1 .\" Copyright 1993 Rickard E. Faith (faith@cs.unc.edu)
2 .\" and Copyright (C) 2008, 2010, 2015, Michael Kerrisk <mtk.manpages@gmail.com>
4 .\" %%%LICENSE_START(VERBATIM)
5 .\" Permission is granted to make and distribute verbatim copies of this
6 .\" manual provided the copyright notice and this permission notice are
7 .\" preserved on all copies.
9 .\" Permission is granted to copy and distribute modified versions of this
10 .\" manual under the conditions for verbatim copying, provided that the
11 .\" entire resulting derived work is distributed under the terms of a
12 .\" permission notice identical to this one.
14 .\" Since the Linux kernel and libraries are constantly changing, this
15 .\" manual page may be incorrect or out-of-date. The author(s) assume no
16 .\" responsibility for errors or omissions, or for damages resulting from
17 .\" the use of the information contained herein. The author(s) may not
18 .\" have taken the same level of care in the production of this manual,
19 .\" which is licensed free of charge, as they might when working
22 .\" Formatted or processed versions of this manual, if unaccompanied by
23 .\" the source, must acknowledge the copyright and authors of this work.
26 .\" Modified Thu Oct 31 12:04:29 1996 by Eric S. Raymond <esr@thyrsus.com>
27 .\" Modified, 27 May 2004, Michael Kerrisk <mtk.manpages@gmail.com>
28 .\" Added notes on capability requirements
29 .\" 2008-05-03, mtk, expanded and rewrote parts of DESCRIPTION and RETURN
30 .\" VALUE, made style of page more consistent with man-pages style.
32 .TH GETGROUPS 2 2019-03-06 "Linux" "Linux Programmer's Manual"
34 getgroups, setgroups \- get/set list of supplementary group IDs
36 .B #include <sys/types.h>
38 .B #include <unistd.h>
40 .BI "int getgroups(int " size ", gid_t " list []);
44 .BI "int setgroups(size_t " size ", const gid_t *" list );
47 Feature Test Macro Requirements for glibc (see
48 .BR feature_test_macros (7)):
54 Glibc 2.19 and earlier:
59 returns the supplementary group IDs of the calling process in
63 should be set to the maximum number of items that can be stored in the
66 If the calling process is a member of more than
68 supplementary groups, then an error results.
70 It is unspecified whether the effective group ID of the calling process
71 is included in the returned list.
72 (Thus, an application should also call
74 and add or remove the resulting value.)
80 is not modified, but the total number of supplementary group IDs for the
82 This allows the caller to determine the size of a dynamically allocated
84 to be used in a further call to
88 sets the supplementary group IDs for the calling process.
89 Appropriate privileges are required (see the description of the
94 argument specifies the number of supplementary group IDs
95 in the buffer pointed to by
97 A process can drop all of its supplementary groups with the call:
107 returns the number of supplementary group IDs.
108 On error, \-1 is returned, and
110 is set appropriately.
115 On error, \-1 is returned, and
117 is set appropriately.
122 has an invalid address.
125 can additionally fail with the following error:
129 is less than the number of supplementary group IDs, but is not zero.
132 can additionally fail with the following errors:
138 (32 before Linux 2.6.4; 65536 since Linux 2.6.4).
144 The calling process has insufficient privilege
145 (the caller does not have the
147 capability in the user namespace in which it resides).
149 .BR EPERM " (since Linux 3.19)"
152 is denied in this user namespace.
153 See the description of
154 .IR /proc/[pid]/setgroups
156 .BR user_namespaces (7).
159 SVr4, 4.3BSD, POSIX.1-2001, POSIX.1-2008.
165 requires privilege, it is not covered by POSIX.1.
167 A process can have up to
169 supplementary group IDs
170 in addition to the effective group ID.
175 The set of supplementary group IDs
176 is inherited from the parent process, and preserved across an
179 The maximum number of supplementary group IDs can be found at run time using
185 ngroups_max = sysconf(_SC_NGROUPS_MAX);
189 The maximum return value of
191 cannot be larger than one more than this value.
192 Since Linux 2.6.4, the maximum number of supplementary group IDs is also
193 exposed via the Linux-specific read-only file,
194 .IR /proc/sys/kernel/ngroups_max .
198 system call supported only 16-bit group IDs.
199 Subsequently, Linux 2.4 added
201 supporting 32-bit IDs.
204 wrapper function transparently deals with the variation across kernel versions.
206 .SS C library/kernel differences
207 At the kernel level, user IDs and group IDs are a per-thread attribute.
208 However, POSIX requires that all threads in a process
209 share the same credentials.
210 The NPTL threading implementation handles the POSIX requirements by
211 providing wrapper functions for
212 the various system calls that change process UIDs and GIDs.
213 These wrapper functions (including the one for
215 employ a signal-based technique to ensure
216 that when one thread changes credentials,
217 all of the other threads in the process also change their credentials.
223 .BR getgrouplist (3),
224 .BR group_member (3),
226 .BR capabilities (7),