]>
Commit | Line | Data |
---|---|---|
fea681da MK |
1 | .\" Copyright (C), 1994, Graeme W. Wilford (Wilf). |
2 | .\" | |
93015253 | 3 | .\" %%%LICENSE_START(VERBATIM) |
fea681da MK |
4 | .\" Permission is granted to make and distribute verbatim copies of this |
5 | .\" manual provided the copyright notice and this permission notice are | |
6 | .\" preserved on all copies. | |
7 | .\" | |
8 | .\" Permission is granted to copy and distribute modified versions of this | |
9 | .\" manual under the conditions for verbatim copying, provided that the | |
10 | .\" entire resulting derived work is distributed under the terms of a | |
11 | .\" permission notice identical to this one. | |
c13182ef | 12 | .\" |
fea681da MK |
13 | .\" Since the Linux kernel and libraries are constantly changing, this |
14 | .\" manual page may be incorrect or out-of-date. The author(s) assume no | |
15 | .\" responsibility for errors or omissions, or for damages resulting from | |
16 | .\" the use of the information contained herein. The author(s) may not | |
17 | .\" have taken the same level of care in the production of this manual, | |
18 | .\" which is licensed free of charge, as they might when working | |
19 | .\" professionally. | |
c13182ef | 20 | .\" |
fea681da MK |
21 | .\" Formatted or processed versions of this manual, if unaccompanied by |
22 | .\" the source, must acknowledge the copyright and authors of this work. | |
4b72fb64 | 23 | .\" %%%LICENSE_END |
fea681da | 24 | .\" |
c13182ef | 25 | .\" Fri Jul 29th 12:56:44 BST 1994 Wilf. <G.Wilford@ee.surrey.ac.uk> |
fea681da MK |
26 | .\" Changes inspired by patch from Richard Kettlewell |
27 | .\" <richard@greenend.org.uk>, aeb 970616. | |
c11b1abf | 28 | .\" Modified, 27 May 2004, Michael Kerrisk <mtk.manpages@gmail.com> |
fea681da | 29 | .\" Added notes on capability requirements |
e6ce2419 | 30 | .TH SETUID 2 2010-11-22 "Linux" "Linux Programmer's Manual" |
fea681da MK |
31 | .SH NAME |
32 | setuid \- set user identity | |
33 | .SH SYNOPSIS | |
34 | .B #include <sys/types.h> | |
35 | .br | |
36 | .B #include <unistd.h> | |
37 | .sp | |
38 | .BI "int setuid(uid_t " uid ); | |
39 | .SH DESCRIPTION | |
e511ffb6 | 40 | .BR setuid () |
a1ffe9f5 | 41 | sets the effective user ID of the calling process. |
d9df8ff8 MK |
42 | If the effective UID of the caller is root, |
43 | the real UID and saved set-user-ID are also set. | |
fea681da | 44 | .PP |
c13182ef | 45 | Under Linux, |
e511ffb6 | 46 | .BR setuid () |
8c4f34f8 MK |
47 | is implemented like the POSIX version with the |
48 | .B _POSIX_SAVED_IDS | |
49 | feature. | |
880f5b4b | 50 | This allows a set-user-ID (other than root) program to drop all of its user |
3b777aff | 51 | privileges, do some un-privileged work, and then reengage the original |
fea681da MK |
52 | effective user ID in a secure manner. |
53 | .PP | |
880f5b4b | 54 | If the user is root or the program is set-user-ID-root, special care must be |
c13182ef MK |
55 | taken. |
56 | The | |
e511ffb6 | 57 | .BR setuid () |
d3c8b3e9 | 58 | function checks the effective user ID of the caller and if it is |
28442c8f | 59 | the superuser, all process-related user ID's are set to |
c13182ef | 60 | .IR uid . |
fea681da MK |
61 | After this has occurred, it is impossible for the program to regain root |
62 | privileges. | |
63 | .PP | |
880f5b4b | 64 | Thus, a set-user-ID-root program wishing to temporarily drop root |
00b08db3 | 65 | privileges, assume the identity of an unprivileged user, and then regain |
5fab2e7c | 66 | root privileges afterward cannot use |
e511ffb6 | 67 | .BR setuid (). |
821c0356 | 68 | You can accomplish this with |
0bfa087b | 69 | .BR seteuid (2). |
47297adb | 70 | .SH RETURN VALUE |
c13182ef MK |
71 | On success, zero is returned. |
72 | On error, \-1 is returned, and | |
fea681da MK |
73 | .I errno |
74 | is set appropriately. | |
7d8d165a MK |
75 | |
76 | .IR Note : | |
77 | there are cases where | |
78 | .BR setuid () | |
79 | can fail even when the caller is UID 0; | |
29d3bdc4 | 80 | it is a grave security error to omit checking for a failure return from |
7d8d165a | 81 | .BR setuid (). |
fea681da MK |
82 | .SH ERRORS |
83 | .TP | |
84 | .B EAGAIN | |
25b2ea5f MK |
85 | The call would change the caller's real UID (i.e., |
86 | .I uid | |
87 | does not match the caller's real UID), | |
88 | but there was a temporary failure allocating the | |
89 | necessary kernel data structures. | |
90 | .TP | |
91 | .B EAGAIN | |
fea681da | 92 | .I uid |
7a42bf02 MK |
93 | does not match the real user ID of the caller and this call would |
94 | bring the number of processes belonging to the real user ID | |
fea681da | 95 | .I uid |
7a42bf02 | 96 | over the caller's |
0daa9e92 | 97 | .B RLIMIT_NPROC |
2f0af33b | 98 | resource limit. |
c4fe0edf MK |
99 | Since Linux 3.1, this error case no longer occurs |
100 | (but robust applications should check for this error); | |
101 | see the description of | |
102 | .B EAGAIN | |
103 | in | |
104 | .BR execve (2). | |
fea681da MK |
105 | .TP |
106 | .B EPERM | |
107 | The user is not privileged (Linux: does not have the | |
108 | .B CAP_SETUID | |
109 | capability) and | |
110 | .I uid | |
d9df8ff8 | 111 | does not match the real UID or saved set-user-ID of the calling process. |
47297adb | 112 | .SH CONFORMING TO |
c13182ef | 113 | SVr4, POSIX.1-2001. |
97c1eac8 | 114 | Not quite compatible with the 4.4BSD call, which |
c13182ef | 115 | sets all of the real, saved, and effective user IDs. |
97c1eac8 | 116 | .\" SVr4 documents an additional EINVAL error condition. |
4fb31341 | 117 | .SH NOTES |
9ee4a2b6 | 118 | Linux has the concept of the filesystem user ID, normally equal to the |
c13182ef MK |
119 | effective user ID. |
120 | The | |
e511ffb6 | 121 | .BR setuid () |
9ee4a2b6 | 122 | call also sets the filesystem user ID of the calling process. |
fea681da MK |
123 | See |
124 | .BR setfsuid (2). | |
125 | .PP | |
126 | If | |
127 | .I uid | |
e6ce2419 | 128 | is different from the old effective UID, the process will |
fea681da | 129 | be forbidden from leaving core dumps. |
dd09a14e MK |
130 | |
131 | The original Linux | |
132 | .BR setuid () | |
133 | system call supported only 16-bit user IDs. | |
c5662d5d | 134 | Subsequently, Linux 2.4 added |
dd09a14e MK |
135 | .BR setuid32 () |
136 | supporting 32-bit IDs. | |
137 | The glibc | |
138 | .BR setuid () | |
139 | wrapper function transparently deals with the variation across kernel versions. | |
47297adb | 140 | .SH SEE ALSO |
fea681da MK |
141 | .BR getuid (2), |
142 | .BR seteuid (2), | |
143 | .BR setfsuid (2), | |
144 | .BR setreuid (2), | |
53a1443c MK |
145 | .BR capabilities (7), |
146 | .BR credentials (7) |