setgid(2)

NAME | SYNOPSIS | DESCRIPTION | RETURN VALUES | ERRORS | ATTRIBUTES | SUMMARY OF TRUSTED SOLARIS CHANGES | SEE ALSO

NAME

setuid, setegid, seteuid, setgid- Set user and group IDs

SYNOPSIS

#include <sys/types.h>
#include <unistd.h>

int setuid(uid_t uid);
int setegid(gid_t egid);
int seteuid(uid_t euid);
int setgid(gid_t gid);

DESCRIPTION

The setuid() function sets the real user ID , effective user ID , and saved user ID of the calling process. The setgid() function sets the real group ID , effective group ID , and saved group ID of the calling process. The setegid() and seteuid() functions set the effective group and user ID s respectively for the calling process. See intro(2) for more information on real, effective, and saved user and group ID s.

At login time, the real user ID , effective user ID , and saved user ID of the login process are set to the login ID of the user responsible for the creation of the process. The same is true for the real, effective, and saved group ID s; they are set to the group ID of the user responsible for the creation of the process.

When a process calls one of the exec family of functions (see exec(2) ) to execute a file (program), the user and/or group identifiers associated with the process can change. If the file executed is a set-user- ID file, the effective and saved user ID s of the process are set to the owner of the file executed. If the file executed is a set-group- ID file, the effective and saved group ID s of the process are set to the group of the file executed. If the file executed is not a set-user- ID or set-group- ID file, the effective user ID , saved user ID , effective group ID , and saved group ID are not changed.

If the process calling setuid() has the PRIV_PROC_SETID privilege, the real, effective, and saved user IDs are set to the uid parameter.

If the process calling setuid() does not have the PRIV_PROC_SETID privilege, but uid is either the real user ID or the saved user ID of the calling process, the effective user ID is set to uid .

If the new user ID differs from the initial user ID under which this program began execution, the saved privilege set is replaced by the effective privilege set; and the effective privilege set is cleared.

If the process calling setgid() has the PRIV_PROC_SETID privilege, the real, effective, and saved group ID s are set to the gid parameter.

If the process calling setgid() does not have the PRIV_PROC_SETID privilege, but gid is either the real group ID or the saved group ID of the calling process, the effective group ID is set to gid .

RETURN VALUES

setuid() returns:

0

On success.

-1

On failure, and sets errno to indicate the error.

ERRORS

The setuid() and setgid() functions will fail if:

EINVAL

The value of uid or gid is out of range.

EPERM

For setuid() and seteuid() , the calling process does not have PRIV_PROC_SETID in its effective set of privileges, and the uid parameter does not match either the real or saved user ID s.

For setgid() and setegid() , the calling process does not have PRIV_PROC_SETID in its effective set of privileges, and the gid parameter does not match either the real or the saved group ID .

ATTRIBUTES

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
MT-Level	setuid() and setgid() are Async-Signal-Safe

SUMMARY OF TRUSTED SOLARIS CHANGES

The Trusted Solaris environment replaces the checks of super-user in the Solaris environment with a check for PRIV_PROC_SETID .

SEE ALSO

Trusted Solaris 8 Reference Manual

intro(2) , exec(2) , getgroups(2)

SunOS 5.8 Reference Manual

getuid(2) , attributes(5) , stat(5)

Trusted Solaris 8  Last Revised 28 Dec 1996

NAME | SYNOPSIS | DESCRIPTION | RETURN VALUES | ERRORS | ATTRIBUTES | SUMMARY OF TRUSTED SOLARIS CHANGES | SEE ALSO