What is the difference between setuid and seteuid function. In man page both of the function have similar description.

setuid:

DESCRIPTION

   setuid()  sets  the  effective user ID of the calling process.  If the effective UID of the caller is root, the real UID and saved
   set-user-ID are also set.

seteuid:

DESCRIPTION

   seteuid()  sets  the  effective user ID of the calling process.  Unprivileged user processes may only set the effective user ID to
   the real user ID, the effective user ID or the saved set-user-ID.

In both of the description contains sets the effective user ID of the calling process. So what is the difference between these two and how the functionality differs between these functions.

And One more doubt is, using chmod(chmod u+s ) only we can set the set user id permission to the file. Then only during runtime of the program, the process have permission who is set to set user id. Apart from these how these functions set the effective userid to the process.

From the man page:

   Thus, a set-user-ID-root program wishing to temporarily drop root
   privileges, assume the identity of an unprivileged user, and then
   regain root privileges afterward cannot use setuid().  You can
   accomplish this with seteuid(2).

privileged process

• In the following sections,

  we use the traditional definition of a privileged process as one whose effective user id is 0.

setuid()

• • When an unprivileged process calls setuid(),

    only the effective user id of the process is changed.

    -| Furthermore,

    it can be changed only +- to the same value as |+_| either

    |+| the real user ID or |+| saved set-user-ID.

• • When a privileged process executes setuid() with a nonzero argument,

    then the real user ID, effective user id, and saved set-user-ID are all set +- to the value specified in the uid argument.

  • This is a one-way trip,

    in that

    once a privileged process has changed its identifiers in this way,

    it loses all privileges and

    therefore can’t subsequently use setuid() +- to reset the identifiers back +- to 0.

seteuid()

• • An unprivileged process can change an effective ID only +- to the same value as the corresponding |+| real or |+| saved set ID.

  • (In other words,

    for an unprivileged process,

    seteuid() and setegid() have the same effect as setuid() and setgid(), respectively,

    except for the BSD portability issues noted earlier.)

• • A privileged process can change an effective ID +- to any value.

    If a privileged process uses seteuid() +- to change its effective user id +- to a nonzero value,

    then it ceases +- to be privileged

    ( ++ but may be able +- to regain privilege via the previous rule).

    • because:

      • before everything, a Process_AA become privileged because:

        when the Process_AA executes a set-user-ID-root program (executable file),

        Process_AA es effective user id is changed to 0 (Process_AA is privileged now), &

        Process_AA es saved set-user-ID is copied from Process_AA es effective user id (saved set-user-ID is 0 too now)

      • now the privileged process Process_AA uses seteuid() +- to change its effective user id +- to a nonzero value,

        the privileged process Process_AA only changed Process_AA es effective user id, but Process_AA es saved set-user-ID is unchanged.

      • now Process_AA is an unprivileged process,

        we know

        An unprivileged process can change an effective ID only +- to the same value as the corresponding |+| real or |+| saved set ID.

        so Process_AA can regain privilege later

ex

• Using seteuid() is the preferred method for set-user-ID and set-group-ID programs +- to temporarily drop and later regain privileges.

  Here’s an example:

  euid = geteuid();               /* **Save initial effective user ID** (which is same as saved set-user-ID) */
  
  if (seteuid(getuid()) == -1)    /* Drop privileges */
      errExit("seteuid");
  if (seteuid(euid) == -1)        /* **Regain privileges** */
      errExit("seteuid");
  

in short, answer, vs

• so, setuid() & seteuid() have difference only when used by a privileged process

  • the privileged process is not able to regain privilege if it uses setuid()
    (cuz saved set-user-id is changed by setuid())
  • the privileged process is able to regain privilege if it uses seteuid()
    (cuz saved set-user-id is unchanged by seteuid())

terminology ambiguity

• I personally use the following terms::

  • set-user-ID-root program (executable file) == the executable file is a Set_User_Id program & is owned by root User

  • the calling process of a set-user-ID-root program == a process with a Real_User_Id of itself_originally_have & a Effective_User_Id changed to 0 (as a result of calling the set-user-ID-root program (executable file))

    (so, a privileged process)

  • real root process == a process with a Real_User_Id of 0

• some textbooks seem to mix the meaning of the terms:

  • set-user-ID-root program == set-user-ID-root program (executable file)

  • set-user-ID-root program == the calling process of a set-user-ID-root program

  • set-user-ID-root process == the calling process of a set-user-ID-root program

reference

The Linux Programming Interface (most contents above are directly copied from this book)

In answer to the question "why use seteuid()": some system applications use seteuid() so that they can attempt to execute instructions with the privileges of the "effective" user. This allows a programming running as root to ensure that, for example, any files it creates are created using the effective user id and not the root id.

Perhaps the most notable application is the Unix "cron" system which has to run as user "root" but has the responsibility of executing arbitrary commands as arbitrary users.