setuidseteuidsetgidsetegid
- set user and group ID
LIBRARY
Lb libc
SYNOPSIS
#include <sys/types.h>
#include <unistd.h> int
setuid (uid_t uid); int
seteuid (uid_t euid); int
setgid (gid_t gid); int
setegid (gid_t egid);
DESCRIPTION
The
setuid ();
system call
sets the real and effective
user IDs and the saved set-user-ID of the current process
to the specified value.
The
setuid ();
system call is permitted if the specified ID is equal to the real user ID
or the effective user ID
of the process, or if the effective user ID is that of the super user.
The
setgid ();
system call
sets the real and effective
group IDs and the saved set-group-ID of the current process
to the specified value.
The
setgid ();
system call is permitted if the specified ID is equal to the real group ID
or the effective group ID
of the process, or if the effective user ID is that of the super user.
The
seteuid ();
system call
(Fn setegid
)
sets the effective user ID (group ID) of the
current process.
The effective user ID may be set to the value
of the real user ID or the saved set-user-ID (see
intro(2)
and
execve(2));
in this way, the effective user ID of a set-user-ID executable
may be toggled by switching to the real user ID, then re-enabled
by reverting to the set-user-ID value.
Similarly, the effective group ID may be set to the value
of the real group ID or the saved set-group-ID.
RETURN VALUES
Rv -std
ERRORS
The system calls will fail if:
Bq Er EPERM
The user is not the super user and the ID
specified is not the real, effective ID, or saved ID.
SECURITY CONSIDERATIONS
Read and write permissions to files are determined upon a call to
open(2).
Once a file descriptor is open, dropping privilege does not affect
the process's read/write permissions, even if the user ID specified
has no read or write permissions to the file.
These files normally remain open in any new process executed,
resulting in a user being able to read or modify
potentially sensitive data.
To prevent these files from remaining open after an
exec(3)
call, be sure to set the close-on-exec flag is set:
void
pseudocode(void)
{
int fd;
/* ... */
fd = open("/path/to/sensitive/data", O_RDWR);
if (fd == -1)
err(1, "open");
/*
* Set close-on-exec flag; see fcntl(2) for more information.
*/
if (fcntl(fd, F_SETFD, FD_CLOEXEC) == -1)
err(1, "fcntl(F_SETFD)");
/* ... */
execve(path, argv, environ);
}
The
setuid ();
and
setgid ();
system calls are compliant with the
St -p1003.1-90
specification with
_POSIX_SAVED_IDS
not
defined with the permitted extensions from Appendix B.4.2.2.
The
seteuid ();
and
setegid ();
system calls are extensions based on the
POSIX
concept of
_POSIX_SAVED_IDS
and have been proposed for a future revision of the standard.
HISTORY
The
setuid ();
and
setgid ();
functions appeared in
AT&T System
v7 .
