setuid和seteuid函数

Question

I tried to find the difference between setuid and seteuid function. At that time, many of them says the following is the difference. It is showed in the man page of setuid.

Thus, a set-user-ID-root program wishing to temporarily drop root privileges, assume the identity of an unprivileged user, and then regain root privileges afterward cannot use setuid() . You can accomplish this with seteuid(2) .

I have a doubt in the above man page reference. Using setuid we can set the effective user id of the process. For Ex:

setuid(getuid());

After this statement is executed, the effective userid of the process is changed to current user. So, to regain the root permission, I simply use,

setuid(0);

But why the man page reference shows

afterward cannot use setuid(). You can accomplish this with seteuid(2)

Answer 1

• The setuid() function sets (on success) all three process UIDs to the one specified in the function argument. Root permissions can be gained back only from the saved-uid process field, that has been just overwritten by the setuid call. So, on the systems with defined _POSIX_SAVED_IDS in the unistd.h file, there is no way to get back to be root after the setuid() was called. The setuid() is a one way ticket.
• The seteuid() function does not overwrite the saved-uid field, therefore root permissions can be re-gained after the function has called.
• I'm not sure the setuid(0) mentioned in your question does actual work (or perhaps the _POSIX_SAVED_IDS is not defined on your system).

Answer 2

请注意手册页的措辞：它用于set-user-id-root程序（因此，可执行文件由用户root拥有，并且suid位置1）。