summaryrefslogtreecommitdiffstats
path: root/man2/setgid.2
diff options
context:
space:
mode:
Diffstat (limited to 'man2/setgid.2')
-rw-r--r--man2/setgid.292
1 files changed, 92 insertions, 0 deletions
diff --git a/man2/setgid.2 b/man2/setgid.2
new file mode 100644
index 0000000..f618887
--- /dev/null
+++ b/man2/setgid.2
@@ -0,0 +1,92 @@
+.\" Copyright (C), 1994, Graeme W. Wilford. (Wilf.)
+.\" and Copyright (C) 2010, 2015, Michael Kerrisk <mtk.manpages@gmail.com>
+.\"
+.\" SPDX-License-Identifier: Linux-man-pages-copyleft
+.\"
+.\" Fri Jul 29th 12:56:44 BST 1994 Wilf. <G.Wilford@ee.surrey.ac.uk>
+.\" Modified 1997-01-31 by Eric S. Raymond <esr@thyrsus.com>
+.\" Modified 2002-03-09 by aeb
+.\"
+.TH setgid 2 2023-03-30 "Linux man-pages 6.05.01"
+.SH NAME
+setgid \- set group identity
+.SH LIBRARY
+Standard C library
+.RI ( libc ", " \-lc )
+.SH SYNOPSIS
+.nf
+.B #include <unistd.h>
+.PP
+.BI "int setgid(gid_t " gid );
+.fi
+.SH DESCRIPTION
+.BR setgid ()
+sets the effective group ID of the calling process.
+If the calling process is privileged (more precisely: has the
+.B CAP_SETGID
+capability in its user namespace),
+the real GID and saved set-group-ID are also set.
+.PP
+Under Linux,
+.BR setgid ()
+is implemented like the POSIX version with the
+.B _POSIX_SAVED_IDS
+feature.
+This allows a set-group-ID program that is not set-user-ID-root
+to drop all of its group
+privileges, do some un-privileged work, and then reengage the original
+effective group ID in a secure manner.
+.SH RETURN VALUE
+On success, zero is returned.
+On error, \-1 is returned, and
+.I errno
+is set to indicate the error.
+.SH ERRORS
+.TP
+.B EINVAL
+The group ID specified in
+.I gid
+is not valid in this user namespace.
+.TP
+.B EPERM
+The calling process is not privileged (does not have the
+\fBCAP_SETGID\fP capability in its user namespace), and
+.I gid
+does not match the real group ID or saved set-group-ID of
+the calling process.
+.SH VERSIONS
+.SS C library/kernel differences
+At the kernel level, user IDs and group IDs are a per-thread attribute.
+However, POSIX requires that all threads in a process
+share the same credentials.
+The NPTL threading implementation handles the POSIX requirements by
+providing wrapper functions for
+the various system calls that change process UIDs and GIDs.
+These wrapper functions (including the one for
+.BR setgid ())
+employ a signal-based technique to ensure
+that when one thread changes credentials,
+all of the other threads in the process also change their credentials.
+For details, see
+.BR nptl (7).
+.SH STANDARDS
+POSIX.1-2008.
+.SH HISTORY
+POSIX.1-2001, SVr4.
+.PP
+The original Linux
+.BR setgid ()
+system call supported only 16-bit group IDs.
+Subsequently, Linux 2.4 added
+.BR setgid32 ()
+supporting 32-bit IDs.
+The glibc
+.BR setgid ()
+wrapper function transparently deals with the variation across kernel versions.
+.SH SEE ALSO
+.BR getgid (2),
+.BR setegid (2),
+.BR setregid (2),
+.BR capabilities (7),
+.BR credentials (7),
+.BR user_namespaces (7)