Every process that runs under Linux has a unique process ID number (PID) by which it is known to the system. Each process from process 1 (init) onwards has a parent process whose process ID it can also access.

Every process also belongs to a process group, with a process group ID which is just the process ID of the process group leader.

When it comes to sorting out what permissions a process has to access various files, the process uses another set of four IDs. These are known as the real user and group IDs and the effective user and group IDs. The real IDs of a process are just the UID and GID of the user for whom the process runs. The effective IDs are nomally the same as the real IDs except for the case when a program has its setuid or setgid bits set. If one or both of these bits is set, then the corresponding effective user or group ID will be set to the file owner ID or the file group ID associated with the program file from which the process is running.

That sounds complicated, so an example is in order. Suppose a user with a UID of 200 and a GID of 20 were to run the program /usr/bin/passwd. This program has a file owner ID of 0 (root), a file group ID of 1 (bin) and it also has its setuid bit set.

When the passwd program is run, the associated process will have a real user ID of 200, a real group ID of 20, an effective user ID of 0 because the setuid bit is set and an effective group ID of 20.

The real IDs are used to sort out the identity of the user for whom the process is running. The effective IDs are used to sort out the privileges and permissions that processes have when accessing a file, according to the following algorithm (which starts at rule 1):

Rule 1

If the effective user ID of the process is 0 (root) then permission is granted automatically for most things. If not, goto rule 2

Rule 2

If the effective user ID of the process is the same as the user ID of the file then access is granted to the file according to the owner permission bits on the file. If not, goto rule 3.

Rule 3

If the effective group ID of the process is the same as the group ID of the file, then access is granted to the file according to the group permission bits on the file. If not, goto rule 4.

Rule 4

Access is granted to the file according to the world permission bits on the file.

All of the various IDs associated with a process can be accessed via a set of 'get ID' system calls:

	nid_t getuid(void)	            /* get real user ID	*/
	uid_t getgid(void)	           /* get real group ID	*/
	uid_t geteuid(void)	       /* get effective user ID	*/
	uid_t getegid(void)	      /* get effective group ID	*/
	pid_t getpid(void)	              /* get process ID	*/
	pid_t getppid(void)	       /* get parent process ID	*/
	pid_t getpgrp(void)	        /* get process group ID	*/

Next: Creating Processes With Fork

---