summaryrefslogtreecommitdiffstats
path: root/man2/setuid.2
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-24 04:52:22 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-24 04:52:22 +0000
commit3d08cd331c1adcf0d917392f7e527b3f00511748 (patch)
tree312f0d1e1632f48862f044b8bb87e602dcffb5f9 /man2/setuid.2
parentAdding debian version 6.7-2. (diff)
downloadmanpages-3d08cd331c1adcf0d917392f7e527b3f00511748.tar.xz
manpages-3d08cd331c1adcf0d917392f7e527b3f00511748.zip
Merging upstream version 6.8.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'man2/setuid.2')
-rw-r--r--man2/setuid.2156
1 files changed, 0 insertions, 156 deletions
diff --git a/man2/setuid.2 b/man2/setuid.2
deleted file mode 100644
index e9a283e..0000000
--- a/man2/setuid.2
+++ /dev/null
@@ -1,156 +0,0 @@
-.\" Copyright (C), 1994, Graeme W. Wilford (Wilf).
-.\" and Copyright (C) 2010, 2014, 2015, Michael Kerrisk <mtk.manpages@gmail.com>
-.\"
-.\" SPDX-License-Identifier: Linux-man-pages-copyleft
-.\"
-.\" Fri Jul 29th 12:56:44 BST 1994 Wilf. <G.Wilford@ee.surrey.ac.uk>
-.\" Changes inspired by patch from Richard Kettlewell
-.\" <richard@greenend.org.uk>, aeb 970616.
-.\" Modified, 27 May 2004, Michael Kerrisk <mtk.manpages@gmail.com>
-.\" Added notes on capability requirements
-.TH setuid 2 2023-10-31 "Linux man-pages 6.7"
-.SH NAME
-setuid \- set user identity
-.SH LIBRARY
-Standard C library
-.RI ( libc ", " \-lc )
-.SH SYNOPSIS
-.nf
-.B #include <unistd.h>
-.P
-.BI "int setuid(uid_t " uid );
-.fi
-.SH DESCRIPTION
-.BR setuid ()
-sets the effective user ID of the calling process.
-If the calling process is privileged
-(more precisely: if the process has the
-.B CAP_SETUID
-capability in its user namespace),
-the real UID and saved set-user-ID are also set.
-.P
-Under Linux,
-.BR setuid ()
-is implemented like the POSIX version with the
-.B _POSIX_SAVED_IDS
-feature.
-This allows a set-user-ID (other than root) program to drop all of its user
-privileges, do some un-privileged work, and then reengage the original
-effective user ID in a secure manner.
-.P
-If the user is root or the program is set-user-ID-root, special care must be
-taken:
-.BR setuid ()
-checks the effective user ID of the caller and if it is
-the superuser, all process-related user ID's are set to
-.IR uid .
-After this has occurred, it is impossible for the program to regain root
-privileges.
-.P
-Thus, a set-user-ID-root program wishing to temporarily drop root
-privileges, assume the identity of an unprivileged user, and then regain
-root privileges afterward cannot use
-.BR setuid ().
-You can accomplish this with
-.BR seteuid (2).
-.SH RETURN VALUE
-On success, zero is returned.
-On error, \-1 is returned, and
-.I errno
-is set to indicate the error.
-.P
-.IR Note :
-there are cases where
-.BR setuid ()
-can fail even when the caller is UID 0;
-it is a grave security error to omit checking for a failure return from
-.BR setuid ().
-.SH ERRORS
-.TP
-.B EAGAIN
-The call would change the caller's real UID (i.e.,
-.I uid
-does not match the caller's real UID),
-but there was a temporary failure allocating the
-necessary kernel data structures.
-.TP
-.B EAGAIN
-.I uid
-does not match the real user ID of the caller and this call would
-bring the number of processes belonging to the real user ID
-.I uid
-over the caller's
-.B RLIMIT_NPROC
-resource limit.
-Since Linux 3.1, this error case no longer occurs
-(but robust applications should check for this error);
-see the description of
-.B EAGAIN
-in
-.BR execve (2).
-.TP
-.B EINVAL
-The user ID specified in
-.I uid
-is not valid in this user namespace.
-.TP
-.B EPERM
-The user is not privileged (Linux: does not have the
-.B CAP_SETUID
-capability in its user namespace) and
-.I uid
-does not match the real UID or saved set-user-ID of the calling process.
-.SH VERSIONS
-.SS C library/kernel differences
-At the kernel level, user IDs and group IDs are a per-thread attribute.
-However, POSIX requires that all threads in a process
-share the same credentials.
-The NPTL threading implementation handles the POSIX requirements by
-providing wrapper functions for
-the various system calls that change process UIDs and GIDs.
-These wrapper functions (including the one for
-.BR setuid ())
-employ a signal-based technique to ensure
-that when one thread changes credentials,
-all of the other threads in the process also change their credentials.
-For details, see
-.BR nptl (7).
-.SH STANDARDS
-POSIX.1-2008.
-.SH HISTORY
-POSIX.1-2001, SVr4.
-.P
-Not quite compatible with the 4.4BSD call, which
-sets all of the real, saved, and effective user IDs.
-.\" SVr4 documents an additional EINVAL error condition.
-.P
-The original Linux
-.BR setuid ()
-system call supported only 16-bit user IDs.
-Subsequently, Linux 2.4 added
-.BR setuid32 ()
-supporting 32-bit IDs.
-The glibc
-.BR setuid ()
-wrapper function transparently deals with the variation across kernel versions.
-.SH NOTES
-Linux has the concept of the filesystem user ID, normally equal to the
-effective user ID.
-The
-.BR setuid ()
-call also sets the filesystem user ID of the calling process.
-See
-.BR setfsuid (2).
-.P
-If
-.I uid
-is different from the old effective UID, the process will
-be forbidden from leaving core dumps.
-.SH SEE ALSO
-.BR getuid (2),
-.BR seteuid (2),
-.BR setfsuid (2),
-.BR setreuid (2),
-.BR capabilities (7),
-.BR credentials (7),
-.BR user_namespaces (7)