NAME
setuid(), setgid() — set user and group IDs
SYNOPSIS
#include <unistd.h>
int setuid(uid_t uid);
int setgid(gid_t gid);
DESCRIPTION
setuid()
sets the real-user-ID
(ruid),
effective-user-ID
(euid),
and/or saved-user-ID
(suid)
of the calling process.
If the Security Containment product is installed, these interfaces treat a
process observing
CHSUBJIDENT
as a privileged process.
Otherwise, only processes with an
euid
of zero are treated as privileged processes.
See
privileges(5)
for more information on Security Containment and
fine-grained privileges.
The following conditions govern
setuid's
behavior:
If the process is privileged,
setuid()
sets the
ruid,
euid,
and
suid
to
uid.
If the process is not privileged
and the argument
uid
is equal to the
ruid
or the
suid,
setuid()
sets the
euid
to
uid;
the
ruid
and
suid
remain unchanged.
(If a set-user-ID
program is not running as
superuser,
it can change its
euid
to match its
ruid
and reset itself to the previous
euid
value.)
If the process is not privileged,
the argument
uid
is equal to the
euid,
and the calling process has the
PRIV_SETRUGID
privilege,
setuid()
sets the
ruid
to
uid;
the
euid
and
suid
remain unchanged.
setgid()
sets the real-group-ID
(rgid),
effective-group-ID
(egid),
and/or saved-group-ID
(sgid)
of the calling process.
The following conditions govern
setgid()'s
behavior:
If the process is privileged,
setgid()
sets the
rgid
and
egid
to
gid.
If the process is not privileged
and the argument
gid
is equal to the
rgid
or the
sgid,
setgid()
sets the
egid
to
gid;
the
rgid
and
sgid
remain unchanged.
If the process is not privileged,
the argument
gid
is equal to the
egid,
and the calling process has the
PRIV_SETRUGID
privilege,
setgid()
sets the
rgid
to
gid;
the
egid
and
sgid
remain unchanged.
Security Restrictions
Some or all of the actions associated with this system call require the
CHSUBJIDENT
privilege.
Processes owned by the superuser have this privilege.
Processes owned by other users may have this privilege, depending on system
configuration.
See
privileges(5)
for more information about privileged access on
systems that support fine-grained privileges.
RETURN VALUE
Upon successful completion,
setuid()
and
setgid()
return 0; otherwise, they return -1 and set
errno
to indicate the error.
ERRORS
setuid()
and
setgid()
fail and return -1 if any of the following conditions are encountered:
- EPERM
None of the conditions above are met.
- EINVAL
uid
(gid)
is not a valid user (group)
ID.
WARNINGS
It is recommended that the
PRIV_SETRUGID
capability be avoided, as it is provided for backward compatibility.
This feature may be modified or dropped from future
HP-UX
releases.
When changing the real user
ID
and real group
ID,
use of
setresuid()
and
setresgid()
(see
setresuid(2))
is recommended instead.
AUTHOR
setuid()
was developed by AT&T, the University of California, Berkeley,
and HP.
setgid()
was developed by AT&T.
STANDARDS CONFORMANCE
setuid(): AES, SVID2, SVID3, XPG2, XPG3, XPG4, FIPS 151-2, POSIX.1
setgid(): AES, SVID2, SVID3, XPG2, XPG3, XPG4, FIPS 151-2, POSIX.1