]>
Commit | Line | Data |
---|---|---|
1 | .\" Copyright (C) 1995, Thomas K. Dyas <tdyas@eden.rutgers.edu> | |
2 | .\" | |
3 | .\" %%%LICENSE_START(VERBATIM) | |
4 | .\" Permission is granted to make and distribute verbatim copies of this | |
5 | .\" manual provided the copyright notice and this permission notice are | |
6 | .\" preserved on all copies. | |
7 | .\" | |
8 | .\" Permission is granted to copy and distribute modified versions of this | |
9 | .\" manual under the conditions for verbatim copying, provided that the | |
10 | .\" entire resulting derived work is distributed under the terms of a | |
11 | .\" permission notice identical to this one. | |
12 | .\" | |
13 | .\" Since the Linux kernel and libraries are constantly changing, this | |
14 | .\" manual page may be incorrect or out-of-date. The author(s) assume no | |
15 | .\" responsibility for errors or omissions, or for damages resulting from | |
16 | .\" the use of the information contained herein. The author(s) may not | |
17 | .\" have taken the same level of care in the production of this manual, | |
18 | .\" which is licensed free of charge, as they might when working | |
19 | .\" professionally. | |
20 | .\" | |
21 | .\" Formatted or processed versions of this manual, if unaccompanied by | |
22 | .\" the source, must acknowledge the copyright and authors of this work. | |
23 | .\" %%%LICENSE_END | |
24 | .\" | |
25 | .\" Created 1995-08-06 Thomas K. Dyas <tdyas@eden.rutgers.edu> | |
26 | .\" Modified 2000-07-01 aeb | |
27 | .\" Modified 2002-07-23 aeb | |
28 | .\" Modified, 27 May 2004, Michael Kerrisk <mtk.manpages@gmail.com> | |
29 | .\" Added notes on capability requirements | |
30 | .\" | |
31 | .TH SETFSGID 2 2017-09-15 "Linux" "Linux Programmer's Manual" | |
32 | .SH NAME | |
33 | setfsgid \- set group identity used for filesystem checks | |
34 | .SH SYNOPSIS | |
35 | .B #include <sys/fsuid.h> | |
36 | .PP | |
37 | .BI "int setfsgid(uid_t " fsgid ); | |
38 | .SH DESCRIPTION | |
39 | The system call | |
40 | .BR setfsgid () | |
41 | changes the value of the caller's filesystem group ID\(emthe | |
42 | group ID that the Linux kernel uses to check for all accesses | |
43 | to the filesystem. | |
44 | Normally, the value of | |
45 | the filesystem group ID | |
46 | will shadow the value of the effective group ID. | |
47 | In fact, whenever the | |
48 | effective group ID is changed, | |
49 | the filesystem group ID | |
50 | will also be changed to the new value of the effective group ID. | |
51 | .PP | |
52 | Explicit calls to | |
53 | .BR setfsuid (2) | |
54 | and | |
55 | .BR setfsgid () | |
56 | are usually used only by programs such as the Linux NFS server that | |
57 | need to change what user and group ID is used for file access without a | |
58 | corresponding change in the real and effective user and group IDs. | |
59 | A change in the normal user IDs for a program such as the NFS server | |
60 | is a security hole that can expose it to unwanted signals. | |
61 | (But see below.) | |
62 | .PP | |
63 | .BR setfsgid () | |
64 | will succeed only if the caller is the superuser or if | |
65 | .I fsgid | |
66 | matches either the caller's real group ID, effective group ID, | |
67 | saved set-group-ID, or current the filesystem user ID. | |
68 | .SH RETURN VALUE | |
69 | On both success and failure, | |
70 | this call returns the previous filesystem group ID of the caller. | |
71 | .SH VERSIONS | |
72 | This system call is present in Linux since version 1.2. | |
73 | .\" This system call is present since Linux 1.1.44 | |
74 | .\" and in libc since libc 4.7.6. | |
75 | .SH CONFORMING TO | |
76 | .BR setfsgid () | |
77 | is Linux-specific and should not be used in programs intended | |
78 | to be portable. | |
79 | .SH NOTES | |
80 | Note that at the time this system call was introduced, a process | |
81 | could send a signal to a process with the same effective user ID. | |
82 | Today signal permission handling is slightly different. | |
83 | See | |
84 | .BR setfsuid (2) | |
85 | for a discussion of why the use of both | |
86 | .BR setfsuid (2) | |
87 | and | |
88 | .BR setfsgid () | |
89 | is nowadays unneeded. | |
90 | .PP | |
91 | The original Linux | |
92 | .BR setfsgid () | |
93 | system call supported only 16-bit group IDs. | |
94 | Subsequently, Linux 2.4 added | |
95 | .BR setfsgid32 () | |
96 | supporting 32-bit IDs. | |
97 | The glibc | |
98 | .BR setfsgid () | |
99 | wrapper function transparently deals with the variation across kernel versions. | |
100 | .SS C library/kernel differences | |
101 | In glibc 2.15 and earlier, | |
102 | when the wrapper for this system call determines that the argument can't be | |
103 | passed to the kernel without integer truncation (because the kernel | |
104 | is old and does not support 32-bit group IDs), | |
105 | it will return \-1 and set \fIerrno\fP to | |
106 | .B EINVAL | |
107 | without attempting | |
108 | the system call. | |
109 | .SH BUGS | |
110 | No error indications of any kind are returned to the caller, | |
111 | and the fact that both successful and unsuccessful calls return | |
112 | the same value makes it impossible to directly determine | |
113 | whether the call succeeded or failed. | |
114 | Instead, the caller must resort to looking at the return value | |
115 | from a further call such as | |
116 | .IR setfsgid(\-1) | |
117 | (which will always fail), in order to determine if a preceding call to | |
118 | .BR setfsgid () | |
119 | changed the filesystem group ID. | |
120 | At the very | |
121 | least, | |
122 | .B EPERM | |
123 | should be returned when the call fails (because the caller lacks the | |
124 | .B CAP_SETGID | |
125 | capability). | |
126 | .SH SEE ALSO | |
127 | .BR kill (2), | |
128 | .BR setfsuid (2), | |
129 | .BR capabilities (7), | |
130 | .BR credentials (7) |