrp (3),
|
|
.BR tcgetsid (3),
|
|
.BR tcsetpgrp (3),
|
|
.BR group (5),
|
|
.BR passwd (5),
|
|
.BR shadow (5),
|
|
.BR capabilities (7),
|
|
.BR namespaces (7),
|
|
.BR path_resolution (7),
|
|
.BR pid_namespaces (7),
|
|
.BR pthreads (7),
|
|
.BR signal (7),
|
|
.BR unix (7),
|
|
.BR user_namespaces (7),
|
|
.BR sudo (8)
|