|
HTML rendering created 2024-06-26 by Michael Kerrisk, author of The Linux Programming Interface. For details of in-depth Linux/UNIX system programming training courses that I teach, look here. Hosting by jambit GmbH. |
|
|
NAME | LIBRARY | SYNOPSIS | DESCRIPTION | RETURN VALUE | ERRORS | VERSIONS | STANDARDS | HISTORY | SEE ALSO | COLOPHON |
|
|
|
seteuid(2) System Calls Manual seteuid(2)
seteuid, setegid - set effective user or group ID
Standard C library (libc, -lc)
#include <unistd.h>
int seteuid(uid_t euid);
int setegid(gid_t egid);
Feature Test Macro Requirements for glibc (see
feature_test_macros(7)):
seteuid(), setegid():
_POSIX_C_SOURCE >= 200112L
|| /* glibc <= 2.19: */ _BSD_SOURCE
seteuid() sets the effective user ID of the calling process.
Unprivileged processes may only set the effective user ID to the
real user ID, the effective user ID or the saved set-user-ID.
Precisely the same holds for setegid() with "group" instead of
"user".
On success, zero is returned. On error, -1 is returned, and
errno is set to indicate the error.
Note: there are cases where seteuid() can fail even when the
caller is UID 0; it is a grave security error to omit checking
for a failure return from seteuid().
EINVAL The target user or group ID is not valid in this user
namespace.
EPERM In the case of seteuid(): the calling process is not
privileged (does not have the CAP_SETUID capability in its
user namespace) and euid does not match the current real
user ID, current effective user ID, or current saved set-
user-ID.
In the case of setegid(): the calling process is not
privileged (does not have the CAP_SETGID capability in its
user namespace) and egid does not match the current real
group ID, current effective group ID, or current saved
set-group-ID.
Setting the effective user (group) ID to the saved set-user-ID
(saved set-group-ID) is possible since Linux 1.1.37 (1.1.38). On
an arbitrary system one should check _POSIX_SAVED_IDS.
Under glibc 2.0, seteuid(euid) is equivalent to setreuid(-1,
euid) and hence may change the saved set-user-ID. Under glibc
2.1 and later, it is equivalent to setresuid(-1, euid, -1) and
hence does not change the saved set-user-ID. Analogous remarks
hold for setegid(), with the difference that the change in
implementation from setregid(-1, egid) to setresgid(-1, egid, -1)
occurred in glibc 2.2 or 2.3 (depending on the hardware
architecture).
According to POSIX.1, seteuid() (setegid()) need not permit euid
(egid) to be the same value as the current effective user (group)
ID, and some implementations do not permit this.
C library/kernel differences
On Linux, seteuid() and setegid() are implemented as library
functions that call, respectively, setresuid(2) and setresgid(2).
POSIX.1-2008.
POSIX.1-2001, 4.3BSD.
geteuid(2), setresuid(2), setreuid(2), setuid(2),
capabilities(7), credentials(7), user_namespaces(7)
This page is part of the man-pages (Linux kernel and C library
user-space interface documentation) project. Information about
the project can be found at
⟨https://www.kernel.org/doc/man-pages/⟩. If you have a bug report
for this manual page, see
⟨https://git.kernel.org/pub/scm/docs/man-pages/man-pages.git/tree/CONTRIBUTING⟩.
This page was obtained from the tarball man-pages-6.9.1.tar.gz
fetched from
⟨https://mirrors.edge.kernel.org/pub/linux/docs/man-pages/⟩ on
2024-06-26. If you discover any rendering problems in this HTML
version of the page, or you believe there is a better or more up-
to-date source for the page, or you have corrections or
improvements to the information in this COLOPHON (which is not
part of the original manual page), send a mail to
man-pages@man7.org
Linux man-pages 6.9.1 2024-05-02 seteuid(2)
Pages that refer to this page: pmdaproc(1), setgid(2), setreuid(2), setuid(2), proc_sys_fs(5), credentials(7), nptl(7), pthreads(7)
|
HTML rendering created 2024-06-26 by Michael Kerrisk, author of The Linux Programming Interface. For details of in-depth Linux/UNIX system programming training courses that I teach, look here. Hosting by jambit GmbH. |
|