1 .\" Copyright 1993 Rickard E. Faith (faith@cs.unc.edu)
2 .\" and Copyright (C) 2008, 2010, 2015, Michael Kerrisk <mtk.manpages@gmail.com>
4 .\" SPDX-License-Identifier: Linux-man-pages-copyleft
6 .\" Modified Thu Oct 31 12:04:29 1996 by Eric S. Raymond <esr@thyrsus.com>
7 .\" Modified, 27 May 2004, Michael Kerrisk <mtk.manpages@gmail.com>
8 .\" Added notes on capability requirements
9 .\" 2008-05-03, mtk, expanded and rewrote parts of DESCRIPTION and RETURN
10 .\" VALUE, made style of page more consistent with man-pages style.
12 .TH getgroups 2 (date) "Linux man-pages (unreleased)"
14 getgroups, setgroups \- get/set list of supplementary group IDs
17 .RI ( libc ", " \-lc )
20 .B #include <unistd.h>
22 .BI "int getgroups(int " size ", gid_t " list []);
26 .BI "int setgroups(size_t " size ", const gid_t *" list );
30 Feature Test Macro Requirements for glibc (see
31 .BR feature_test_macros (7)):
38 Glibc 2.19 and earlier:
43 returns the supplementary group IDs of the calling process in
47 should be set to the maximum number of items that can be stored in the
50 If the calling process is a member of more than
52 supplementary groups, then an error results.
54 It is unspecified whether the effective group ID of the calling process
55 is included in the returned list.
56 (Thus, an application should also call
58 and add or remove the resulting value.)
64 is not modified, but the total number of supplementary group IDs for the
66 This allows the caller to determine the size of a dynamically allocated
68 to be used in a further call to
72 sets the supplementary group IDs for the calling process.
73 Appropriate privileges are required (see the description of the
78 argument specifies the number of supplementary group IDs
79 in the buffer pointed to by
81 A process can drop all of its supplementary groups with the call:
91 returns the number of supplementary group IDs.
92 On error, \-1 is returned, and
94 is set to indicate the error.
99 On error, \-1 is returned, and
101 is set to indicate the error.
106 has an invalid address.
109 can additionally fail with the following error:
113 is less than the number of supplementary group IDs, but is not zero.
116 can additionally fail with the following errors:
122 (32 before Linux 2.6.4; 65536 since Linux 2.6.4).
128 The calling process has insufficient privilege
129 (the caller does not have the
131 capability in the user namespace in which it resides).
133 .BR EPERM " (since Linux 3.19)"
136 is denied in this user namespace.
137 See the description of
138 .IR /proc/ pid /setgroups
140 .BR user_namespaces (7).
143 SVr4, 4.3BSD, POSIX.1-2001, POSIX.1-2008.
149 requires privilege, it is not covered by POSIX.1.
151 A process can have up to
153 supplementary group IDs
154 in addition to the effective group ID.
159 The set of supplementary group IDs
160 is inherited from the parent process, and preserved across an
163 The maximum number of supplementary group IDs can be found at run time using
169 ngroups_max = sysconf(_SC_NGROUPS_MAX);
173 The maximum return value of
175 cannot be larger than one more than this value.
176 Since Linux 2.6.4, the maximum number of supplementary group IDs is also
177 exposed via the Linux-specific read-only file,
178 .IR /proc/sys/kernel/ngroups_max .
182 system call supported only 16-bit group IDs.
183 Subsequently, Linux 2.4 added
185 supporting 32-bit IDs.
188 wrapper function transparently deals with the variation across kernel versions.
190 .SS C library/kernel differences
191 At the kernel level, user IDs and group IDs are a per-thread attribute.
192 However, POSIX requires that all threads in a process
193 share the same credentials.
194 The NPTL threading implementation handles the POSIX requirements by
195 providing wrapper functions for
196 the various system calls that change process UIDs and GIDs.
197 These wrapper functions (including the one for
199 employ a signal-based technique to ensure
200 that when one thread changes credentials,
201 all of the other threads in the process also change their credentials.
207 .BR getgrouplist (3),
208 .BR group_member (3),
210 .BR capabilities (7),