.\" Copyright (C), 1994, Graeme W. Wilford (Wilf).
+.\" and Copyright (C) 2010, 2014, 2015, Michael Kerrisk <mtk.manpages@gmail.com>
.\"
-.\" Permission is granted to make and distribute verbatim copies of this
-.\" manual provided the copyright notice and this permission notice are
-.\" preserved on all copies.
-.\"
-.\" Permission is granted to copy and distribute modified versions of this
-.\" manual under the conditions for verbatim copying, provided that the
-.\" entire resulting derived work is distributed under the terms of a
-.\" permission notice identical to this one.
-.\"
-.\" Since the Linux kernel and libraries are constantly changing, this
-.\" manual page may be incorrect or out-of-date. The author(s) assume no
-.\" responsibility for errors or omissions, or for damages resulting from
-.\" the use of the information contained herein. The author(s) may not
-.\" have taken the same level of care in the production of this manual,
-.\" which is licensed free of charge, as they might when working
-.\" professionally.
-.\"
-.\" Formatted or processed versions of this manual, if unaccompanied by
-.\" the source, must acknowledge the copyright and authors of this work.
+.\" SPDX-License-Identifier: Linux-man-pages-copyleft
.\"
.\" Fri Jul 29th 12:56:44 BST 1994 Wilf. <G.Wilford@ee.surrey.ac.uk>
.\" Changes inspired by patch from Richard Kettlewell
.\" <richard@greenend.org.uk>, aeb 970616.
.\" Modified, 27 May 2004, Michael Kerrisk <mtk.manpages@gmail.com>
.\" Added notes on capability requirements
-.TH SETUID 2 2010-02-21 "Linux" "Linux Programmer's Manual"
+.TH setuid 2 (date) "Linux man-pages (unreleased)"
.SH NAME
setuid \- set user identity
+.SH LIBRARY
+Standard C library
+.RI ( libc ", " \-lc )
.SH SYNOPSIS
-.B #include <sys/types.h>
-.br
+.nf
.B #include <unistd.h>
-.sp
+.P
.BI "int setuid(uid_t " uid );
+.fi
.SH DESCRIPTION
.BR setuid ()
sets the effective user ID of the calling process.
-If the effective UID of the caller is root,
+If the calling process is privileged
+(more precisely: if the process has the
+.B CAP_SETUID
+capability in its user namespace),
the real UID and saved set-user-ID are also set.
-.PP
+.P
Under Linux,
.BR setuid ()
is implemented like the POSIX version with the
This allows a set-user-ID (other than root) program to drop all of its user
privileges, do some un-privileged work, and then reengage the original
effective user ID in a secure manner.
-.PP
+.P
If the user is root or the program is set-user-ID-root, special care must be
-taken.
-The
+taken:
.BR setuid ()
-function checks the effective user ID of the caller and if it is
+checks the effective user ID of the caller and if it is
the superuser, all process-related user ID's are set to
.IR uid .
After this has occurred, it is impossible for the program to regain root
privileges.
-.PP
+.P
Thus, a set-user-ID-root program wishing to temporarily drop root
privileges, assume the identity of an unprivileged user, and then regain
-root privileges afterwards cannot use
+root privileges afterward cannot use
.BR setuid ().
You can accomplish this with
.BR seteuid (2).
-.SH "RETURN VALUE"
+.SH RETURN VALUE
On success, zero is returned.
On error, \-1 is returned, and
.I errno
-is set appropriately.
+is set to indicate the error.
+.P
+.IR Note :
+there are cases where
+.BR setuid ()
+can fail even when the caller is UID 0;
+it is a grave security error to omit checking for a failure return from
+.BR setuid ().
.SH ERRORS
.TP
.B EAGAIN
-The
+The call would change the caller's real UID (i.e.,
.I uid
-does not match the current uid and
+does not match the caller's real UID),
+but there was a temporary failure allocating the
+necessary kernel data structures.
+.TP
+.B EAGAIN
.I uid
-brings process over its
+does not match the real user ID of the caller and this call would
+bring the number of processes belonging to the real user ID
+.I uid
+over the caller's
.B RLIMIT_NPROC
resource limit.
+Since Linux 3.1, this error case no longer occurs
+(but robust applications should check for this error);
+see the description of
+.B EAGAIN
+in
+.BR execve (2).
+.TP
+.B EINVAL
+The user ID specified in
+.I uid
+is not valid in this user namespace.
.TP
.B EPERM
The user is not privileged (Linux: does not have the
.B CAP_SETUID
-capability) and
+capability in its user namespace) and
.I uid
does not match the real UID or saved set-user-ID of the calling process.
-.SH "CONFORMING TO"
-SVr4, POSIX.1-2001.
+.SH VERSIONS
+.SS C library/kernel differences
+At the kernel level, user IDs and group IDs are a per-thread attribute.
+However, POSIX requires that all threads in a process
+share the same credentials.
+The NPTL threading implementation handles the POSIX requirements by
+providing wrapper functions for
+the various system calls that change process UIDs and GIDs.
+These wrapper functions (including the one for
+.BR setuid ())
+employ a signal-based technique to ensure
+that when one thread changes credentials,
+all of the other threads in the process also change their credentials.
+For details, see
+.BR nptl (7).
+.SH STANDARDS
+POSIX.1-2008.
+.SH HISTORY
+POSIX.1-2001, SVr4.
+.P
Not quite compatible with the 4.4BSD call, which
sets all of the real, saved, and effective user IDs.
.\" SVr4 documents an additional EINVAL error condition.
+.P
+The original Linux
+.BR setuid ()
+system call supported only 16-bit user IDs.
+Subsequently, Linux 2.4 added
+.BR setuid32 ()
+supporting 32-bit IDs.
+The glibc
+.BR setuid ()
+wrapper function transparently deals with the variation across kernel versions.
.SH NOTES
-.SS Linux Notes
-Linux has the concept of file system user ID, normally equal to the
+Linux has the concept of the filesystem user ID, normally equal to the
effective user ID.
The
.BR setuid ()
-call also sets the file system user ID of the calling process.
+call also sets the filesystem user ID of the calling process.
See
.BR setfsuid (2).
-.PP
+.P
If
.I uid
-is different from the old effective uid, the process will
+is different from the old effective UID, the process will
be forbidden from leaving core dumps.
-.SH "SEE ALSO"
+.SH SEE ALSO
.BR getuid (2),
.BR seteuid (2),
.BR setfsuid (2),
.BR setreuid (2),
.BR capabilities (7),
-.BR credentials (7)
+.BR credentials (7),
+.BR user_namespaces (7)
projects / thirdparty / man-pages.git / blobdiff