diff options
Diffstat (limited to '')
-rw-r--r-- | man2/setresuid.2 | 147 |
1 files changed, 147 insertions, 0 deletions
diff --git a/man2/setresuid.2 b/man2/setresuid.2 new file mode 100644 index 0000000..97f0af9 --- /dev/null +++ b/man2/setresuid.2 @@ -0,0 +1,147 @@ +.\" Copyright (C) 1997 Andries Brouwer (aeb@cwi.nl) +.\" and Copyright (C) 2005, 2010, 2014, 2015, Michael Kerrisk <mtk.manpages@gmail.com> +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.\" Modified, 2003-05-26, Michael Kerrisk, <mtk.manpages@gmail.com> +.TH setresuid 2 2023-03-30 "Linux man-pages 6.05.01" +.SH NAME +setresuid, setresgid \- set real, effective, and saved user or group ID +.SH LIBRARY +Standard C library +.RI ( libc ", " \-lc ) +.SH SYNOPSIS +.nf +.BR "#define _GNU_SOURCE" " /* See feature_test_macros(7) */" +.B #include <unistd.h> +.PP +.BI "int setresuid(uid_t " ruid ", uid_t " euid ", uid_t " suid ); +.BI "int setresgid(gid_t " rgid ", gid_t " egid ", gid_t " sgid ); +.fi +.SH DESCRIPTION +.BR setresuid () +sets the real user ID, the effective user ID, and the +saved set-user-ID of the calling process. +.PP +An unprivileged process may change its real UID, +effective UID, and saved set-user-ID, each to one of: +the current real UID, the current effective UID, or the +current saved set-user-ID. +.PP +A privileged process (on Linux, one having the \fBCAP_SETUID\fP capability) +may set its real UID, effective UID, and +saved set-user-ID to arbitrary values. +.PP +If one of the arguments equals \-1, the corresponding value is not changed. +.PP +Regardless of what changes are made to the real UID, effective UID, +and saved set-user-ID, the filesystem UID is always set to the same +value as the (possibly new) effective UID. +.PP +Completely analogously, +.BR setresgid () +sets the real GID, effective GID, and saved set-group-ID +of the calling process (and always modifies the filesystem GID +to be the same as the effective GID), +with the same restrictions for unprivileged processes. +.SH RETURN VALUE +On success, zero is returned. +On error, \-1 is returned, and +.I errno +is set to indicate the error. +.PP +.IR Note : +there are cases where +.BR setresuid () +can fail even when the caller is UID 0; +it is a grave security error to omit checking for a failure return from +.BR setresuid (). +.SH ERRORS +.TP +.B EAGAIN +The call would change the caller's real UID (i.e., +.I ruid +does not match the caller's real UID), +but there was a temporary failure allocating the +necessary kernel data structures. +.TP +.B EAGAIN +.I ruid +does not match the caller's real UID and this call would +bring the number of processes belonging to the real user ID +.I ruid +over the caller's +.B RLIMIT_NPROC +resource limit. +Since Linux 3.1, this error case no longer occurs +(but robust applications should check for this error); +see the description of +.B EAGAIN +in +.BR execve (2). +.TP +.B EINVAL +One or more of the target user or group IDs +is not valid in this user namespace. +.TP +.B EPERM +The calling process is not privileged (did not have the necessary +capability in its user namespace) +and tried to change the IDs to values that are not permitted. +For +.BR setresuid (), +the necessary capability is +.BR CAP_SETUID ; +for +.BR setresgid (), +it is +.BR CAP_SETGID . +.SH VERSIONS +.SS C library/kernel differences +At the kernel level, user IDs and group IDs are a per-thread attribute. +However, POSIX requires that all threads in a process +share the same credentials. +The NPTL threading implementation handles the POSIX requirements by +providing wrapper functions for +the various system calls that change process UIDs and GIDs. +These wrapper functions (including those for +.BR setresuid () +and +.BR setresgid ()) +employ a signal-based technique to ensure +that when one thread changes credentials, +all of the other threads in the process also change their credentials. +For details, see +.BR nptl (7). +.SH STANDARDS +None. +.SH HISTORY +Linux 2.1.44, +glibc 2.3.2. +HP-UX, FreeBSD. +.PP +The original Linux +.BR setresuid () +and +.BR setresgid () +system calls supported only 16-bit user and group IDs. +Subsequently, Linux 2.4 added +.BR setresuid32 () +and +.BR setresgid32 (), +supporting 32-bit IDs. +The glibc +.BR setresuid () +and +.BR setresgid () +wrapper functions transparently deal with the variations across kernel versions. +.SH SEE ALSO +.BR getresuid (2), +.BR getuid (2), +.BR setfsgid (2), +.BR setfsuid (2), +.BR setreuid (2), +.BR setuid (2), +.BR capabilities (7), +.BR credentials (7), +.BR user_namespaces (7) |