Understanding Linux Process Permissions: Real, Effective, and Saved UID Explained

Basic Concepts

User In a multitasking Linux system, a user is the credential that obtains resources.

Permission Permissions control access to resources, typically involving authentication then authorization.

Process A process is an instance of a program execution; it acts as the agent that carries the user's identity when accessing resources.

Process Permission A process must carry the initiating user's identity to perform legitimate operations.

Observing User Identity in the Login Process

After system start, init forks getty, which runs /sbin/getty waiting for login. Upon login, /bin/login validates credentials, then execs the user's default shell (e.g., bash). The shell process inherits the effective user ID of the logged‑in user, and any child processes inherit this ID.

The diagram shows interaction among init, getty, login, and shell processes. In short, after login the shell's effective user is the logged‑in user.

Real UID, Effective UID, and Saved Set UID

Using cat /proc/<PID>/status you can view a process's UID information. The first line contains real UID, effective UID, saved set UID, and filesystem UID.

Real UID The UID of the user who started the process; inherited from the parent.

Effective UID The UID used for permission checks. For example, the passwd binary has the set‑uid bit set so that when executed its effective UID becomes root, allowing it to modify passwords.

Saved Set UID A buffer that stores the previous effective UID; non‑root users can switch their effective UID to the saved UID using setuid(), but cannot set it to an arbitrary UID.

Overall, Linux decides resource access based on a process's effective UID (and GID).

Executing External Commands in the Shell

Shell commands are either built‑in or external executables. The external command execution flow:

Shell calls fork() to create a child process.

The child searches PATH for the command binary.

The child replaces its image with the binary via an exec family call.

After the child exits, the original shell continues reading commands.

Example: cat test.log reads a file. The effective UID of the cat process is the invoking user’s UID, which matches the file owner, allowing read access.

Changing the cat binary's mode to set‑uid (4755) makes its effective UID root, enabling it to read files restricted to root.

Executing Shell Scripts

Running a script (e.g., /bin/bash ./test.sh) also involves fork(). The script’s interpreter (bash) is exec’d in the child process, inheriting the parent’s environment and user IDs.

Summary

File permission bits are static, while processes carry dynamic user identity information that determines actual access rights. Understanding real, effective, and saved UID explains how Linux enforces its permission model.