A process can change its current USERCODE to either of those stored in the REALUSERCODE or SAVEDUSERCODE attribute, without having to specify a password. However, the process cannot do this toggling with ordinary task attribute assignments. Instead, the process must use certain specialized functions that are available in three forms:
-
As ALGOL procedures in the file SYMBOL/POSIX/ALGOL/PROPERTIES. These procedures are documented in the ALGOL and MCP Interfaces to POSIX Features Programming Reference Manual.
-
As C language functions accessible through a header file. These functions are documented in the C Programming Reference Manual, Volume 2: Headers and Functions.
-
As library procedures exported by the MCPSUPPORT library. These procedures are documented in the ALGOL and MCP Interfaces to POSIX Features Programming Reference Manual.
These functions and procedures refer to user identities by numeric values that correspond to the UID usercode attribute. Therefore, changing to the REALUSERCODE or SAVEDUSERCODE is a two-step process:
-
Retrieve the user ID associated with the REALUSERCODE or SAVEDUSERCODE.
-
Change the process's current user ID to the user ID that was retrieved.
Similarly, a process can change its current GROUPCODE to either of those stored in the REALGROUPCODE or SAVEDGROUPCODE attribute. The process uses procedures or functions that are available from the SYMBOL/POSIX/ALGOL/PROPERTIES file, the C header file, or the MCPSUPPORT library.
The following table lists the procedures and functions used to toggle between the real and saved usercode or group code:
|
Action to Perform |
ALGOL Procedure |
C Function |
MCPSUPPORT Procedure |
|---|---|---|---|
|
Retrieve user ID of REALUSERCODE |
|||
|
Retrieve user ID of USERCODE |
POSIX_INTEGERIDS |
||
|
Change current user ID |
|||
|
Retrieve group ID of REALGROUPCODE |
POSIX_INTEGERIDS |
||
|
Retrieve group ID of GROUPCODE |
POSIX_INTEGERIDS |
||
|
Change current group ID |
POSIX_SETIDS |
The following ALGOL program uses procedures from SYMBOL/POSIX/ALGOL/ PROPERTIES to change its usercode and group code between the “real” and “saved” values:
BEGIN
$INCLUDE “SYMBOL/POSIX/ALGOL/PROPERTIES.”
INTEGER ERRNO,
REAL_GID,
REAL_UID,
RSLT,
SAVED_GID,
SAVED_UID;
% RECORD SAVED USERCODE AND GROUPCODE
% Because process has not yet changed its identity, these values
% are the same as the effective usercode and group code.
SAVED_UID := GETEUID(ERRNO);
SAVED_GID := GETEGID(ERRNO);
% RECORD REAL USERCODE AND GROUPCODE
REAL_UID := GETUID(ERRNO);
REAL_GID := GETGID(ERRNO);
% CHANGE USERCODE TO REALUSERCODE
RSLT := SETUID(REAL_UID, ERRNO);
% CHANGE GROUPCODE TO REALGROUPCODE
RSLT := SETGID(REAL_GID, ERRNO);
% CHANGE USERCODE TO SAVEDUSERCODE
RSLT := SETUID(SAVED_UID, ERRNO);
% CHANGE GROUPCODE TO SAVEDGROUPCODE
RSLT := SETGID(SAVED_GID, ERRNO);
END. Note that the system performs security checking on the SETUID function. The system permits the SETUID to succeed only if the requested user ID corresponds to the USERCODE, REALUSERCODE, or SAVEDUSERCODE of the process.
Similarly, the system performs checking on the SETGID function. The system permits the SETGID to succeed only if the requested group ID corresponds to the value of the GROUPCODE, REALGROUPCODE, or SAVEDGROUPCODE of the process.
