DistributedNetworks DistributedNetworks


Special File Types   «Prev  Next»

Lesson 4Process ownership
ObjectiveDescribe how process ownership and access permissions are related.

Process Ownership Access permission

Every process has an owner and a group. As mentioned previously, when a process tries to access a file or other system resource, the permissions set on that resource are compared against the ownership of the process to determine if access should be permitted.
In general, a process is owned by the same entity that owned its parent. A user owns his or her own login shell, and because all commands started interactively are started by the shell, this means that you own any commands you run from a shell.
In particular, remember that the owner of a process consisting of a running program is not the same as the owner of the file that contains the program.
Of course, this is not the whole story. The init process, for example, is owned by root, and every process derives ultimately from init, yet not every child of init is owned by root. In fact, UNIX provides a mechanism for a process to change its ownership.
One important example of changing ownership occurs with the su command. As you know, the su command starts a subshell with root permissions. The shell started by su is owned by root, not by the user who ran the su command.
Real and effective user/group ID
The distinction between the user who started a process and the owner of the running process is captured in the notion of real and effective user and group ID.
The real user or group ID of a process is the ID of the user or group who started that process.
The effective user or group ID is the user or group ID that the system uses to evaluate access permissions for that process.
Note:The definitions above are not strictly correct, because a process can change both its real and its effective user ID. However, the distinction as written is adequate for our purposes.