Page 223 - DCAP602_NETWORK_OPERATING_SYSTEMS_I
P. 223

Unit 11: User Accounts




          Adding and removing groups can also be done by modifying each individual user account.   notes
          Start Linuxconf by typing linuxconf at the shell prompt.

          Open [Config] → [Users accounts] → [Normal] → [User accounts].
          If  you  have  more  than  15  accounts  on  the  system,  Linuxconf  will  provide  you  with  a  filter
          screen.
          On the User accounts screen, select a user that you wish to update. You will be presented with
          the User information screen.
          Add or remove the desired groups from the, Supplementary groups field. Each group should be
          separated by a space ‘’ ‘’ character.
          Once you’ve made all the changes you’d like, select Accept at the bottom of the screen.
          This will automatically update the group definitions. Repeat the process for each user.

          setuid and setgid programs

          setuid  and  setgid  (short  for  set  user  ID  upon  execution  and  set  group  ID  upon  execution,
          respectively) are Linux access rights flags that allow users to run an executable with the permissions
          of the executable’s owner or group. They are often used to allow users on a computer system to
          run programs with temporarily elevated privileges in order to perform a specific task. While the
          assumed user id or group id privileges provided are not always elevated, at a minimum they are
          specific.
          setuid and setgid are needed for tasks that require higher privileges than those which a common
          user has, such as changing his or her login password. Some of the tasks that require elevated
          privileges may not immediately be obvious, though — such as the ping command, which must
          send and listen for control packets on a network interface.

          setgid()

          setgid sets the effective group ID of the current process. If the caller is the superuser, the real and
          saved group ID’s are also set. If the process has appropriate privileges, setgid() shall set the real
          group ID, effective group ID, and the saved set-group-ID of the calling process to gid.
          If the process does not have appropriate privileges, but gid is equal to the real group ID or the
          saved set-group-ID, setgid() shall set the effective group ID to gid; the real group ID and saved
          set-group-ID shall remain unchanged.
          The setgid() function shall not affect the supplementary group list in any way.
          Any supplementary group IDs of the calling process shall remain unchanged.

          Upon  successful  completion,  0  is  returned.  Otherwise,  -1  shall  be  returned  and  errno  set  to
          indicate the error.

          setuid()

          If the process has appropriate privileges, setuid() shall set the real user ID, effective user ID, and
          the saved set-user-ID of the calling process to uid.

          If the process does not have appropriate privileges, but uid is equal to the real user ID or the
          saved set-user-ID, setuid() shall set the effective user ID to uid; the real user ID and saved set-
          user-ID shall remain unchanged.






                                           LoveLy professionaL university                                   217
   218   219   220   221   222   223   224   225   226   227   228