Why ss -e doesn't show uid?

Question

I have a debian VM, here the info:

las@Client:~$ cat /etc/os-release 
PRETTY_NAME="Debian GNU/Linux 8 (jessie)"
NAME="Debian GNU/Linux"
VERSION_ID="8"
VERSION="8 (jessie)"

When I type ss -nte I expect to see the uid of the process that uses the socket because of the -e option, but it doesn't appear and I can't figure it out why. Here's the output:

las@Client:~$ ss -nte
State       Recv-Q Send-Q                    Local Address:Port                      Peer Address:Port 
ESTAB       0      176                      192.168.56.201:22                        192.168.56.1:50468  timer:(on,204ms,0) ino:12286 sk:ffff88000e7f3140 <->

How can I solve this?

Answer 1

The ss command (any version) will display an uid only if it's not zero. Here's the source for the Debian 8 jessie version:

    if (show_details) {
        if (s.uid)
            printf(" uid:%u", (unsigned)s.uid);
        printf(" ino:%u", s.ino);
        printf(" sk:%llx", s.sk);
        if (opt[0])
            printf(" opt:\"%s\"", opt);
    }

The test if (s.uid) makes it not display the information each time the socket owner's uid value is 0.

Additional tests (but using kernel 5.6 and a matching ss from iproute2 5.6.0), show that indeed a normal user can know the owner's uid of an other socket even if not owned by itself. So the absence of the uid: entry can mean only two things: owned by the root user, or owned by the kernel (which is different, but can't be distinguished here).

In your case, as the sshd daemon is running as root, all TCP sockets related to it will be owned by root, even if sshd grants a non-root login. The user login granted by sshd is not connected to any TCP socket: it's connected to the sshd daemon (or a separate instance of it) through master/slave PTYs or else with pipes. So ss can't be used to match a TCP connection to a user locally logged in through incoming ssh.