Chapter Contents
Previous
Next
Developing Applications for Use with UNIX System Services OS/390

User and Group Identification

The USS shell environment assigns a user identification number (UID) to each user. A user can also belong to one or more groups of users, each of which is assigned a group identification number (GID). These identification numbers are used to assign file ownership and control access privileges. Read, write, and execute permission is assigned to each file by either the file owner or the system administrator. Access privileges can be assigned to the user, the user's groups, and others.

Every process has a real and an effective UID, as well as a real and an effective GID. When you start a shell session, the real and effective UIDs are set to your user identification number, and the real and effective GIDs are set to your group identification number.

The effective UIDs and GIDs are used to control file access, and the real UIDs and GIDs are used for accounting purposes. File access is determined as follows:

If a process executes another process, the access rights are normally determined by the effective UID and GID of the calling process and not the access privileges of the owner of the executable. This can create undesirable situations, such as the situation in which a running program must have the ability to change a file that you do not want the user who executed the program to be able to modify directly. This problem is overcome by allowing a program to be defined to execute with the UID or GID of the program owner rather than that of the calling process. Also, suitably authorized programs can use the setuid and setgid functions to change the current process's effective UID and GID respectively.


Chapter Contents
Previous
Next
Top of Page

Copyright © 2001 by SAS Institute Inc., Cary, NC, USA. All rights reserved.