.\" Copyright (C), 1994, Graeme W. Wilford (Wilf).
+.\" and Copyright (C) 2010, 2014, 2015, Michael Kerrisk <mtk.manpages@gmail.com>
.\"
.\" %%%LICENSE_START(VERBATIM)
.\" Permission is granted to make and distribute verbatim copies of this
.\" <richard@greenend.org.uk>, aeb 970616.
.\" Modified, 27 May 2004, Michael Kerrisk <mtk.manpages@gmail.com>
.\" Added notes on capability requirements
-.TH SETUID 2 2010-11-22 "Linux" "Linux Programmer's Manual"
+.TH SETUID 2 2016-10-08 "Linux" "Linux Programmer's Manual"
.SH NAME
setuid \- set user identity
.SH SYNOPSIS
.SH DESCRIPTION
.BR setuid ()
sets the effective user ID of the calling process.
-If the effective UID of the caller is root,
+If the calling process is privileged
+(more precisely: if the process has the
+.BR CAP_SETUID
+capability in its user namespace),
the real UID and saved set-user-ID are also set.
.PP
Under Linux,
in
.BR execve (2).
.TP
+.B EINVAL
+The user ID specified in
+.I uid
+is not valid in this user namespace.
+.TP
.B EPERM
The user is not privileged (Linux: does not have the
.B CAP_SETUID
.I uid
does not match the real UID or saved set-user-ID of the calling process.
.SH CONFORMING TO
-SVr4, POSIX.1-2001.
+POSIX.1-2001, POSIX.1-2008, SVr4.
Not quite compatible with the 4.4BSD call, which
sets all of the real, saved, and effective user IDs.
.\" SVr4 documents an additional EINVAL error condition.
The glibc
.BR setuid ()
wrapper function transparently deals with the variation across kernel versions.
+.\"
+.SS C library/kernel differences
+At the kernel level, user IDs and group IDs are a per-thread attribute.
+However, POSIX requires that all threads in a process
+share the same credentials.
+The NPTL threading implementation handles the POSIX requirements by
+providing wrapper functions for
+the various system calls that change process UIDs and GIDs.
+These wrapper functions (including the one for
+.BR setuid ())
+employ a signal-based technique to ensure
+that when one thread changes credentials,
+all of the other threads in the process also change their credentials.
+For details, see
+.BR nptl (7).
.SH SEE ALSO
.BR getuid (2),
.BR seteuid (2),
.BR setfsuid (2),
.BR setreuid (2),
.BR capabilities (7),
-.BR credentials (7)
+.BR credentials (7),
+.BR user_namespaces (7)