summaryrefslogtreecommitdiffstats
path: root/man2/seteuid.2
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--man2/seteuid.2134
1 files changed, 134 insertions, 0 deletions
diff --git a/man2/seteuid.2 b/man2/seteuid.2
new file mode 100644
index 0000000..0c47f6a
--- /dev/null
+++ b/man2/seteuid.2
@@ -0,0 +1,134 @@
+.\" Copyright (C) 2001 Andries Brouwer (aeb@cwi.nl)
+.\"
+.\" SPDX-License-Identifier: Linux-man-pages-copyleft
+.\"
+.\" [should really be seteuid.3]
+.\" Modified, 27 May 2004, Michael Kerrisk <mtk.manpages@gmail.com>
+.\" Added notes on capability requirements
+.\"
+.TH seteuid 2 2023-03-30 "Linux man-pages 6.05.01"
+.SH NAME
+seteuid, setegid \- set effective user or group ID
+.SH LIBRARY
+Standard C library
+.RI ( libc ", " \-lc )
+.SH SYNOPSIS
+.nf
+.B #include <unistd.h>
+.PP
+.BI "int seteuid(uid_t " euid );
+.BI "int setegid(gid_t " egid );
+.fi
+.PP
+.RS -4
+Feature Test Macro Requirements for glibc (see
+.BR feature_test_macros (7)):
+.RE
+.PP
+.BR seteuid (),
+.BR setegid ():
+.nf
+ _POSIX_C_SOURCE >= 200112L
+ || /* glibc <= 2.19: */ _BSD_SOURCE
+.fi
+.SH DESCRIPTION
+.BR seteuid ()
+sets the effective user ID of the calling process.
+Unprivileged processes may only set the effective user ID to the
+real user ID, the effective user ID or the saved set-user-ID.
+.PP
+Precisely the same holds for
+.BR setegid ()
+with "group" instead of "user".
+.\" When
+.\" .I euid
+.\" equals \-1, nothing is changed.
+.\" (This is an artifact of the implementation in glibc of seteuid()
+.\" using setresuid(2).)
+.SH RETURN VALUE
+On success, zero is returned.
+On error, \-1 is returned, and
+.I errno
+is set to indicate the error.
+.PP
+.IR Note :
+there are cases where
+.BR seteuid ()
+can fail even when the caller is UID 0;
+it is a grave security error to omit checking for a failure return from
+.BR seteuid ().
+.SH ERRORS
+.TP
+.B EINVAL
+The target user or group ID is not valid in this user namespace.
+.TP
+.B EPERM
+In the case of
+.BR seteuid ():
+the calling process is not privileged (does not have the
+.B CAP_SETUID
+capability in its user namespace) and
+.I euid
+does not match the current real user ID, current effective user ID,
+or current saved set-user-ID.
+.IP
+In the case of
+.BR setegid ():
+the calling process is not privileged (does not have the
+.B CAP_SETGID
+capability in its user namespace) and
+.I egid
+does not match the current real group ID, current effective group ID,
+or current saved set-group-ID.
+.SH VERSIONS
+Setting the effective user (group) ID to the
+saved set-user-ID (saved set-group-ID) is
+possible since Linux 1.1.37 (1.1.38).
+On an arbitrary system one should check
+.BR _POSIX_SAVED_IDS .
+.PP
+Under glibc 2.0,
+.BI seteuid( euid )
+is equivalent to
+.BI setreuid(\-1, " euid" )
+and hence may change the saved set-user-ID.
+Under glibc 2.1 and later, it is equivalent to
+.BI setresuid(\-1, " euid" ", \-1)"
+and hence does not change the saved set-user-ID.
+Analogous remarks hold for
+.BR setegid (),
+with the difference that the change in implementation from
+.BI setregid(\-1, " egid" )
+to
+.BI setresgid(\-1, " egid" ", \-1)"
+occurred in glibc 2.2 or 2.3 (depending on the hardware architecture).
+.PP
+According to POSIX.1,
+.BR seteuid ()
+.RB ( setegid ())
+need not permit
+.I euid
+.RI ( egid )
+to be the same value as the current effective user (group) ID,
+and some implementations do not permit this.
+.SS C library/kernel differences
+On Linux,
+.BR seteuid ()
+and
+.BR setegid ()
+are implemented as library functions that call, respectively,
+.BR setreuid (2)
+and
+.BR setregid (2).
+.SH STANDARDS
+POSIX.1-2008.
+.SH HISTORY
+POSIX.1-2001, 4.3BSD.
+.SH SEE ALSO
+.BR geteuid (2),
+.BR setresuid (2),
+.BR setreuid (2),
+.BR setuid (2),
+.BR capabilities (7),
+.BR credentials (7),
+.BR user_namespaces (7)