|Lesson 4||Process ownership |
|Objective||Describe how process ownership and access permissions are related. |
How process ownership and access Permissions are related
Every process has an owner and a group. As mentioned previously, when a
process tries to access a file or other system resource, the permissions set on that resource are compared against the ownership of the
process to determine if access should be permitted.
In general, a process is owned by the same entity that owned its parent. A user owns his or her own login shell, and because all
commands started interactively are started by the shell, this means that you own any commands you run from a shell.
In particular, remember that the owner of a process consisting of a running program is not the same as the owner of the file that
contains the program.
Of course, this is not the whole story. The init process, for example, is owned by root, and every process derives ultimately from
init, yet not every child of init is owned by root. In fact, UNIX provides a mechanism for a process to change its ownership.
One important example of changing ownership occurs with the
su command. As you know, the
su command starts a subshell with root permissions. The shell started by
su is owned by root, not by the user who ran the
Real and effective user/group ID
The distinction between the user who started a process and the owner of the running process is captured in the notion of real and effective user and group ID. The real user or group ID of a process is the ID of the user or group who started that process.
The effective user or group ID is the user or group ID that the system uses to evaluate access permissions for that process.
Note:The definitions above are not strictly correct, because a process can change both its real and its effective user ID. However, the distinction as written is adequate for our purposes.