Typically, a user $U$‘s processes will run with $U$‘s user-id. Assume a user wants to update her password - The executable that updates `etc/passwd` cannot be run with $U$‘s user-id - The `setuid` bit on executable files allows user-id to change to the owner of the executable (`setgid` bit is similar) - `setuid()` system call can be used to elevate or reduce privileges There are different types of user-ids for a process: - Real UID → The owner of the process that is running - Effective UID → UID that is used in access control decisions. If we use `setuid()` then this will be root. - Saved UID → If we increase privilege but want to go back to a lower privilege, we can revert to the saved UID >[!info] `setuid(uid)` call requires that the `uid` be equal to `real uid` or `saved uid` when the `effective uid` is not zero. So it is not applicable to root users. Behavior of `fork()` and `exec()` calls in how these uids carry over when a child process is created. Group ids work similarly as well, but they also have a sticky bit. ![[attachments/Screenshot 2023-06-08 at 9.37.54 PM.png]]