diff options
Diffstat (limited to 'man2/setgid.2')
-rw-r--r-- | man2/setgid.2 | 92 |
1 files changed, 92 insertions, 0 deletions
diff --git a/man2/setgid.2 b/man2/setgid.2 new file mode 100644 index 0000000..f618887 --- /dev/null +++ b/man2/setgid.2 @@ -0,0 +1,92 @@ +.\" Copyright (C), 1994, Graeme W. Wilford. (Wilf.) +.\" and Copyright (C) 2010, 2015, Michael Kerrisk <mtk.manpages@gmail.com> +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.\" Fri Jul 29th 12:56:44 BST 1994 Wilf. <G.Wilford@ee.surrey.ac.uk> +.\" Modified 1997-01-31 by Eric S. Raymond <esr@thyrsus.com> +.\" Modified 2002-03-09 by aeb +.\" +.TH setgid 2 2023-03-30 "Linux man-pages 6.05.01" +.SH NAME +setgid \- set group identity +.SH LIBRARY +Standard C library +.RI ( libc ", " \-lc ) +.SH SYNOPSIS +.nf +.B #include <unistd.h> +.PP +.BI "int setgid(gid_t " gid ); +.fi +.SH DESCRIPTION +.BR setgid () +sets the effective group ID of the calling process. +If the calling process is privileged (more precisely: has the +.B CAP_SETGID +capability in its user namespace), +the real GID and saved set-group-ID are also set. +.PP +Under Linux, +.BR setgid () +is implemented like the POSIX version with the +.B _POSIX_SAVED_IDS +feature. +This allows a set-group-ID program that is not set-user-ID-root +to drop all of its group +privileges, do some un-privileged work, and then reengage the original +effective group ID in a secure manner. +.SH RETURN VALUE +On success, zero is returned. +On error, \-1 is returned, and +.I errno +is set to indicate the error. +.SH ERRORS +.TP +.B EINVAL +The group ID specified in +.I gid +is not valid in this user namespace. +.TP +.B EPERM +The calling process is not privileged (does not have the +\fBCAP_SETGID\fP capability in its user namespace), and +.I gid +does not match the real group ID or saved set-group-ID of +the calling process. +.SH VERSIONS +.SS C library/kernel differences +At the kernel level, user IDs and group IDs are a per-thread attribute. +However, POSIX requires that all threads in a process +share the same credentials. +The NPTL threading implementation handles the POSIX requirements by +providing wrapper functions for +the various system calls that change process UIDs and GIDs. +These wrapper functions (including the one for +.BR setgid ()) +employ a signal-based technique to ensure +that when one thread changes credentials, +all of the other threads in the process also change their credentials. +For details, see +.BR nptl (7). +.SH STANDARDS +POSIX.1-2008. +.SH HISTORY +POSIX.1-2001, SVr4. +.PP +The original Linux +.BR setgid () +system call supported only 16-bit group IDs. +Subsequently, Linux 2.4 added +.BR setgid32 () +supporting 32-bit IDs. +The glibc +.BR setgid () +wrapper function transparently deals with the variation across kernel versions. +.SH SEE ALSO +.BR getgid (2), +.BR setegid (2), +.BR setregid (2), +.BR capabilities (7), +.BR credentials (7), +.BR user_namespaces (7) |