setuid 和 seteuid 函数的区别

程序 1：setuid() 示例

    #include<stdio.h>
    #include<sys/types.h>
    #include<unistd.h>
    void main()
    {
        printf("Real user id = %d, Effective User id = %d\n",getuid(),geteuid());
        setuid(1000);
        printf("Real user id = %d, Effective User id = %d\n",getuid(),geteuid());
        setuid(1014);
        printf("Real user id = %d, Effective User id = %d\n",getuid(),geteuid());
    }

Output:

    guest $ ./a.out 
    Real user id = 1000, Effective User id = 1014
    Real user id = 1000, Effective User id = 1000
    Real user id = 1000, Effective User id = 1014
    guest $

程序 2：seteuid() 示例

    #include<stdio.h>
    #include<sys/types.h>
    #include<unistd.h>
    void main()
    {
        printf("Real user id = %d, Effective User id = %d\n",getuid(),geteuid());
        seteuid(1000);
        printf("Real user id = %d, Effective User id = %d\n",getuid(),geteuid());
        seteuid(1014);
        printf("Real user id = %d, Effective User id = %d\n",getuid(),geteuid());
    }

Output:

    guest $ ./a.out 
    Real user id = 1000, Effective User id = 1014
    Real user id = 1000, Effective User id = 1000
    Real user id = 1000, Effective User id = 1014
    guest $

两个程序给出相同的输出。那么，这两个函数有什么区别呢？根据参考（手册页），这两个函数都用于设置进程的有效用户 ID。这两个程序的功能有何不同？

文档关于差异非常清楚：

如果用户是root或者程序是set-user-ID-root，则必须特别小心。这setuid()函数检查调用者的有效用户 ID，如果是超级用户，则所有与进程相关的用户 ID 都设置为 uid。发生这种情况后，程序就不可能重新获得root权限。

因此，一个 set-user-ID-root 程序如果希望暂时放弃 root 权限，采用非特权用户的身份，然后重新获得 root 权限，则无法使用setuid()。你可以通过以下方式完成此操作seteuid.