[thirdparty/man-pages.git] / man7 / credentials.7

.\" Copyright (c) 2007 by Michael Kerrisk <mtk.manpages@gmail.com>
.\"
.\" SPDX-License-Identifier: Linux-man-pages-copyleft
.\"
.\" 2007-06-13 Creation
.\"
.TH CREDENTIALS 7 2020-11-01 "Linux" "Linux Programmer's Manual"
.SH NAME
credentials \- process identifiers
.SH DESCRIPTION
.SS Process ID (PID)
Each process has a unique nonnegative integer identifier
that is assigned when the process is created using
.BR fork (2).
A process can obtain its PID using
.BR getpid (2).
A PID is represented using the type
.I pid_t
(defined in
.IR <sys/types.h> ).
.PP
PIDs are used in a range of system calls to identify the process
affected by the call, for example:
.BR kill (2),
.BR ptrace (2),
.BR setpriority (2)
.\" .BR sched_rr_get_interval (2),
.\" .BR sched_getaffinity (2),
.\" .BR sched_setaffinity (2),
.\" .BR sched_getparam (2),
.\" .BR sched_setparam (2),
.\" .BR sched_setscheduler (2),
.\" .BR sched_getscheduler (2),
.BR setpgid (2),
.\" .BR getsid (2),
.BR setsid (2),
.BR sigqueue (3),
and
.BR waitpid (2).
.\" .BR waitid (2),
.\" .BR wait4 (2),
.PP
A process's PID is preserved across an
.BR execve (2).
.SS Parent process ID (PPID)
A process's parent process ID identifies the process that created
this process using
.BR fork (2).
A process can obtain its PPID using
.BR getppid (2).
A PPID is represented using the type
.IR pid_t .
.PP
A process's PPID is preserved across an
.BR execve (2).
.SS Process group ID and session ID
Each process has a session ID and a process group ID,
both represented using the type
.IR pid_t .
A process can obtain its session ID using
.BR getsid (2),
and its process group ID using
.BR getpgrp (2).
.PP
A child created by
.BR fork (2)
inherits its parent's session ID and process group ID.
A process's session ID and process group ID are preserved across an
.BR execve (2).
.PP
Sessions and process groups are abstractions devised to support shell
job control.
A process group (sometimes called a "job") is a collection of
processes that share the same process group ID;
the shell creates a new process group for the process(es) used
to execute single command or pipeline (e.g., the two processes
created to execute the command "ls\ |\ wc" are placed in the
same process group).
A process's group membership can be set using
.BR setpgid (2).
The process whose process ID is the same as its process group ID is the
\fIprocess group leader\fP for that group.
.PP
A session is a collection of processes that share the same session ID.
All of the members of a process group also have the same session ID
(i.e., all of the members of a process group always belong to the
same session, so that sessions and process groups form a strict
two-level hierarchy of processes.)
A new session is created when a process calls
.BR setsid (2),
which creates a new session whose session ID is the same
as the PID of the process that called
.BR setsid (2).
The creator of the session is called the \fIsession leader\fP.
.PP
All of the processes in a session share a
.IR "controlling terminal" .
The controlling terminal is established when the session leader
first opens a terminal (unless the
.B O_NOCTTY
flag is specified when calling
.BR open (2)).
A terminal may be the controlling terminal of at most one session.
.PP
At most one of the jobs in a session may be the
.IR "foreground job" ;
other jobs in the session are
.IR "background jobs" .
Only the foreground job may read from the terminal;
when a process in the background attempts to read from the terminal,
its process group is sent a
.B SIGTTIN
signal, which suspends the job.
If the
.B TOSTOP
flag has been set for the terminal (see
.BR termios (3)),
then only the foreground job may write to the terminal;
writes from background job cause a
.B SIGTTOU
signal to be generated, which suspends the job.
When terminal keys that generate a signal (such as the
.I interrupt
key, normally control-C)
are pressed, the signal is sent to the processes in the foreground job.
.PP
Various system calls and library functions
may operate on all members of a process group,
including
.BR kill (2),
.BR killpg (3),
.BR getpriority (2),
.BR setpriority (2),
.BR ioprio_get (2),
.BR ioprio_set (2),
.BR waitid (2),
and
.BR waitpid (2).
See also the discussion of the
.BR F_GETOWN ,
.BR F_GETOWN_EX ,
.BR F_SETOWN ,
and
.B F_SETOWN_EX
operations in
.BR fcntl (2).
.SS User and group identifiers
Each process has various associated user and group IDs.
These IDs are integers, respectively represented using the types
.I uid_t
and
.I gid_t
(defined in
.IR <sys/types.h> ).
.PP
On Linux, each process has the following user and group identifiers:
.IP * 3
Real user ID and real group ID.
These IDs determine who owns the process.
A process can obtain its real user (group) ID using
.BR getuid (2)
.RB ( getgid (2)).
.IP *
Effective user ID and effective group ID.
These IDs are used by the kernel to determine the permissions
that the process will have when accessing shared resources such
as message queues, shared memory, and semaphores.
On most UNIX systems, these IDs also determine the
permissions when accessing files.
However, Linux uses the filesystem IDs described below
for this task.
A process can obtain its effective user (group) ID using
.BR geteuid (2)
.RB ( getegid (2)).
.IP *
Saved set-user-ID and saved set-group-ID.
These IDs are used in set-user-ID and set-group-ID programs to save
a copy of the corresponding effective IDs that were set when
the program was executed (see
.BR execve (2)).
A set-user-ID program can assume and drop privileges by
switching its effective user ID back and forth between the values
in its real user ID and saved set-user-ID.
This switching is done via calls to
.BR seteuid (2),
.BR setreuid (2),
or
.BR setresuid (2).
A set-group-ID program performs the analogous tasks using
.BR setegid (2),
.BR setregid (2),
or
.BR setresgid (2).
A process can obtain its saved set-user-ID (set-group-ID) using
.BR getresuid (2)
.RB ( getresgid (2)).
.IP *
Filesystem user ID and filesystem group ID (Linux-specific).
These IDs, in conjunction with the supplementary group IDs described
below, are used to determine permissions for accessing files; see
.BR path_resolution (7)
for details.
Whenever a process's effective user (group) ID is changed,
the kernel also automatically changes the filesystem user (group) ID
to the same value.
Consequently, the filesystem IDs normally have the same values
as the corresponding effective ID, and the semantics for file-permission
checks are thus the same on Linux as on other UNIX systems.
The filesystem IDs can be made to differ from the effective IDs
by calling
.BR setfsuid (2)
and
.BR setfsgid (2).
.IP *
Supplementary group IDs.
This is a set of additional group IDs that are used for permission
checks when accessing files and other shared resources.
On Linux kernels before 2.6.4,
a process can be a member of up to 32 supplementary groups;
since kernel 2.6.4,
a process can be a member of up to 65536 supplementary groups.
The call
.I sysconf(_SC_NGROUPS_MAX)
can be used to determine the number of supplementary groups
of which a process may be a member.
.\" Since kernel 2.6.4, the limit is visible via the read-only file
.\" /proc/sys/kernel/ngroups_max.
.\" As at 2.6.22-rc2, this file is still read-only.
A process can obtain its set of supplementary group IDs using
.BR getgroups (2).
.PP
A child process created by
.BR fork (2)
inherits copies of its parent's user and groups IDs.
During an
.BR execve (2),
a process's real user and group ID and supplementary
group IDs are preserved;
the effective and saved set IDs may be changed, as described in
.BR execve (2).
.PP
Aside from the purposes noted above,
a process's user IDs are also employed in a number of other contexts:
.IP * 3
when determining the permissions for sending signals (see
.BR kill (2));
.IP *
when determining the permissions for setting
process-scheduling parameters (nice value, real time
scheduling policy and priority, CPU affinity, I/O priority) using
.BR setpriority (2),
.BR sched_setaffinity (2),
.BR sched_setscheduler (2),
.BR sched_setparam (2),
.BR sched_setattr (2),
and
.BR ioprio_set (2);
.IP *
when checking resource limits (see
.BR getrlimit (2));
.IP *
when checking the limit on the number of inotify instances
that the process may create (see
.BR inotify (7)).
.\"
.SS Modifying process user and group IDs
Subject to rules described in the relevant manual pages,
a process can use the following APIs to modify its user and group IDs:
.TP
.BR setuid "(2) (" setgid (2))
Modify the process's real (and possibly effective and saved-set)
user (group) IDs.
.TP
.BR seteuid "(2) (" setegid (2))
Modify the process's effective user (group) ID.
.TP
.BR setfsuid "(2) (" setfsgid (2))
Modify the process's filesystem user (group) ID.
.TP
.BR setreuid "(2) (" setregid (2))
Modify the process's real and effective (and possibly saved-set)
user (group) IDs.
.TP
.BR setresuid "(2) (" setresgid (2))
Modify the process's real, effective, and saved-set user (group) IDs.
.TP
.BR setgroups (2)
Modify the process's supplementary group list.
.PP
Any changes to a process's effective user (group) ID
are automatically carried over to the process's
filesystem user (group) ID.
Changes to a process's effective user or group ID can also affect the
process "dumpable" attribute, as described in
.BR prctl (2).
.PP
Changes to process user and group IDs can affect the capabilities
of the process, as described in
.BR capabilities (7).
.SH CONFORMING TO
Process IDs, parent process IDs, process group IDs, and session IDs
are specified in POSIX.1.
The real, effective, and saved set user and groups IDs,
and the supplementary group IDs, are specified in POSIX.1.
The filesystem user and group IDs are a Linux extension.
.SH NOTES
Various fields in the
.IR /proc/ pid /status
file show the process credentials described above.
See
.BR proc (5)
for further information.
.PP
The POSIX threads specification requires that
credentials are shared by all of the threads in a process.
However, at the kernel level, Linux maintains separate user and group
credentials for each thread.
The NPTL threading implementation does some work to ensure
that any change to user or group credentials
(e.g., calls to
.BR setuid (2),
.BR setresuid (2))
is carried through to all of the POSIX threads in a process.
See
.BR nptl (7)
for further details.
.SH SEE ALSO
.BR bash (1),
.BR csh (1),
.BR groups (1),
.BR id (1),
.BR newgrp (1),
.BR ps (1),
.BR runuser (1),
.BR setpriv (1),
.BR sg (1),
.BR su (1),
.BR access (2),
.BR execve (2),
.BR faccessat (2),
.BR fork (2),
.BR getgroups (2),
.BR getpgrp (2),
.BR getpid (2),
.BR getppid (2),
.BR getsid (2),
.BR kill (2),
.BR setegid (2),
.BR seteuid (2),
.BR setfsgid (2),
.BR setfsuid (2),
.BR setgid (2),
.BR setgroups (2),
.BR setpgid (2),
.BR setresgid (2),
.BR setresuid (2),
.BR setsid (2),
.BR setuid (2),
.BR waitpid (2),
.BR euidaccess (3),
.BR initgroups (3),
.BR killpg (3),
.BR tcgetpgrp (3),
.BR tcgetsid (3),
.BR tcsetpgrp (3),
.BR group (5),
.BR passwd (5),
.BR shadow (5),
.BR capabilities (7),
.BR namespaces (7),
.BR path_resolution (7),
.BR pid_namespaces (7),
.BR pthreads (7),
.BR signal (7),
.BR system_data_types (7),
.BR unix (7),
.BR user_namespaces (7),
.BR sudo (8)
Commit	Line	Data
c11b1abf	1	.\" Copyright (c) 2007 by Michael Kerrisk <mtk.manpages@gmail.com>
8e5a067a	2	.\"
5fbde956	3	.\" SPDX-License-Identifier: Linux-man-pages-copyleft
8e5a067a MK	4	.\"
	5	.\" 2007-06-13 Creation
	6	.\"
3fde8c2e	7	.TH CREDENTIALS 7 2020-11-01 "Linux" "Linux Programmer's Manual"
8e5a067a MK	8	.SH NAME
	9	credentials \- process identifiers
	10	.SH DESCRIPTION
	11	.SS Process ID (PID)
2fda57bd	12	Each process has a unique nonnegative integer identifier
8e5a067a MK	13	that is assigned when the process is created using
	14	.BR fork (2).
	15	A process can obtain its PID using
	16	.BR getpid (2).
	17	A PID is represented using the type
0daa9e92	18	.I pid_t
8e5a067a MK	19	(defined in
8e5a067a MK	20	.IR <sys/types.h> ).
a721e8b2	21	.PP
8e5a067a MK	22	PIDs are used in a range of system calls to identify the process
	23	affected by the call, for example:
	24	.BR kill (2),
	25	.BR ptrace (2),
	26	.BR setpriority (2)
	27	.\" .BR sched_rr_get_interval (2),
	28	.\" .BR sched_getaffinity (2),
	29	.\" .BR sched_setaffinity (2),
	30	.\" .BR sched_getparam (2),
	31	.\" .BR sched_setparam (2),
	32	.\" .BR sched_setscheduler (2),
	33	.\" .BR sched_getscheduler (2),
	34	.BR setpgid (2),
	35	.\" .BR getsid (2),
	36	.BR setsid (2),
485ab701	37	.BR sigqueue (3),
8e5a067a MK	38	and
	39	.BR waitpid (2).
	40	.\" .BR waitid (2),
	41	.\" .BR wait4 (2),
a721e8b2	42	.PP
8e5a067a MK	43	A process's PID is preserved across an
8e5a067a MK	44	.BR execve (2).
c634028a	45	.SS Parent process ID (PPID)
cfadad46	46	A process's parent process ID identifies the process that created
8e5a067a MK	47	this process using
	48	.BR fork (2).
	49	A process can obtain its PPID using
	50	.BR getppid (2).
	51	A PPID is represented using the type
	52	.IR pid_t .
a721e8b2	53	.PP
8e5a067a MK	54	A process's PPID is preserved across an
8e5a067a MK	55	.BR execve (2).
c634028a	56	.SS Process group ID and session ID
8e5a067a MK	57	Each process has a session ID and a process group ID,
	58	both represented using the type
	59	.IR pid_t .
988db661	60	A process can obtain its session ID using
36b91932	61	.BR getsid (2),
8e5a067a MK	62	and its process group ID using
8e5a067a MK	63	.BR getpgrp (2).
a721e8b2	64	.PP
8e5a067a MK	65	A child created by
	66	.BR fork (2)
	67	inherits its parent's session ID and process group ID.
	68	A process's session ID and process group ID are preserved across an
	69	.BR execve (2).
a721e8b2	70	.PP
8e5a067a MK	71	Sessions and process groups are abstractions devised to support shell
8e5a067a MK	72	job control.
988db661	73	A process group (sometimes called a "job") is a collection of
8e5a067a MK	74	processes that share the same process group ID;
	75	the shell creates a new process group for the process(es) used
	76	to execute single command or pipeline (e.g., the two processes
	77	created to execute the command "ls\ \|\ wc" are placed in the
	78	same process group).
	79	A process's group membership can be set using
	80	.BR setpgid (2).
	81	The process whose process ID is the same as its process group ID is the
	82	\fIprocess group leader\fP for that group.
a721e8b2	83	.PP
8e5a067a MK	84	A session is a collection of processes that share the same session ID.
	85	All of the members of a process group also have the same session ID
	86	(i.e., all of the members of a process group always belong to the
	87	same session, so that sessions and process groups form a strict
	88	two-level hierarchy of processes.)
	89	A new session is created when a process calls
	90	.BR setsid (2),
	91	which creates a new session whose session ID is the same
	92	as the PID of the process that called
	93	.BR setsid (2).
	94	The creator of the session is called the \fIsession leader\fP.
a721e8b2	95	.PP
eb4df3a0 MK	96	All of the processes in a session share a
	97	.IR "controlling terminal" .
	98	The controlling terminal is established when the session leader
	99	first opens a terminal (unless the
1ae6b2c7	100	.B O_NOCTTY
eb4df3a0 MK	101	flag is specified when calling
	102	.BR open (2)).
	103	A terminal may be the controlling terminal of at most one session.
a721e8b2	104	.PP
eb4df3a0 MK	105	At most one of the jobs in a session may be the
	106	.IR "foreground job" ;
	107	other jobs in the session are
	108	.IR "background jobs" .
	109	Only the foreground job may read from the terminal;
	110	when a process in the background attempts to read from the terminal,
	111	its process group is sent a
1ae6b2c7	112	.B SIGTTIN
eb4df3a0 MK	113	signal, which suspends the job.
eb4df3a0 MK	114	If the
1ae6b2c7	115	.B TOSTOP
eb4df3a0 MK	116	flag has been set for the terminal (see
	117	.BR termios (3)),
	118	then only the foreground job may write to the terminal;
	119	writes from background job cause a
1ae6b2c7	120	.B SIGTTOU
eb4df3a0 MK	121	signal to be generated, which suspends the job.
	122	When terminal keys that generate a signal (such as the
	123	.I interrupt
	124	key, normally control-C)
	125	are pressed, the signal is sent to the processes in the foreground job.
a721e8b2	126	.PP
d3532647	127	Various system calls and library functions
299eee50 MK	128	may operate on all members of a process group,
	129	including
	130	.BR kill (2),
498aad50	131	.BR killpg (3),
299eee50 MK	132	.BR getpriority (2),
	133	.BR setpriority (2),
	134	.BR ioprio_get (2),
	135	.BR ioprio_set (2),
	136	.BR waitid (2),
	137	and
	138	.BR waitpid (2).
	139	See also the discussion of the
	140	.BR F_GETOWN ,
	141	.BR F_GETOWN_EX ,
	142	.BR F_SETOWN ,
	143	and
1ae6b2c7	144	.B F_SETOWN_EX
299eee50 MK	145	operations in
299eee50 MK	146	.BR fcntl (2).
c634028a	147	.SS User and group identifiers
69b24321	148	Each process has various associated user and group IDs.
8e5a067a MK	149	These IDs are integers, respectively represented using the types
	150	.I uid_t
	151	and
0daa9e92	152	.I gid_t
8e5a067a MK	153	(defined in
8e5a067a MK	154	.IR <sys/types.h> ).
a721e8b2	155	.PP
8e5a067a MK	156	On Linux, each process has the following user and group identifiers:
	157	.IP * 3
	158	Real user ID and real group ID.
	159	These IDs determine who owns the process.
	160	A process can obtain its real user (group) ID using
	161	.BR getuid (2)
	162	.RB ( getgid (2)).
	163	.IP *
	164	Effective user ID and effective group ID.
	165	These IDs are used by the kernel to determine the permissions
	166	that the process will have when accessing shared resources such
	167	as message queues, shared memory, and semaphores.
008f1ecc	168	On most UNIX systems, these IDs also determine the
8e5a067a	169	permissions when accessing files.
9ee4a2b6	170	However, Linux uses the filesystem IDs described below
8e5a067a MK	171	for this task.
	172	A process can obtain its effective user (group) ID using
	173	.BR geteuid (2)
	174	.RB ( getegid (2)).
	175	.IP *
	176	Saved set-user-ID and saved set-group-ID.
	177	These IDs are used in set-user-ID and set-group-ID programs to save
	178	a copy of the corresponding effective IDs that were set when
	179	the program was executed (see
	180	.BR execve (2)).
	181	A set-user-ID program can assume and drop privileges by
	182	switching its effective user ID back and forth between the values
	183	in its real user ID and saved set-user-ID.
	184	This switching is done via calls to
	185	.BR seteuid (2),
	186	.BR setreuid (2),
	187	or
	188	.BR setresuid (2).
	189	A set-group-ID program performs the analogous tasks using
	190	.BR setegid (2),
	191	.BR setregid (2),
	192	or
	193	.BR setresgid (2).
	194	A process can obtain its saved set-user-ID (set-group-ID) using
	195	.BR getresuid (2)
	196	.RB ( getresgid (2)).
	197	.IP *
9ee4a2b6	198	Filesystem user ID and filesystem group ID (Linux-specific).
8e5a067a MK	199	These IDs, in conjunction with the supplementary group IDs described
	200	below, are used to determine permissions for accessing files; see
	201	.BR path_resolution (7)
	202	for details.
	203	Whenever a process's effective user (group) ID is changed,
9ee4a2b6	204	the kernel also automatically changes the filesystem user (group) ID
8e5a067a	205	to the same value.
9ee4a2b6	206	Consequently, the filesystem IDs normally have the same values
8e5a067a	207	as the corresponding effective ID, and the semantics for file-permission
008f1ecc	208	checks are thus the same on Linux as on other UNIX systems.
9ee4a2b6	209	The filesystem IDs can be made to differ from the effective IDs
8e5a067a MK	210	by calling
	211	.BR setfsuid (2)
	212	and
	213	.BR setfsgid (2).
	214	.IP *
	215	Supplementary group IDs.
	216	This is a set of additional group IDs that are used for permission
	217	checks when accessing files and other shared resources.
	218	On Linux kernels before 2.6.4,
	219	a process can be a member of up to 32 supplementary groups;
	220	since kernel 2.6.4,
	221	a process can be a member of up to 65536 supplementary groups.
b15f3638 MK	222	The call
	223	.I sysconf(_SC_NGROUPS_MAX)
	224	can be used to determine the number of supplementary groups
	225	of which a process may be a member.
8e5a067a MK	226	.\" Since kernel 2.6.4, the limit is visible via the read-only file
	227	.\" /proc/sys/kernel/ngroups_max.
	228	.\" As at 2.6.22-rc2, this file is still read-only.
	229	A process can obtain its set of supplementary group IDs using
f09f6a06	230	.BR getgroups (2).
8e5a067a MK	231	.PP
	232	A child process created by
	233	.BR fork (2)
	234	inherits copies of its parent's user and groups IDs.
	235	During an
	236	.BR execve (2),
988db661	237	a process's real user and group ID and supplementary
8e5a067a MK	238	group IDs are preserved;
	239	the effective and saved set IDs may be changed, as described in
	240	.BR execve (2).
a721e8b2	241	.PP
485b33bf MK	242	Aside from the purposes noted above,
	243	a process's user IDs are also employed in a number of other contexts:
	244	.IP * 3
	245	when determining the permissions for sending signals (see
	246	.BR kill (2));
	247	.IP *
	248	when determining the permissions for setting
	249	process-scheduling parameters (nice value, real time
	250	scheduling policy and priority, CPU affinity, I/O priority) using
	251	.BR setpriority (2),
	252	.BR sched_setaffinity (2),
	253	.BR sched_setscheduler (2),
	254	.BR sched_setparam (2),
	255	.BR sched_setattr (2),
	256	and
	257	.BR ioprio_set (2);
	258	.IP *
	259	when checking resource limits (see
	260	.BR getrlimit (2));
	261	.IP *
	262	when checking the limit on the number of inotify instances
	263	that the process may create (see
	264	.BR inotify (7)).
314f7c11 MK	265	.\"
314f7c11 MK	266	.SS Modifying process user and group IDs
f09f6a06 MK	267	Subject to rules described in the relevant manual pages,
	268	a process can use the following APIs to modify its user and group IDs:
	269	.TP
	270	.BR setuid "(2) (" setgid (2))
	271	Modify the process's real (and possibly effective and saved-set)
	272	user (group) IDs.
	273	.TP
	274	.BR seteuid "(2) (" setegid (2))
	275	Modify the process's effective user (group) ID.
	276	.TP
	277	.BR setfsuid "(2) (" setfsgid (2))
	278	Modify the process's filesystem user (group) ID.
	279	.TP
	280	.BR setreuid "(2) (" setregid (2))
	281	Modify the process's real and effective (and possibly saved-set)
	282	user (group) IDs.
	283	.TP
	284	.BR setresuid "(2) (" setresgid (2))
	285	Modify the process's real, effective, and saved-set user (group) IDs.
	286	.TP
	287	.BR setgroups (2)
	288	Modify the process's supplementary group list.
	289	.PP
	290	Any changes to a process's effective user (group) ID
	291	are automatically carried over to the process's
	292	filesystem user (group) ID.
cbae8f09 MK	293	Changes to a process's effective user or group ID can also affect the
	294	process "dumpable" attribute, as described in
	295	.BR prctl (2).
314f7c11 MK	296	.PP
	297	Changes to process user and group IDs can affect the capabilities
	298	of the process, as described in
	299	.BR capabilities (7).
47297adb	300	.SH CONFORMING TO
0034a22b	301	Process IDs, parent process IDs, process group IDs, and session IDs
eedfc430	302	are specified in POSIX.1.
f8850a38	303	The real, effective, and saved set user and groups IDs,
eedfc430	304	and the supplementary group IDs, are specified in POSIX.1.
9ee4a2b6	305	The filesystem user and group IDs are a Linux extension.
8e5a067a	306	.SH NOTES
ed33c688	307	Various fields in the
1ae6b2c7	308	.IR /proc/ pid /status
ed33c688 MK	309	file show the process credentials described above.
	310	See
	311	.BR proc (5)
	312	for further information.
	313	.PP
6923f52c MK	314	The POSIX threads specification requires that
	315	credentials are shared by all of the threads in a process.
	316	However, at the kernel level, Linux maintains separate user and group
	317	credentials for each thread.
	318	The NPTL threading implementation does some work to ensure
	319	that any change to user or group credentials
	320	(e.g., calls to
	321	.BR setuid (2),
41fa59c0	322	.BR setresuid (2))
6923f52c	323	is carried through to all of the POSIX threads in a process.
2baa3e91 MK	324	See
	325	.BR nptl (7)
	326	for further details.
47297adb	327	.SH SEE ALSO
8e5a067a	328	.BR bash (1),
f0c34053	329	.BR csh (1),
bcaa9b6e	330	.BR groups (1),
4d3b948c	331	.BR id (1),
17fb5e56	332	.BR newgrp (1),
8e5a067a	333	.BR ps (1),
0b8adf96	334	.BR runuser (1),
dac9acbf	335	.BR setpriv (1),
127a794d MK	336	.BR sg (1),
127a794d MK	337	.BR su (1),
8e5a067a MK	338	.BR access (2),
	339	.BR execve (2),
	340	.BR faccessat (2),
	341	.BR fork (2),
fadd2e65	342	.BR getgroups (2),
8e5a067a MK	343	.BR getpgrp (2),
	344	.BR getpid (2),
	345	.BR getppid (2),
	346	.BR getsid (2),
	347	.BR kill (2),
8e5a067a MK	348	.BR setegid (2),
	349	.BR seteuid (2),
	350	.BR setfsgid (2),
	351	.BR setfsuid (2),
	352	.BR setgid (2),
	353	.BR setgroups (2),
9d604ae9	354	.BR setpgid (2),
8e5a067a MK	355	.BR setresgid (2),
8e5a067a MK	356	.BR setresuid (2),
9d604ae9	357	.BR setsid (2),
8e5a067a MK	358	.BR setuid (2),
	359	.BR waitpid (2),
	360	.BR euidaccess (3),
	361	.BR initgroups (3),
498aad50	362	.BR killpg (3),
8e5a067a	363	.BR tcgetpgrp (3),
b7921eb6	364	.BR tcgetsid (3),
8e5a067a	365	.BR tcsetpgrp (3),
d17b32ad MK	366	.BR group (5),
d17b32ad MK	367	.BR passwd (5),
def79251	368	.BR shadow (5),
8e5a067a	369	.BR capabilities (7),
4effb5be	370	.BR namespaces (7),
8e5a067a	371	.BR path_resolution (7),
7e0e902b	372	.BR pid_namespaces (7),
19832d3c	373	.BR pthreads (7),
eb4df3a0	374	.BR signal (7),
6415668a	375	.BR system_data_types (7),
2b4be1ea	376	.BR unix (7),
d17b32ad	377	.BR user_namespaces (7),
2b4be1ea	378	.BR sudo (8)