SETUID(2) | System Calls Manual | SETUID(2) |
setuid
, seteuid
,
setgid
, setegid
—
set user and group ID
Standard C Library (libc, -lc)
#include
<unistd.h>
int
setuid
(uid_t
uid);
int
seteuid
(uid_t
euid);
int
setgid
(gid_t
gid);
int
setegid
(gid_t
egid);
The
setuid
()
system call sets the real and effective user IDs and the saved set-user-ID
of the current process to the specified value. The
setuid
() system call is permitted if the specified
ID is equal to the real user ID or the effective user ID of the process, or
if the effective user ID is that of the super user.
The
setgid
()
system call sets the real and effective group IDs and the saved set-group-ID
of the current process to the specified value. The
setgid
() system call is permitted if the specified
ID is equal to the real group ID or the effective group ID of the process,
or if the effective user ID is that of the super user.
The
seteuid
()
system call
(setegid
())
sets the effective user ID (group ID) of the current process. The effective
user ID may be set to the value of the real user ID or the saved set-user-ID
(see intro(2) and execve(2)); in this
way, the effective user ID of a set-user-ID executable may be toggled by
switching to the real user ID, then re-enabled by reverting to the
set-user-ID value. Similarly, the effective group ID may be set to the value
of the real group ID or the saved set-group-ID.
Upon successful completion, the value 0 is returned; otherwise the value -1 is returned and the global variable errno is set to indicate the error.
The system calls will fail if:
EPERM
]getgid(2), getuid(2), issetugid(2), setregid(2), setreuid(2)
The setuid
() and
setgid
() system calls are compliant with the
IEEE Std 1003.1-1990 (“POSIX.1”)
specification with _POSIX_SAVED_IDS
not defined with
the permitted extensions from Appendix B.4.2.2. The
seteuid
() and setegid
()
system calls are extensions based on the POSIX concept of
_POSIX_SAVED_IDS
, and have been proposed for a
future revision of the standard.
The setuid
() function appeared in
Version 1 AT&T UNIX. The
setgid
() function appeared in
Version 4 AT&T UNIX.
Read and write permissions to files are determined upon a call to open(2). Once a file descriptor is open, dropping privilege does not affect the process's read/write permissions, even if the user ID specified has no read or write permissions to the file. These files normally remain open in any new process executed, resulting in a user being able to read or modify potentially sensitive data.
To prevent these files from remaining open after an exec(3) call, be sure to set the close-on-exec flag:
void pseudocode(void) { int fd; /* ... */ fd = open("/path/to/sensitive/data", O_RDWR | O_CLOEXEC); if (fd == -1) err(1, "open"); /* ... */ execve(path, argv, environ); }
December 15, 2015 | Debian |