man2/getgroups.2

   1 .\" Copyright 1993 Rickard E. Faith (faith@cs.unc.edu)
   2 .\" and Copyright (C) 2008, 2010, 2015, Michael Kerrisk <mtk.manpages@gmail.com>
   3 .\"
   4 .\" %%%LICENSE_START(VERBATIM)
   5 .\" Permission is granted to make and distribute verbatim copies of this
   6 .\" manual provided the copyright notice and this permission notice are
   7 .\" preserved on all copies.
   8 .\"
   9 .\" Permission is granted to copy and distribute modified versions of this
  10 .\" manual under the conditions for verbatim copying, provided that the
  11 .\" entire resulting derived work is distributed under the terms of a
  12 .\" permission notice identical to this one.
  13 .\"
  14 .\" Since the Linux kernel and libraries are constantly changing, this
  15 .\" manual page may be incorrect or out-of-date.  The author(s) assume no
  16 .\" responsibility for errors or omissions, or for damages resulting from
  17 .\" the use of the information contained herein.  The author(s) may not
  18 .\" have taken the same level of care in the production of this manual,
  19 .\" which is licensed free of charge, as they might when working
  20 .\" professionally.
  21 .\"
  22 .\" Formatted or processed versions of this manual, if unaccompanied by
  23 .\" the source, must acknowledge the copyright and authors of this work.
  24 .\" %%%LICENSE_END
  25 .\"
  26 .\" Modified Thu Oct 31 12:04:29 1996 by Eric S. Raymond <esr@thyrsus.com>
  27 .\" Modified, 27 May 2004, Michael Kerrisk <mtk.manpages@gmail.com>
  28 .\"     Added notes on capability requirements
  29 .\" 2008-05-03, mtk, expanded and rewrote parts of DESCRIPTION and RETURN
  30 .\"     VALUE, made style of page more consistent with man-pages style.
  31 .\"
  32 .TH GETGROUPS 2 2019-03-06 "Linux" "Linux Programmer's Manual"
  33 .SH NAME
  34 getgroups, setgroups \- get/set list of supplementary group IDs
  35 .SH SYNOPSIS
  36 .B #include <sys/types.h>
  37 .br
  38 .B #include <unistd.h>
  39 .PP
  40 .BI "int getgroups(int " size ", gid_t " list []);
  41
  42 .B #include <grp.h>
  43 .PP
  44 .BI "int setgroups(size_t " size ", const gid_t *" list );
  45 .PP
  46 .in -4n
  47 Feature Test Macro Requirements for glibc (see
  48 .BR feature_test_macros (7)):
  49 .in
  50 .PP
  51 .BR setgroups ():
  52     Since glibc 2.19:
  53         _DEFAULT_SOURCE
  54     Glibc 2.19 and earlier:
  55         _BSD_SOURCE
  56 .SH DESCRIPTION
  57 .PP
  58 .BR getgroups ()
  59 returns the supplementary group IDs of the calling process in
  60 .IR list .
  61 The argument
  62 .I size
  63 should be set to the maximum number of items that can be stored in the
  64 buffer pointed to by
  65 .IR list .
  66 If the calling process is a member of more than
  67 .I size
  68 supplementary groups, then an error results.
  69 .PP
  70 It is unspecified whether the effective group ID of the calling process
  71 is included in the returned list.
  72 (Thus, an application should also call
  73 .BR getegid (2)
  74 and add or remove the resulting value.)
  75 .PP
  76 If
  77 .I size
  78 is zero,
  79 .I list
  80 is not modified, but the total number of supplementary group IDs for the
  81 process is returned.
  82 This allows the caller to determine the size of a dynamically allocated
  83 .I list
  84 to be used in a further call to
  85 .BR getgroups ().
  86 .PP
  87 .BR setgroups ()
  88 sets the supplementary group IDs for the calling process.
  89 Appropriate privileges are required (see the description of the
  90 .BR EPERM
  91 error, below).
  92 The
  93 .I size
  94 argument specifies the number of supplementary group IDs
  95 in the buffer pointed to by
  96 .IR list .
  97 A process can drop all of its supplementary groups with the call:
  98 .PP
  99 .in +4n
 100 .EX
 101 setgroups(0, NULL);
 102 .EE
 103 .in
 104 .SH RETURN VALUE
 105 On success,
 106 .BR getgroups ()
 107 returns the number of supplementary group IDs.
 108 On error, \-1 is returned, and
 109 .I errno
 110 is set appropriately.
 111 .PP
 112 On success,
 113 .BR setgroups ()
 114 returns 0.
 115 On error, \-1 is returned, and
 116 .I errno
 117 is set appropriately.
 118 .SH ERRORS
 119 .TP
 120 .B EFAULT
 121 .I list
 122 has an invalid address.
 123 .PP
 124 .BR getgroups ()
 125 can additionally fail with the following error:
 126 .TP
 127 .B EINVAL
 128 .I size
 129 is less than the number of supplementary group IDs, but is not zero.
 130 .PP
 131 .BR setgroups ()
 132 can additionally fail with the following errors:
 133 .TP
 134 .B EINVAL
 135 .I size
 136 is greater than
 137 .B NGROUPS_MAX
 138 (32 before Linux 2.6.4; 65536 since Linux 2.6.4).
 139 .TP
 140 .B ENOMEM
 141 Out of memory.
 142 .TP
 143 .B EPERM
 144 The calling process has insufficient privilege
 145 (the caller does not have the
 146 .BR CAP_SETGID
 147 capability in the user namespace in which it resides).
 148 .TP
 149 .BR EPERM " (since Linux 3.19)"
 150 The use of
 151 .BR setgroups ()
 152 is denied in this user namespace.
 153 See the description of
 154 .IR /proc/[pid]/setgroups
 155 in
 156 .BR user_namespaces (7).
 157 .SH CONFORMING TO
 158 .BR getgroups ():
 159 SVr4, 4.3BSD, POSIX.1-2001, POSIX.1-2008.
 160 .PP
 161 .BR setgroups ():
 162 SVr4, 4.3BSD.
 163 Since
 164 .BR setgroups ()
 165 requires privilege, it is not covered by POSIX.1.
 166 .SH NOTES
 167 A process can have up to
 168 .B NGROUPS_MAX
 169 supplementary group IDs
 170 in addition to the effective group ID.
 171 The constant
 172 .B NGROUPS_MAX
 173 is defined in
 174 .IR <limits.h> .
 175 The set of supplementary group IDs
 176 is inherited from the parent process, and preserved across an
 177 .BR execve (2).
 178 .PP
 179 The maximum number of supplementary group IDs can be found at run time using
 180 .BR sysconf (3):
 181 .PP
 182 .in +4n
 183 .EX
 184 long ngroups_max;
 185 ngroups_max = sysconf(_SC_NGROUPS_MAX);
 186 .EE
 187 .in
 188 .PP
 189 The maximum return value of
 190 .BR getgroups ()
 191 cannot be larger than one more than this value.
 192 Since Linux 2.6.4, the maximum number of supplementary group IDs is also
 193 exposed via the Linux-specific read-only file,
 194 .IR /proc/sys/kernel/ngroups_max .
 195 .PP
 196 The original Linux
 197 .BR getgroups ()
 198 system call supported only 16-bit group IDs.
 199 Subsequently, Linux 2.4 added
 200 .BR getgroups32 (),
 201 supporting 32-bit IDs.
 202 The glibc
 203 .BR getgroups ()
 204 wrapper function transparently deals with the variation across kernel versions.
 205 .\"
 206 .SS C library/kernel differences
 207 At the kernel level, user IDs and group IDs are a per-thread attribute.
 208 However, POSIX requires that all threads in a process
 209 share the same credentials.
 210 The NPTL threading implementation handles the POSIX requirements by
 211 providing wrapper functions for
 212 the various system calls that change process UIDs and GIDs.
 213 These wrapper functions (including the one for
 214 .BR setgroups ())
 215 employ a signal-based technique to ensure
 216 that when one thread changes credentials,
 217 all of the other threads in the process also change their credentials.
 218 For details, see
 219 .BR nptl (7).
 220 .SH SEE ALSO
 221 .BR getgid (2),
 222 .BR setgid (2),
 223 .BR getgrouplist (3),
 224 .BR group_member (3),
 225 .BR initgroups (3),
 226 .BR capabilities (7),
 227 .BR credentials (7)