Friday, April 24, 2015

Shell vs. Term vs. eshell in Emacs

shell is the standard emacs interface to Operating System's command line interface.
term (ansi-term is pretty much same to term today. They were different packages, but now both defined in term.el) is a terminal emulator. It behaves like a dedicated terminal app, such as {xterm, gnome-terminal, puTTY}. It is compatible to more shell apps than emacs shell interface, but standard emacs keys such as moving cursor don't work here (because it is emulating a terminal.)
eshell is a shell written entirely in emacs lisp. Note: it is not a bash emulator. Eshell is a shell by itself, but similar to bash or other shells.
Which should you use?
It depends on your preference.
shell is good for general use of classic/standard unix shell commands, such as {grep, du, ls, sort, cat, head, tail, uname, …}.
term & ansi-term are good if you want to run stuff like ssh, or other command line interactive interface (such as {python, ruby, lisp} shell), or text based GUI app such as {vim, synaptic, …}.
eshell is good especially on Microsoft Windows where bash is not installed, or, if you are a emacs lisp programer, because eshell has direct access to emacs lisp.

Labels: , , ,

Monday, April 20, 2015

Unix/Linux OS/real and effective user id

Each UNIX proces has 3 UIDs associated to it. Superuser privilege is UID=0.

Real UID
--------

This is the UID of the user/process that created THIS process. It can be changed only if the running process has EUID=0.

Effective UID
-------------

This UID is used to evaluate privileges of the process to perform a particular action. EUID can be change either to RUID, or SUID if EUID!=0. If EUID=0, it can be changed to anything.

Saved UID
---------

If the binary image file, that was launched has a Set-UID bit on, SUID will be the UID of the owner of the file. Otherwise, SUID will be the RUID.

What is the idea behind this?

Normal programs, like "ls", "cat", "echo" will be run by a normal user, under that users UID. Special programs that allow user to have controlled access to protected data, can have Set-UID bit to allow the program to be run under privileged UID.

An example of such program is "passwd". If you list it in full, you will see that it has Set-UID bit and the owner is "root". When a normal user, say "ananta", runs "passwd", passwd starts with:

Real-UID = ananta
Effective-UID = ananta
Saved-UID = root

The the program calls a system call "seteuid( 0 )" and since SUID=0, the call will succede and the UIDs will be:

Real-UID = ananta
Effective-UID = root
Saved-UID = root

After that, "passwd" process will be able to access /etc/passwd and change password for user "ananta". Note that user "ananta" cannot write to /etc/passwd on it's own. Note one other thing, setting a Set-UID on a executable file is not enough to make it run as privileged process. The program itself must make a system call.

Labels: