man2/setresuid.2

   1 .\" Copyright (C) 1997 Andries Brouwer (aeb@cwi.nl)
   2 .\" and Copyright (C) 2005, 2010, 2014, 2015, Michael Kerrisk <mtk.manpages@gmail.com>
   3 .\"
   4 .\" SPDX-License-Identifier: Linux-man-pages-copyleft
   5 .\"
   6 .\" Modified, 2003-05-26, Michael Kerrisk, <mtk.manpages@gmail.com>
   7 .TH SETRESUID 2 (date) "Linux man-pages (unreleased)"
   8 .SH NAME
   9 setresuid, setresgid \- set real, effective, and saved user or group ID
  10 .SH LIBRARY
  11 Standard C library
  12 .RI ( libc ", " \-lc )
  13 .SH SYNOPSIS
  14 .nf
  15 .BR "#define _GNU_SOURCE" "         /* See feature_test_macros(7) */"
  16 .B #include <unistd.h>
  17 .PP
  18 .BI "int setresuid(uid_t " ruid ", uid_t " euid ", uid_t " suid );
  19 .BI "int setresgid(gid_t " rgid ", gid_t " egid ", gid_t " sgid );
  20 .fi
  21 .SH DESCRIPTION
  22 .BR setresuid ()
  23 sets the real user ID, the effective user ID, and the
  24 saved set-user-ID of the calling process.
  25 .PP
  26 An unprivileged process may change its real UID,
  27 effective UID, and saved set-user-ID, each to one of:
  28 the current real UID, the current effective UID, or the
  29 current saved set-user-ID.
  30 .PP
  31 A privileged process (on Linux, one having the \fBCAP_SETUID\fP capability)
  32 may set its real UID, effective UID, and
  33 saved set-user-ID to arbitrary values.
  34 .PP
  35 If one of the arguments equals \-1, the corresponding value is not changed.
  36 .PP
  37 Regardless of what changes are made to the real UID, effective UID,
  38 and saved set-user-ID, the filesystem UID is always set to the same
  39 value as the (possibly new) effective UID.
  40 .PP
  41 Completely analogously,
  42 .BR setresgid ()
  43 sets the real GID, effective GID, and saved set-group-ID
  44 of the calling process (and always modifies the filesystem GID
  45 to be the same as the effective GID),
  46 with the same restrictions for unprivileged processes.
  47 .SH RETURN VALUE
  48 On success, zero is returned.
  49 On error, \-1 is returned, and
  50 .I errno
  51 is set to indicate the error.
  52 .PP
  53 .IR Note :
  54 there are cases where
  55 .BR setresuid ()
  56 can fail even when the caller is UID 0;
  57 it is a grave security error to omit checking for a failure return from
  58 .BR setresuid ().
  59 .SH ERRORS
  60 .TP
  61 .B EAGAIN
  62 The call would change the caller's real UID (i.e.,
  63 .I ruid
  64 does not match the caller's real UID),
  65 but there was a temporary failure allocating the
  66 necessary kernel data structures.
  67 .TP
  68 .B EAGAIN
  69 .I ruid
  70 does not match the caller's real UID and this call would
  71 bring the number of processes belonging to the real user ID
  72 .I ruid
  73 over the caller's
  74 .B RLIMIT_NPROC
  75 resource limit.
  76 Since Linux 3.1, this error case no longer occurs
  77 (but robust applications should check for this error);
  78 see the description of
  79 .B EAGAIN
  80 in
  81 .BR execve (2).
  82 .TP
  83 .B EINVAL
  84 One or more of the target user or group IDs
  85 is not valid in this user namespace.
  86 .TP
  87 .B EPERM
  88 The calling process is not privileged (did not have the necessary
  89 capability in its user namespace)
  90 and tried to change the IDs to values that are not permitted.
  91 For
  92 .BR setresuid (),
  93 the necessary capability is
  94 .BR CAP_SETUID ;
  95 for
  96 .BR setresgid (),
  97 it is
  98 .BR CAP_SETGID .
  99 .SH VERSIONS
 100 These calls are available under Linux since Linux 2.1.44.
 101 .SH STANDARDS
 102 These calls are nonstandard;
 103 they also appear on HP-UX and some of the BSDs.
 104 .SH NOTES
 105 Under HP-UX and FreeBSD, the prototype is found in
 106 .IR <unistd.h> .
 107 Under Linux, the prototype is provided by glibc since version 2.3.2.
 108 .PP
 109 The original Linux
 110 .BR setresuid ()
 111 and
 112 .BR setresgid ()
 113 system calls supported only 16-bit user and group IDs.
 114 Subsequently, Linux 2.4 added
 115 .BR setresuid32 ()
 116 and
 117 .BR setresgid32 (),
 118 supporting 32-bit IDs.
 119 The glibc
 120 .BR setresuid ()
 121 and
 122 .BR setresgid ()
 123 wrapper functions transparently deal with the variations across kernel versions.
 124 .\"
 125 .SS C library/kernel differences
 126 At the kernel level, user IDs and group IDs are a per-thread attribute.
 127 However, POSIX requires that all threads in a process
 128 share the same credentials.
 129 The NPTL threading implementation handles the POSIX requirements by
 130 providing wrapper functions for
 131 the various system calls that change process UIDs and GIDs.
 132 These wrapper functions (including those for
 133 .BR setresuid ()
 134 and
 135 .BR setresgid ())
 136 employ a signal-based technique to ensure
 137 that when one thread changes credentials,
 138 all of the other threads in the process also change their credentials.
 139 For details, see
 140 .BR nptl (7).
 141 .SH SEE ALSO
 142 .BR getresuid (2),
 143 .BR getuid (2),
 144 .BR setfsgid (2),
 145 .BR setfsuid (2),
 146 .BR setreuid (2),
 147 .BR setuid (2),
 148 .BR capabilities (7),
 149 .BR credentials (7),
 150 .BR user_namespaces (7)