summaryrefslogtreecommitdiffstats
path: root/man7/credentials.7
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-15 19:41:07 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-15 19:41:07 +0000
commit3af6d22bb3850ab2bac67287e3a3d3b0e32868e5 (patch)
tree3ee7a3ec64525911fa865bb984c86d997d855527 /man7/credentials.7
parentAdding debian version 6.05.01-1. (diff)
downloadmanpages-3af6d22bb3850ab2bac67287e3a3d3b0e32868e5.tar.xz
manpages-3af6d22bb3850ab2bac67287e3a3d3b0e32868e5.zip
Merging upstream version 6.7.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'man7/credentials.7')
-rw-r--r--man7/credentials.749
1 files changed, 27 insertions, 22 deletions
diff --git a/man7/credentials.7 b/man7/credentials.7
index 653e7a3..ddade68 100644
--- a/man7/credentials.7
+++ b/man7/credentials.7
@@ -4,7 +4,7 @@
.\"
.\" 2007-06-13 Creation
.\"
-.TH credentials 7 2023-03-30 "Linux man-pages 6.05.01"
+.TH credentials 7 2023-11-19 "Linux man-pages 6.7"
.SH NAME
credentials \- process identifiers
.SH DESCRIPTION
@@ -18,7 +18,7 @@ A PID is represented using the type
.I pid_t
(defined in
.IR <sys/types.h> ).
-.PP
+.P
PIDs are used in a range of system calls to identify the process
affected by the call, for example:
.BR kill (2),
@@ -39,7 +39,7 @@ and
.BR waitpid (2).
.\" .BR waitid (2),
.\" .BR wait4 (2),
-.PP
+.P
A process's PID is preserved across an
.BR execve (2).
.SS Parent process ID (PPID)
@@ -50,7 +50,7 @@ A process can obtain its PPID using
.BR getppid (2).
A PPID is represented using the type
.IR pid_t .
-.PP
+.P
A process's PPID is preserved across an
.BR execve (2).
.SS Process group ID and session ID
@@ -61,13 +61,13 @@ A process can obtain its session ID using
.BR getsid (2),
and its process group ID using
.BR getpgrp (2).
-.PP
+.P
A child created by
.BR fork (2)
inherits its parent's session ID and process group ID.
A process's session ID and process group ID are preserved across an
.BR execve (2).
-.PP
+.P
Sessions and process groups are abstractions devised to support shell
job control.
A process group (sometimes called a "job") is a collection of
@@ -80,7 +80,7 @@ A process's group membership can be set using
.BR setpgid (2).
The process whose process ID is the same as its process group ID is the
\fIprocess group leader\fP for that group.
-.PP
+.P
A session is a collection of processes that share the same session ID.
All of the members of a process group also have the same session ID
(i.e., all of the members of a process group always belong to the
@@ -92,7 +92,7 @@ which creates a new session whose session ID is the same
as the PID of the process that called
.BR setsid (2).
The creator of the session is called the \fIsession leader\fP.
-.PP
+.P
All of the processes in a session share a
.IR "controlling terminal" .
The controlling terminal is established when the session leader
@@ -101,7 +101,7 @@ first opens a terminal (unless the
flag is specified when calling
.BR open (2)).
A terminal may be the controlling terminal of at most one session.
-.PP
+.P
At most one of the jobs in a session may be the
.IR "foreground job" ;
other jobs in the session are
@@ -123,7 +123,7 @@ When terminal keys that generate a signal (such as the
.I interrupt
key, normally control-C)
are pressed, the signal is sent to the processes in the foreground job.
-.PP
+.P
Various system calls and library functions
may operate on all members of a process group,
including
@@ -152,7 +152,7 @@ and
.I gid_t
(defined in
.IR <sys/types.h> ).
-.PP
+.P
On Linux, each process has the following user and group identifiers:
.IP \[bu] 3
Real user ID and real group ID.
@@ -228,7 +228,7 @@ of which a process may be a member.
.\" As at 2.6.22-rc2, this file is still read-only.
A process can obtain its set of supplementary group IDs using
.BR getgroups (2).
-.PP
+.P
A child process created by
.BR fork (2)
inherits copies of its parent's user and groups IDs.
@@ -238,7 +238,7 @@ a process's real user and group ID and supplementary
group IDs are preserved;
the effective and saved set IDs may be changed, as described in
.BR execve (2).
-.PP
+.P
Aside from the purposes noted above,
a process's user IDs are also employed in a number of other contexts:
.IP \[bu] 3
@@ -267,33 +267,38 @@ that the process may create (see
Subject to rules described in the relevant manual pages,
a process can use the following APIs to modify its user and group IDs:
.TP
-.BR setuid "(2) (" setgid (2))
+.BR setuid (2)\~(\c
+.BR setgid (2))
Modify the process's real (and possibly effective and saved-set)
user (group) IDs.
.TP
-.BR seteuid "(2) (" setegid (2))
+.BR seteuid (2)\~(\c
+.BR setegid (2))
Modify the process's effective user (group) ID.
.TP
-.BR setfsuid "(2) (" setfsgid (2))
+.BR setfsuid (2)\~(\c
+.BR setfsgid (2))
Modify the process's filesystem user (group) ID.
.TP
-.BR setreuid "(2) (" setregid (2))
+.BR setreuid (2)\~(\c
+.BR setregid (2))
Modify the process's real and effective (and possibly saved-set)
user (group) IDs.
.TP
-.BR setresuid "(2) (" setresgid (2))
+.BR setresuid (2)\~(\c
+.BR setresgid (2))
Modify the process's real, effective, and saved-set user (group) IDs.
.TP
.BR setgroups (2)
Modify the process's supplementary group list.
-.PP
+.P
Any changes to a process's effective user (group) ID
are automatically carried over to the process's
filesystem user (group) ID.
Changes to a process's effective user or group ID can also affect the
process "dumpable" attribute, as described in
.BR prctl (2).
-.PP
+.P
Changes to process user and group IDs can affect the capabilities
of the process, as described in
.BR capabilities (7).
@@ -302,7 +307,7 @@ Process IDs, parent process IDs, process group IDs, and session IDs
are specified in POSIX.1.
The real, effective, and saved set user and groups IDs,
and the supplementary group IDs, are specified in POSIX.1.
-.PP
+.P
The filesystem user and group IDs are a Linux extension.
.SH NOTES
Various fields in the
@@ -311,7 +316,7 @@ file show the process credentials described above.
See
.BR proc (5)
for further information.
-.PP
+.P
The POSIX threads specification requires that
credentials are shared by all of the threads in a process.
However, at the kernel level, Linux maintains separate user and group