]>
Commit | Line | Data |
---|---|---|
fea681da MK |
1 | .\" Copyright (C) 1997 Andries Brouwer (aeb@cwi.nl) |
2 | .\" | |
93015253 | 3 | .\" %%%LICENSE_START(VERBATIM) |
fea681da MK |
4 | .\" Permission is granted to make and distribute verbatim copies of this |
5 | .\" manual provided the copyright notice and this permission notice are | |
6 | .\" preserved on all copies. | |
7 | .\" | |
8 | .\" Permission is granted to copy and distribute modified versions of this | |
9 | .\" manual under the conditions for verbatim copying, provided that the | |
10 | .\" entire resulting derived work is distributed under the terms of a | |
11 | .\" permission notice identical to this one. | |
c13182ef | 12 | .\" |
fea681da MK |
13 | .\" Since the Linux kernel and libraries are constantly changing, this |
14 | .\" manual page may be incorrect or out-of-date. The author(s) assume no | |
15 | .\" responsibility for errors or omissions, or for damages resulting from | |
16 | .\" the use of the information contained herein. The author(s) may not | |
17 | .\" have taken the same level of care in the production of this manual, | |
18 | .\" which is licensed free of charge, as they might when working | |
19 | .\" professionally. | |
c13182ef | 20 | .\" |
fea681da MK |
21 | .\" Formatted or processed versions of this manual, if unaccompanied by |
22 | .\" the source, must acknowledge the copyright and authors of this work. | |
4b72fb64 | 23 | .\" %%%LICENSE_END |
fea681da | 24 | .\" |
c11b1abf | 25 | .\" Modified, 2003-05-26, Michael Kerrisk, <mtk.manpages@gmail.com> |
1e7eb3a7 | 26 | .TH SETRESUID 2 2010-11-22 "Linux" "Linux Programmer's Manual" |
fea681da MK |
27 | .SH NAME |
28 | setresuid, setresgid \- set real, effective and saved user or group ID | |
29 | .SH SYNOPSIS | |
b80f966b | 30 | .BR "#define _GNU_SOURCE" " /* See feature_test_macros(7) */" |
fea681da MK |
31 | .br |
32 | .B #include <unistd.h> | |
33 | .sp | |
34 | .BI "int setresuid(uid_t " ruid ", uid_t " euid ", uid_t " suid ); | |
35 | .br | |
c13182ef | 36 | .BI "int setresgid(gid_t " rgid ", gid_t " egid ", gid_t " sgid ); |
fea681da | 37 | .SH DESCRIPTION |
e511ffb6 | 38 | .BR setresuid () |
d9df8ff8 | 39 | sets the real user ID, the effective user ID, and the |
a1ffe9f5 | 40 | saved set-user-ID of the calling process. |
fea681da | 41 | |
d9df8ff8 MK |
42 | Unprivileged user processes |
43 | may change the real UID, | |
44 | effective UID, and saved set-user-ID, each to one of: | |
c13182ef | 45 | the current real UID, the current effective UID or the |
d9df8ff8 | 46 | current saved set-user-ID. |
fea681da | 47 | |
0b9bdf82 | 48 | Privileged processes (on Linux, those having the \fBCAP_SETUID\fP capability) |
c13182ef | 49 | may set the real UID, effective UID, and |
d9df8ff8 | 50 | saved set-user-ID to arbitrary values. |
fea681da | 51 | |
c4bb193f | 52 | If one of the arguments equals \-1, the corresponding value is not changed. |
fea681da | 53 | |
bb40bc01 | 54 | Regardless of what changes are made to the real UID, effective UID, |
9ee4a2b6 | 55 | and saved set-user-ID, the filesystem UID is always set to the same |
bb40bc01 MK |
56 | value as the (possibly new) effective UID. |
57 | ||
fea681da | 58 | Completely analogously, |
e511ffb6 | 59 | .BR setresgid () |
c13182ef | 60 | sets the real GID, effective GID, and saved set-group-ID |
9ee4a2b6 | 61 | of the calling process (and always modifies the filesystem GID |
bb40bc01 | 62 | to be the same as the effective GID), |
60b9e97c | 63 | with the same restrictions for unprivileged processes. |
47297adb | 64 | .SH RETURN VALUE |
c13182ef MK |
65 | On success, zero is returned. |
66 | On error, \-1 is returned, and | |
fea681da MK |
67 | .I errno |
68 | is set appropriately. | |
f673b783 MK |
69 | |
70 | .IR Note : | |
71 | there are cases where | |
72 | .BR setresuid () | |
73 | can fail even when the caller is UID 0; | |
29d3bdc4 | 74 | it is a grave security error to omit checking for a failure return from |
f673b783 | 75 | .BR setresuid (). |
fea681da MK |
76 | .SH ERRORS |
77 | .TP | |
78 | .B EAGAIN | |
199f1e15 MK |
79 | The call would change the caller's real UID (i.e., |
80 | .I ruid | |
81 | does not match the caller's real UID), | |
82 | but there was a temporary failure allocating the | |
83 | necessary kernel data structures. | |
84 | .TP | |
85 | .B EAGAIN | |
c5e8af4d MK |
86 | .I ruid |
87 | does not match the caller's real UID and this call would | |
88 | bring the number of processes belonging to the real user ID | |
89 | .I ruid | |
90 | over the caller's | |
0daa9e92 | 91 | .B RLIMIT_NPROC |
2f0af33b | 92 | resource limit. |
19d889b3 MK |
93 | Since Linux 3.1, this error case no longer occurs |
94 | (but robust applications should check for this error); | |
95 | see the description of | |
96 | .B EAGAIN | |
97 | in | |
98 | .BR execve (2). | |
fea681da MK |
99 | .TP |
100 | .B EPERM | |
0b9bdf82 | 101 | The calling process is not privileged (did not have the \fBCAP_SETUID\fP |
d3c8b3e9 | 102 | capability) and tried to change the IDs to values that are not permitted. |
a1d5f77c MK |
103 | .SH VERSIONS |
104 | These calls are available under Linux since Linux 2.1.44. | |
47297adb | 105 | .SH CONFORMING TO |
c8f2dd47 | 106 | These calls are nonstandard; |
97c1eac8 | 107 | they also appear on HP-UX and some of the BSDs. |
fea681da | 108 | .SH NOTES |
1e7eb3a7 | 109 | Under HP-UX and FreeBSD, the prototype is found in |
fea681da | 110 | .IR <unistd.h> . |
cc4615cc | 111 | Under Linux the prototype is provided by glibc since version 2.3.2. |
ea03a3ac MK |
112 | |
113 | The original Linux | |
114 | .BR setresuid () | |
115 | and | |
116 | .BR setresgid () | |
117 | system calls supported only 16-bit user and group IDs. | |
c5662d5d | 118 | Subsequently, Linux 2.4 added |
ea03a3ac MK |
119 | .BR setresuid32 () |
120 | and | |
121 | .BR setresgid32 (), | |
122 | supporting 32-bit IDs. | |
123 | The glibc | |
124 | .BR setresuid () | |
125 | and | |
126 | .BR setresgid () | |
127 | wrapper functions transparently deal with the variations across kernel versions. | |
47297adb | 128 | .SH SEE ALSO |
fea681da MK |
129 | .BR getresuid (2), |
130 | .BR getuid (2), | |
bb40bc01 | 131 | .BR setfsgid (2), |
f0c34053 | 132 | .BR setfsuid (2), |
fea681da MK |
133 | .BR setreuid (2), |
134 | .BR setuid (2), | |
0a90178c | 135 | .BR capabilities (7), |
0a4f8b7b | 136 | .BR credentials (7) |