]>
Commit | Line | Data |
---|---|---|
fea681da MK |
1 | .\" Copyright (C) 2001 Andries Brouwer (aeb@cwi.nl) |
2 | .\" | |
5fbde956 | 3 | .\" SPDX-License-Identifier: Linux-man-pages-copyleft |
fea681da MK |
4 | .\" |
5 | .\" [should really be seteuid.3] | |
c11b1abf | 6 | .\" Modified, 27 May 2004, Michael Kerrisk <mtk.manpages@gmail.com> |
fea681da MK |
7 | .\" Added notes on capability requirements |
8 | .\" | |
4c1c5274 | 9 | .TH seteuid 2 (date) "Linux man-pages (unreleased)" |
fea681da MK |
10 | .SH NAME |
11 | seteuid, setegid \- set effective user or group ID | |
f82b64fa AC |
12 | .SH LIBRARY |
13 | Standard C library | |
8fc3b2cf | 14 | .RI ( libc ", " \-lc ) |
fea681da | 15 | .SH SYNOPSIS |
c7db92b9 | 16 | .nf |
fea681da | 17 | .B #include <unistd.h> |
c6d039a3 | 18 | .P |
fea681da | 19 | .BI "int seteuid(uid_t " euid ); |
fea681da | 20 | .BI "int setegid(gid_t " egid ); |
c7db92b9 | 21 | .fi |
c6d039a3 | 22 | .P |
d39ad78f | 23 | .RS -4 |
cc4615cc MK |
24 | Feature Test Macro Requirements for glibc (see |
25 | .BR feature_test_macros (7)): | |
d39ad78f | 26 | .RE |
c6d039a3 | 27 | .P |
cc4615cc MK |
28 | .BR seteuid (), |
29 | .BR setegid (): | |
9d2adbae | 30 | .nf |
5c10d2c5 | 31 | _POSIX_C_SOURCE >= 200112L |
75c018a1 | 32 | || /* glibc <= 2.19: */ _BSD_SOURCE |
9d2adbae | 33 | .fi |
fea681da | 34 | .SH DESCRIPTION |
e511ffb6 | 35 | .BR seteuid () |
a1ffe9f5 | 36 | sets the effective user ID of the calling process. |
1a54ad1e | 37 | Unprivileged processes may only set the effective user ID to the |
d9df8ff8 | 38 | real user ID, the effective user ID or the saved set-user-ID. |
c6d039a3 | 39 | .P |
fea681da | 40 | Precisely the same holds for |
e511ffb6 | 41 | .BR setegid () |
fea681da | 42 | with "group" instead of "user". |
fea681da MK |
43 | .\" When |
44 | .\" .I euid | |
45 | .\" equals \-1, nothing is changed. | |
a1ffe9f5 MK |
46 | .\" (This is an artifact of the implementation in glibc of seteuid() |
47 | .\" using setresuid(2).) | |
47297adb | 48 | .SH RETURN VALUE |
c13182ef MK |
49 | On success, zero is returned. |
50 | On error, \-1 is returned, and | |
fea681da | 51 | .I errno |
f6a4078b | 52 | is set to indicate the error. |
c6d039a3 | 53 | .P |
b57db62b MK |
54 | .IR Note : |
55 | there are cases where | |
56 | .BR seteuid () | |
57 | can fail even when the caller is UID 0; | |
29d3bdc4 | 58 | it is a grave security error to omit checking for a failure return from |
b57db62b | 59 | .BR seteuid (). |
fea681da | 60 | .SH ERRORS |
0076479c MK |
61 | .TP |
62 | .B EINVAL | |
63 | The target user or group ID is not valid in this user namespace. | |
fea681da MK |
64 | .TP |
65 | .B EPERM | |
cdbc9e15 MK |
66 | In the case of |
67 | .BR seteuid (): | |
68 | the calling process is not privileged (does not have the | |
1ae6b2c7 | 69 | .B CAP_SETUID |
cdbc9e15 | 70 | capability in its user namespace) and |
fea681da | 71 | .I euid |
cdbc9e15 MK |
72 | does not match the current real user ID, current effective user ID, |
73 | or current saved set-user-ID. | |
efeece04 | 74 | .IP |
cdbc9e15 MK |
75 | In the case of |
76 | .BR setegid (): | |
77 | the calling process is not privileged (does not have the | |
1ae6b2c7 | 78 | .B CAP_SETGID |
cdbc9e15 MK |
79 | capability in its user namespace) and |
80 | .I egid | |
81 | does not match the current real group ID, current effective group ID, | |
82 | or current saved set-group-ID. | |
4131356c | 83 | .SH VERSIONS |
c13182ef | 84 | Setting the effective user (group) ID to the |
d9df8ff8 | 85 | saved set-user-ID (saved set-group-ID) is |
fea681da | 86 | possible since Linux 1.1.37 (1.1.38). |
8c4f34f8 MK |
87 | On an arbitrary system one should check |
88 | .BR _POSIX_SAVED_IDS . | |
c6d039a3 | 89 | .P |
59153d52 | 90 | Under glibc 2.0, |
fea681da | 91 | .BI seteuid( euid ) |
c13182ef | 92 | is equivalent to |
2bc2f479 | 93 | .BI setreuid(\-1, " euid" ) |
d9df8ff8 | 94 | and hence may change the saved set-user-ID. |
59153d52 | 95 | Under glibc 2.1 and later, it is equivalent to |
9cb3c68a | 96 | .BI setresuid(\-1, " euid" ", \-1)" |
d9df8ff8 | 97 | and hence does not change the saved set-user-ID. |
f6580817 MK |
98 | Analogous remarks hold for |
99 | .BR setegid (), | |
100 | with the difference that the change in implementation from | |
101 | .BI setregid(\-1, " egid" ) | |
102 | to | |
103 | .BI setresgid(\-1, " egid" ", \-1)" | |
ab7b0a82 | 104 | occurred in glibc 2.2 or 2.3 (depending on the hardware architecture). |
c6d039a3 | 105 | .P |
b033d60f MK |
106 | According to POSIX.1, |
107 | .BR seteuid () | |
108 | .RB ( setegid ()) | |
109 | need not permit | |
110 | .I euid | |
111 | .RI ( egid ) | |
112 | to be the same value as the current effective user (group) ID, | |
113 | and some implementations do not permit this. | |
0722a578 | 114 | .SS C library/kernel differences |
a36b2bb0 MK |
115 | On Linux, |
116 | .BR seteuid () | |
117 | and | |
118 | .BR setegid () | |
119 | are implemented as library functions that call, respectively, | |
120 | .BR setreuid (2) | |
121 | and | |
8554dd03 | 122 | .BR setregid (2). |
4131356c AC |
123 | .SH STANDARDS |
124 | POSIX.1-2008. | |
125 | .SH HISTORY | |
126 | POSIX.1-2001, 4.3BSD. | |
47297adb | 127 | .SH SEE ALSO |
fea681da MK |
128 | .BR geteuid (2), |
129 | .BR setresuid (2), | |
130 | .BR setreuid (2), | |
131 | .BR setuid (2), | |
53a1443c | 132 | .BR capabilities (7), |
0076479c | 133 | .BR credentials (7), |
f58fb24f | 134 | .BR user_namespaces (7) |