LINUX TIPS AND TRICKS --- June 15, 2001

Published by ITworld.com -- changing the way you view IT
http://www.itworld.com/newsletters
________________________________________________________________

uids and gids
By Danny Kalev


This week, I will introduce two fundamental concept of the 
Linux process model: user ids (uid) and group ids (gid). Then, 
I will exemplify how to use the relevant library functions for 
setting and retrieving these attributes.

A process is associated with a user id (uid) and a group id 
(gid). Uids and gids are integers that the system maps to the 
corresponding user names and group name listed in the 
/etc/passwd and /etc/group directories, respectively. The uid 
0 is reserved for the system administrator, or root. Security 
checks are disabled for processes with this uid. Generally, a 
process has one uid and one gid associated with it. However, in 
large projects where users of different groups access the same 
files, this restriction can be limiting. The solution is to 
assign supplemental groups to a process. Thus, a process may 
still have a primary gid plus a set of supplemental groups. 
Consequently, security checks that ensure that a process 
belongs to a specific group will check whether it belongs to 
one of the supplemental groups. The constant NGROUPS_MAX 
defined in <sys/param.h> holds the maximum number of 
supplemental groups to which a process may belong.

Setting and Retrieving Supplemental Groups from a Program
The setgroups() syscall  allows a process with root permissions 
to assign supplemental groups to itself. Here's its prototype:

    int setgroups(size_t n, const gid_t *glist);

The argument n specifies the number of supplemental groups, or 
elements, in the array glist. The argument glist points to the 
beginning of an array of gids that will serve as a list of 
supplemental groups for the current process.

To obtain the list of all supplemental groups to which a process 
belongs, use the getgroups() syscall. It has the 
following prototype:

    int getgroups(size_t n, gid_t * glist);

The argument n specifies the maximum number of gids that the 
array glist may contain. The function returns -1 in case of an 
error, or the number of supplemental groups. As a special case, 
you can obtain the number of supplemental groups without 
copying them into an array by passing 0 as the first argument. 
In that case, the value returned from getgroups() is the number 
of supplemental groups of the process.


About the author(s)
-------------------
Danny Kalev is a system analyst and software engineer with 
more than 10 years of experience, specializing in C++ and 
object-oriented analysis and design on various platforms 
including VMS, DOS, Windows, Unix, and Linux. His technical 
interests involve code optimization, networking, and 
distributed computing. He is also a member of the ANSI C++ 
standardization committee and the author of ANSI/ISO C++ 
Professional Programmer's Handbook (Que, 1999). Contact him at 
linuxnl@excite.com.
________________________________________________________________

ADDITIONAL RESOURCES

The Linux Process Model
The Linux approach helps performance
http://www.byte.com/column/BYT19991122S0002

Process Model Design
http://www.arctic.org/~dean/apache/2.0/process-model.html

The Unix Process Model
http://www.cs.adfa.oz.au/teaching/studinfo/sa3/Lectures/
unix_process_model.html
________________________________________________________________

CUSTOMER SERVICE

SUBSCRIBE/UNSUBSCRIBE:
- Go to: http://itw.itworld.com/GoNow/a14724a36396a76537031a0
- Enter your email address under "Current subscriber" to log in
- Uncheck the box next to the newsletter you want to
  unsubscribe from
- Or check the box next to the newsletter you want to
  subscribe to
- Submit

If you have questions, please send email to customer 
service at: mailto:support@itworld.com
________________________________________________________________

CONTACTS

* For editorial comments, write Andrew Santosusso, Associate
  Editor, Newsletters at: andrew_santosusso@itworld.com

* For advertising information, write Dan Chupka, Account
  Executive at: dan_chupka@itworld.com

* For recruitment advertising information, write Jamie Swartz,
  Eastern Regional Sales Manager at: jamie_swartz@itworld.com
  or Paul Duthie, Western Regional Sales Manager at:
  paul_duthie@itworld.com

* For all other inquiries, write Jodie Naze, Product Manager, 
  Newsletters at: jodie_naze@itworld.com
________________________________________________________________

PRIVACY POLICY
http://www.itworld.com/Privacy/

Copyright 2001 ITworld.com, Inc., All Rights Reserved.
http://www.itworld.com
