setuid(2)
setuid, setgid --
set user and group IDs
Synopsis
#include <sys/types.h>
#include <unistd.h>
int setuid(uid_t uid);
int setgid(gid_t gid);
Description
The setuid system call sets the real user ID,
effective user ID, and saved user
ID
of the calling process.
The setgid system call sets the real group ID,
effective group ID, and saved group ID of the calling process;
any supplementary group IDs remain unchanged.
At login time, the real user ID, effective user ID, and saved user ID
of the login process are set to the login ID of the user responsible
for the creation of the process.
The same is true for the real, effective, and saved group IDs;
they are set to the group ID of the user responsible for the
creation of the process.
When a process calls
exec(2)
to execute a file (program), the user
and/or group identifiers associated with the process can change:
-
The real user and group IDs are always set to the real
user and group IDs of the process calling exec.
-
The saved user and group IDs of the new process are always
set to the effective user and group IDs of the process
calling exec.
-
If the file executed is not a set-user-ID or set-group-ID
file, the effective user and group IDs of the new process are set to the
effective user and group IDs of the process calling exec.
-
If the file executed is a set-user-ID file, the effective user
ID of the new process is set to the owner ID of the executed file.
-
If the file executed is a set-group-ID file, the effective group
ID of the new process is set to the group ID of the executed file.
The following subsections describe the behavior of setuid and
setgid with respect to the three types of user and group IDs.
setuid
If the calling process has the
P_SETUID
privilege, the real, effective, and saved user IDs are set to the
uid parameter.
If the calling process does not have the
P_SETUID
privilege, but uid is either the real user ID or the saved user ID
of the calling process, the effective user ID
is set to uid.
setgid
If the calling process has the
P_SETUID
privilege, the real, effective, and saved group IDs are set to the
gid parameter.
If the calling process does not have the
P_SETUID
privilege,
but gid is either the real group ID or the saved group ID
of the calling process, the effective group ID is set to gid.
Return values
On success, setuid and setgid return 0.
On failure, setuid and setgid return -1 and set errno to identify the error.
Errors
In the following conditions, setuid and setgid fail and set errno to:
EPERM-
For setuid,
the calling process does not have the
P_SETUID
privilege and the uid parameter does not match either the real or saved
user IDs.
For setgid,
P_SETUID
privilege and the gid
parameter does not match either the real or saved group IDs.
EINVAL-
The uid or gid is out of range.
References
exec(2),
getgroups(2),
getuid(2),
intro(2),
stat(5)
Notices
Considerations for threads programming
This ID number is an attribute of the containing process
and is shared by sibling threads.
© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 25 April 2004