[thirdparty/man-pages.git] / man2 / seteuid.2

.\" Copyright (C) 2001 Andries Brouwer (aeb@cwi.nl)
.\"
.\" SPDX-License-Identifier: Linux-man-pages-copyleft
.\"
.\" [should really be seteuid.3]
.\" Modified, 27 May 2004, Michael Kerrisk <mtk.manpages@gmail.com>
.\"     Added notes on capability requirements
.\"
.TH seteuid 2 (date) "Linux man-pages (unreleased)"
.SH NAME
seteuid, setegid \- set effective user or group ID
.SH LIBRARY
Standard C library
.RI ( libc ", " \-lc )
.SH SYNOPSIS
.nf
.B #include <unistd.h>
.P
.BI "int seteuid(uid_t " euid );
.BI "int setegid(gid_t " egid );
.fi
.P
.RS -4
Feature Test Macro Requirements for glibc (see
.BR feature_test_macros (7)):
.RE
.P
.BR seteuid (),
.BR setegid ():
.nf
    _POSIX_C_SOURCE >= 200112L
        || /* glibc <= 2.19: */ _BSD_SOURCE
.fi
.SH DESCRIPTION
.BR seteuid ()
sets the effective user ID of the calling process.
Unprivileged processes may only set the effective user ID to the
real user ID, the effective user ID or the saved set-user-ID.
.P
Precisely the same holds for
.BR setegid ()
with "group" instead of "user".
.\" When
.\" .I euid
.\" equals \-1, nothing is changed.
.\" (This is an artifact of the implementation in glibc of seteuid()
.\" using setresuid(2).)
.SH RETURN VALUE
On success, zero is returned.
On error, \-1 is returned, and
.I errno
is set to indicate the error.
.P
.IR Note :
there are cases where
.BR seteuid ()
can fail even when the caller is UID 0;
it is a grave security error to omit checking for a failure return from
.BR seteuid ().
.SH ERRORS
.TP
.B EINVAL
The target user or group ID is not valid in this user namespace.
.TP
.B EPERM
In the case of
.BR seteuid ():
the calling process is not privileged (does not have the
.B CAP_SETUID
capability in its user namespace) and
.I euid
does not match the current real user ID, current effective user ID,
or current saved set-user-ID.
.IP
In the case of
.BR setegid ():
the calling process is not privileged (does not have the
.B CAP_SETGID
capability in its user namespace) and
.I egid
does not match the current real group ID, current effective group ID,
or current saved set-group-ID.
.SH VERSIONS
Setting the effective user (group) ID to the
saved set-user-ID (saved set-group-ID) is
possible since Linux 1.1.37 (1.1.38).
On an arbitrary system one should check
.BR _POSIX_SAVED_IDS .
.P
Under glibc 2.0,
.BI seteuid( euid )
is equivalent to
.BI setreuid(\-1, " euid" )
and hence may change the saved set-user-ID.
Under glibc 2.1 and later, it is equivalent to
.BI setresuid(\-1, " euid" ", \-1)"
and hence does not change the saved set-user-ID.
Analogous remarks hold for
.BR setegid (),
with the difference that the change in implementation from
.BI setregid(\-1, " egid" )
to
.BI setresgid(\-1, " egid" ", \-1)"
occurred in glibc 2.2 or 2.3 (depending on the hardware architecture).
.P
According to POSIX.1,
.BR seteuid ()
.RB ( setegid ())
need not permit
.I euid
.RI ( egid )
to be the same value as the current effective user (group) ID,
and some implementations do not permit this.
.SS C library/kernel differences
On Linux,
.BR seteuid ()
and
.BR setegid ()
are implemented as library functions that call, respectively,
.BR setreuid (2)
and
.BR setregid (2).
.SH STANDARDS
POSIX.1-2008.
.SH HISTORY
POSIX.1-2001, 4.3BSD.
.SH SEE ALSO
.BR geteuid (2),
.BR setresuid (2),
.BR setreuid (2),
.BR setuid (2),
.BR capabilities (7),
.BR credentials (7),
.BR user_namespaces (7)
Commit	Line	Data
fea681da MK	1	.\" Copyright (C) 2001 Andries Brouwer (aeb@cwi.nl)
fea681da MK	2	.\"
5fbde956	3	.\" SPDX-License-Identifier: Linux-man-pages-copyleft
fea681da MK	4	.\"
fea681da MK	5	.\" [should really be seteuid.3]
c11b1abf	6	.\" Modified, 27 May 2004, Michael Kerrisk <mtk.manpages@gmail.com>
fea681da MK	7	.\" Added notes on capability requirements
fea681da MK	8	.\"
4c1c5274	9	.TH seteuid 2 (date) "Linux man-pages (unreleased)"
fea681da MK	10	.SH NAME
fea681da MK	11	seteuid, setegid \- set effective user or group ID
f82b64fa AC	12	.SH LIBRARY
f82b64fa AC	13	Standard C library
8fc3b2cf	14	.RI ( libc ", " \-lc )
fea681da	15	.SH SYNOPSIS
c7db92b9	16	.nf
fea681da	17	.B #include <unistd.h>
c6d039a3	18	.P
fea681da	19	.BI "int seteuid(uid_t " euid );
fea681da	20	.BI "int setegid(gid_t " egid );
c7db92b9	21	.fi
c6d039a3	22	.P
d39ad78f	23	.RS -4
cc4615cc MK	24	Feature Test Macro Requirements for glibc (see
cc4615cc MK	25	.BR feature_test_macros (7)):
d39ad78f	26	.RE
c6d039a3	27	.P
cc4615cc MK	28	.BR seteuid (),
cc4615cc MK	29	.BR setegid ():
9d2adbae	30	.nf
5c10d2c5	31	_POSIX_C_SOURCE >= 200112L
75c018a1	32	\|\| /* glibc <= 2.19: */ _BSD_SOURCE
9d2adbae	33	.fi
fea681da	34	.SH DESCRIPTION
e511ffb6	35	.BR seteuid ()
a1ffe9f5	36	sets the effective user ID of the calling process.
1a54ad1e	37	Unprivileged processes may only set the effective user ID to the
d9df8ff8	38	real user ID, the effective user ID or the saved set-user-ID.
c6d039a3	39	.P
fea681da	40	Precisely the same holds for
e511ffb6	41	.BR setegid ()
fea681da	42	with "group" instead of "user".
fea681da MK	43	.\" When
	44	.\" .I euid
	45	.\" equals \-1, nothing is changed.
a1ffe9f5 MK	46	.\" (This is an artifact of the implementation in glibc of seteuid()
a1ffe9f5 MK	47	.\" using setresuid(2).)
47297adb	48	.SH RETURN VALUE
c13182ef MK	49	On success, zero is returned.
c13182ef MK	50	On error, \-1 is returned, and
fea681da	51	.I errno
f6a4078b	52	is set to indicate the error.
c6d039a3	53	.P
b57db62b MK	54	.IR Note :
	55	there are cases where
	56	.BR seteuid ()
	57	can fail even when the caller is UID 0;
29d3bdc4	58	it is a grave security error to omit checking for a failure return from
b57db62b	59	.BR seteuid ().
fea681da	60	.SH ERRORS
0076479c MK	61	.TP
	62	.B EINVAL
	63	The target user or group ID is not valid in this user namespace.
fea681da MK	64	.TP
fea681da MK	65	.B EPERM
cdbc9e15 MK	66	In the case of
	67	.BR seteuid ():
	68	the calling process is not privileged (does not have the
1ae6b2c7	69	.B CAP_SETUID
cdbc9e15	70	capability in its user namespace) and
fea681da	71	.I euid
cdbc9e15 MK	72	does not match the current real user ID, current effective user ID,
cdbc9e15 MK	73	or current saved set-user-ID.
efeece04	74	.IP
cdbc9e15 MK	75	In the case of
	76	.BR setegid ():
	77	the calling process is not privileged (does not have the
1ae6b2c7	78	.B CAP_SETGID
cdbc9e15 MK	79	capability in its user namespace) and
	80	.I egid
	81	does not match the current real group ID, current effective group ID,
	82	or current saved set-group-ID.
4131356c	83	.SH VERSIONS
c13182ef	84	Setting the effective user (group) ID to the
d9df8ff8	85	saved set-user-ID (saved set-group-ID) is
fea681da	86	possible since Linux 1.1.37 (1.1.38).
8c4f34f8 MK	87	On an arbitrary system one should check
8c4f34f8 MK	88	.BR _POSIX_SAVED_IDS .
c6d039a3	89	.P
59153d52	90	Under glibc 2.0,
fea681da	91	.BI seteuid( euid )
c13182ef	92	is equivalent to
2bc2f479	93	.BI setreuid(\-1, " euid" )
d9df8ff8	94	and hence may change the saved set-user-ID.
59153d52	95	Under glibc 2.1 and later, it is equivalent to
9cb3c68a	96	.BI setresuid(\-1, " euid" ", \-1)"
d9df8ff8	97	and hence does not change the saved set-user-ID.
f6580817 MK	98	Analogous remarks hold for
	99	.BR setegid (),
	100	with the difference that the change in implementation from
	101	.BI setregid(\-1, " egid" )
	102	to
	103	.BI setresgid(\-1, " egid" ", \-1)"
ab7b0a82	104	occurred in glibc 2.2 or 2.3 (depending on the hardware architecture).
c6d039a3	105	.P
b033d60f MK	106	According to POSIX.1,
	107	.BR seteuid ()
	108	.RB ( setegid ())
	109	need not permit
	110	.I euid
	111	.RI ( egid )
	112	to be the same value as the current effective user (group) ID,
	113	and some implementations do not permit this.
0722a578	114	.SS C library/kernel differences
a36b2bb0 MK	115	On Linux,
	116	.BR seteuid ()
	117	and
	118	.BR setegid ()
	119	are implemented as library functions that call, respectively,
	120	.BR setreuid (2)
	121	and
8554dd03	122	.BR setregid (2).
4131356c AC	123	.SH STANDARDS
	124	POSIX.1-2008.
	125	.SH HISTORY
	126	POSIX.1-2001, 4.3BSD.
47297adb	127	.SH SEE ALSO
fea681da MK	128	.BR geteuid (2),
	129	.BR setresuid (2),
	130	.BR setreuid (2),
	131	.BR setuid (2),
53a1443c	132	.BR capabilities (7),
0076479c	133	.BR credentials (7),
f58fb24f	134	.BR user_namespaces (7)