setreuid, setregid — set real and/or effective user or group ID
#include <sys/types.h> #include <unistd.h>
int
setreuid( |
uid_t ruid, |
uid_t euid) ; |
int
setregid( |
gid_t rgid, |
gid_t egid) ; |
Note | |||||
---|---|---|---|---|---|
|
setreuid
() sets real and
effective user IDs of the calling process.
Supplying a value of −1 for either the real or effective user ID forces the system to leave that ID unchanged.
Unprivileged processes may only set the effective user ID to the real user ID, the effective user ID, or the saved set-user-ID.
Unprivileged users may only set the real user ID to the real user ID or the effective user ID.
If the real user ID is set (i.e., ruid
is not −1) or the
effective user ID is set to a value not equal to the previous
real user ID, the saved set-user-ID will be set to the new
effective user ID.
Completely analogously, setregid
() sets real and effective group
ID's of the calling process, and all of the above holds with
"group" instead of "user".
On success, zero is returned. On error, −1 is
returned, and errno
is set
appropriately.
Note | |
---|---|
there are cases where |
The call would change the caller's real UID (i.e.,
ruid
does not
match the caller's real UID), but there was a temporary
failure allocating the necessary kernel data
structures.
ruid
does
not match the caller's real UID and this call would
bring the number of processes belonging to the real
user ID ruid
over the caller's RLIMIT_NPROC
resource limit. Since
Linux 3.1, this error case no longer occurs (but robust
applications should check for this error); see the
description of EAGAIN in
execve(2).
One or more of the target user or group IDs is not valid in this user namespace.
The calling process is not privileged (Linux: does
not have the CAP_SETUID
capability in the case of setreuid
(), or the CAP_SETGID
capability in the case of
setregid
()) and a change
other than (i) swapping the effective user (group) ID
with the real user (group) ID, or (ii) setting one to
the value of the other or (iii) setting the effective
user (group) ID to the value of the saved set-user-ID
(saved set-group-ID) was specified.
POSIX.1-2001, POSIX.1-2008, 4.3BSD (setreuid
() and setregid
() first appeared in 4.2BSD).
Setting the effective user (group) ID to the saved set-user-ID (saved set-group-ID) is possible since Linux 1.1.37 (1.1.38).
POSIX.1 does not specify all of the UID changes that Linux
permits for an unprivileged process. For setreuid
(), the effective user ID can be
made the same as the real user ID or the saved set-user-ID,
and it is unspecified whether unprivileged processes may set
the real user ID to the real user ID, the effective user ID,
or the saved set-user-ID. For setregid
(), the real group ID can be
changed to the value of the saved set-group-ID, and the
effective group ID can be changed to the value of the real
group ID or the saved set-group-ID. The precise details of
what ID changes are permitted vary across
implementations.
POSIX.1 makes no specification about the effect of these calls on the saved set-user-ID and saved set-group-ID.
The original Linux setreuid
() and setregid
() system calls supported only
16-bit user and group IDs. Subsequently, Linux 2.4 added
setreuid32
() and setregid32
(), supporting 32-bit IDs. The
glibc setreuid
() and
setregid
() wrapper functions
transparently deal with the variations across kernel
versions.
At the kernel level, user IDs and group IDs are a
per-thread attribute. However, POSIX requires that all
threads in a process share the same credentials. The NPTL
threading implementation handles the POSIX requirements by
providing wrapper functions for the various system calls
that change process UIDs and GIDs. These wrapper functions
(including those for setreuid
() and setregid
()) employ a signal-based
technique to ensure that when one thread changes
credentials, all of the other threads in the process also
change their credentials. For details, see nptl(7).
getgid(2), getuid(2), seteuid(2), setgid(2), setresuid(2), setuid(2), capabilities(7), credentials(7), user_namespaces(7)
This page is part of release 4.07 of the Linux man-pages
project. A
description of the project, information about reporting bugs,
and the latest version of this page, can be found at
https://www.kernel.org/doc/man−pages/.
Copyright (c) 1983, 1991 The Regents of the University of California. and Copyright (C) 2009, 2010, 2014, 2015, Michael Kerrisk <mtk.manpagesgmail.com> All rights reserved. %%%LICENSE_START(BSD_4_CLAUSE_UCB) Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. All advertising materials mentioning features or use of this software must display the following acknowledgement: This product includes software developed by the University of California, Berkeley and its contributors. 4. Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. %%%LICENSE_END (#)setregid.2 6.4 (Berkeley) 3/10/91 Modified Sat Jul 24 09:08:49 1993 by Rik Faith <faithcs.unc.edu> Portions extracted from linux/kernel/sys.c: Copyright (C) 1991, 1992 Linus Torvalds May be distributed under the GNU General Public License Changes: 1994-07-29 by Wilf <G.Wilfordee.surrey.ac.uk> 1994-08-02 by Wilf due to change in kernel. 2004-07-04 by aeb 2004-05-27 by Michael Kerrisk |