Change EUID of running process

On Linux, how can I change EUID of running process from command line (provided I have root access)?


Solution 1:

If the process is running with root-privileges, you could attach gdb to the process and call seteuid from within that process.

Example:

[root@user-desktop ~]# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) context=user_u:system_r:unconfined_t

[root@user-desktop ~]# gdb /bin/bash $$
GNU gdb Fedora (6.8-27.el5)
# cut copyright & license statements
This GDB was configured as "x86_64-redhat-linux-gnu"...
# cut some initialization output    
0x00000036b0a99335 in waitpid () from /lib64/libc.so.6
(gdb) call seteuid(500)
$1 = 0 
(gdb) quit
The program is running.  Quit anyway (and detach it)? (y or n) y
Detaching from program: /bin/bash, process 29017

[root@user-desktop ~]# id
uid=0(root) gid=0(root) euid=500(user) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) context=user_u:system_r:unconfined_t

Solution 2:

If you are talking about a process changing its own EUID, there are a bunch of ways to do that.

  • setuid() - as a side-effect sets EUID when used by a process with EUID of 0
  • seteuid()
  • setreuid()

Depending on the effective UID of the program, and whether there is a saved UID, you may be able to switch between two EUID values in a non-root program. With a root privileged program, you have to be careful - you have to decide whether the change should be irreversible, and use the correct function for the job. (Using setuid() as root is irreversible.)

If you are trying to change a process that's already running from a separate process, then there is no standard way to do it - and I'm not sure there are many non-standard ways, either. You might be able to dink some information in /dev/kmem, but the expression 'thin ice' springs to mind.