setuid(2SRM)
NAME | ADDENDUM | ATTRIBUTES | SEE ALSO | WARNINGS | NOTES
NAME
- setuid, setegid, seteuid, setgid- set user and group IDs
ADDENDUM
If the Solaris Resource Manager software is installed and enabled, then the setuid(2SRM) system call, in addition to its standard function, also attaches the calling process to the lnode associated with its new real UID. The attachment is only performed if setuid is successful and the calling process's real UID is changed; otherwise the calling process remains attached to its original lnode.
If no lnode with the new real UID exists, then the calling process is instead attached to the system's srmlost lnode. The srmlost lnode is nominated at system startup and is typically an otherwise unused lnode, reserved specifically for this purpose. To avoid security breaches, the srmlost lnode usually has moderate resource limits, a small CPU share, and no special privileges.
If no srmlost lnode is ever nominated, or attachment to it fails, then the calling process remains attached to its original lnode.
The standard semantics of setuid are not affected by this new functionality: none of the above mentioned failures will cause setuid to fail or return an error. Instead, whenever setuid fails to attach a process to the specified lnode, a message is logged on the console to alert the system administrator.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
| Architecture | SPARC |
| Availability | SUNWsrmr |
SEE ALSO
setuid(2), srm(5SRM)
Solaris Resource Manager 1.3 System Administration Guide
WARNINGS
In the event of failure to attach to the specified lnode or the srmlost lnode, the process remains attached to its original lnode. This is a potential security breach, because the original lnode may possess privileges that should have been denied by the new lnode, and resource usage following the setuid will still be charged to the original lnode.
It is the responsibility of the system administrator to ensure that lnodes exist for all users.
NOTES
This man page is applicable to SunOS 5.6, SunOS 5.7, and SunOS 5.8.
- © 2010, Oracle Corporation and/or its affiliates