[파이썬] os `os.setresuid()`, `os.setresgid()`로 실제/유효/저장 사용자 ID 및 그룹 ID 설정

07 Sep 2023

python

In Python, the os module provides functions to manipulate the user ID and group ID of a process. Two such functions are os.setresuid() and os.setresgid(), which allow you to set the real, effective, and saved user ID and group ID of a process.

The Real, Effective, and Saved IDs

Before diving into the os.setresuid() and os.setresgid() functions, let’s first understand the concept of real, effective, and saved IDs.

Real User ID (RUID): It is the actual user ID of the process owner.
Effective User ID (EUID): It determines the access rights of the process. When a program executes a system call or accesses a file, the kernel checks the EUID of the running process to determine if it has the necessary permissions.
Saved User ID (SUID): It is used to restore back to the original user ID (RUID) after switching to a different effective user ID temporarily.

Similar to user IDs, there are corresponding concepts for group IDs:

Real Group ID (RGID): The actual group ID of the process owner.
Effective Group ID (EGID): The group ID used for determining access permissions.
Saved Group ID (SGID): Saved group ID for temporary group changes.

Using os.setresuid() and os.setresgid()

The os.setresuid() and os.setresgid() functions allow you to set the real, effective, and saved IDs of a process. Here’s the syntax:

os.setresuid(ruid, euid, suid)
os.setresgid(rgid, egid, sgid)

ruid: The desired real user ID.
euid: The desired effective user ID.
suid: The desired saved user ID.
rgid: The desired real group ID.
egid: The desired effective group ID.
sgid: The desired saved group ID.

Passing -1 to any of the arguments will leave the corresponding ID unchanged.

Example Usage

Let’s say you want to temporarily switch to a different user ID and group ID. The following example demonstrates how to use os.setresuid() and os.setresgid():

import os

# Save the current IDs
saved_uid, saved_gid, saved_sgid = os.getresuid(), os.getresgid()

# Set the new user ID and group ID
os.setresuid(new_uid, new_euid, new_suid)
os.setresgid(new_gid, new_egid, new_sgid)

# Verify the ID changes
print("New RUID:", os.getresuid()[0])
print("New EUID:", os.getresuid()[1])
print("New SUID:", os.getresuid()[2])
print("New RGID:", os.getresgid()[0])
print("New EGID:", os.getresgid()[1])
print("New SGID:", os.getresgid()[2])

# Restore the saved IDs
os.setresuid(saved_uid[0], saved_uid[1], saved_uid[2])
os.setresgid(saved_gid[0], saved_gid[1], saved_gid[2])

# Verify the restoration
print("Restored RUID:", os.getresuid()[0])
print("Restored EUID:", os.getresuid()[1])
print("Restored SUID:", os.getresuid()[2])
print("Restored RGID:", os.getresgid()[0])
print("Restored EGID:", os.getresgid()[1])
print("Restored SGID:", os.getresgid()[2])

Make sure to replace new_uid, new_euid, new_suid, new_gid, new_egid, new_sgid with the desired IDs that you want to set.

By using os.setresuid() and os.setresgid(), you can easily switch between different users and groups in your Python programs. Remember to use these functions with caution, as you are manipulating process ownership and access rights.

That’s it! You now have a basic understanding of how to use os.setresuid() and os.setresgid() to set the real, effective, and saved user ID and group ID in Python. Happy coding!