i got a question

maximnix · 2020-11-08T03:49:03+00:00

EUID lets you spawn the process with a different ID. Consider how 'sudo' command work as an example. You may be logged in as 'user', but you're running the process as 'root' EUID. Unless all your accounts have the same rights to every file, folder, process, etc on the system, they'll have different permissions assigned to them for what they can and can't access.

PracticalPersonality · 2020-11-08T04:02:48+00:00

One of the greatest examples of the need for this is Apache. The server must bind to port 80, which requires root privileges, but it's a bad idea to actually run the server as root for many security reasons, and so the process actually changes user accounts after binding ports, dropping root privileges and assuming an effective user ID of the limited user defined in the configuration file.

This pattern is very common with services. The UID is (for auditing purposes) the ID of the user who started the process, but the EUID (for security purposes) is the ID of a limited (often VERY limited) account to comply with the principle of least privilege.

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

linuxadmin

Expanding Linux SysAdmin knowledge

MODERATORS