NAME | SYNOPSIS | DESCRIPTION | RETURN VALUES | ERRORS | ATTRIBUTES | SUMMARY OF TRUSTED SOLARIS CHANGES | SEE ALSO
#include <sys/types.h> #include <unistd.h>int setuid(uid_t uid);
The setuid() function sets the real user ID, effective user ID, and saved user ID of the calling process. The setgid() function sets the real group ID, effective group ID, and saved group ID of the calling process. The setegid() and seteuid() functions set the effective group and user IDs respectively for the calling process. See intro(2) for more information on real, effective, and saved user and group IDs.
Privilege-unaware programs change their UIDs either to gain or give up rights associated with the new UID. To simulate that action in a privilege-based system rather than a UID-based system, the effective and saved privilege sets are modified across setuid calls according to the following algorithm:
if ((old_uid == start_uid) && (new_uid != start_uid)) { saved_privileges = effective_privileges; effective_privileges = empty; } else if ((old_uid != start_uid) && (new_uid == start_uid)) { effective_privileges = saved_privileges; }
Since set UID programs may not be aware of privileges, their privilege bracketing (their use of UID changes to obtain or give up rights) is tracked in the privilege sets. When a set UID program changes from its saved UID ID to the calling user ID, it gives up its privilege. When it changes back to the saved UID ID, it regains privilege.
At login time, the real user ID, effective user ID, and saved user ID of the login process are set to the login ID of the user responsible for the creation of the process. The same is true for the real, effective, and saved group IDs; they are set to the group ID of the user responsible for the creation of the process.
When a process calls one of the exec family of functions (see exec(2) ) to execute a file (program), the user and/or group identifiers associated with the process can change. If the file executed is a set-user-ID file, the effective and saved user IDs of the process are set to the owner of the file executed. If the file executed is a set-group-ID file, the effective and saved group IDs of the process are set to the group of the file executed. If the file executed is not a set-user-ID or set-group-ID file, the effective user ID, saved user ID, effective group ID, and saved group ID are not changed.
If the process calling setuid() has the PRIV_PROC_SETID
privilege, the real, effective, and saved user IDs are set to the uid parameter.
If the process calling setuid() does not have the PRIV_PROC_SETID
privilege, but uid is either the real user ID or the saved user ID of the calling process, the effective user ID is set to uid.
If the new user ID differs from the initial user ID under which this program began execution, the saved privilege set is replaced by the effective privilege set, and the effective privilege set is cleared.
If the process calling setgid() has the PRIV_PROC_SETID
privilege, the real, effective, and saved group IDs are set to the gid parameter.
If the process calling setgid() does not have the PRIV_PROC_SETID
privilege, but gid is either the real group ID or the saved group ID of the calling process, the effective group ID is set to gid.
The setuid() and setgid() functions will fail if:
The value of uid or gid is out of range.
For setuid() and seteuid(), the calling process does not have PRIV_PROC_SETID
in its effective set of privileges, and the uid parameter does not match either the real or saved user IDs.
For setgid() and setegid(), the calling process does not have PRIV_PROC_SETID
in its effective set of privileges, and the gid parameter does not match either the real or the saved group ID.
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
---|---|
MT-Level | setuid() and setgid() are Async-Signal-Safe |
The Trusted Solaris environment replaces the checks of super-user in the Solaris environment with a check for PRIV_PROC_SETID
.
NAME | SYNOPSIS | DESCRIPTION | RETURN VALUES | ERRORS | ATTRIBUTES | SUMMARY OF TRUSTED SOLARIS CHANGES | SEE ALSO