summaryrefslogtreecommitdiffstats
path: root/man2/setuid.2
diff options
context:
space:
mode:
Diffstat (limited to 'man2/setuid.2')
-rw-r--r--man2/setuid.2156
1 files changed, 156 insertions, 0 deletions
diff --git a/man2/setuid.2 b/man2/setuid.2
new file mode 100644
index 0000000..80284d6
--- /dev/null
+++ b/man2/setuid.2
@@ -0,0 +1,156 @@
+.\" Copyright (C), 1994, Graeme W. Wilford (Wilf).
+.\" and Copyright (C) 2010, 2014, 2015, Michael Kerrisk <mtk.manpages@gmail.com>
+.\"
+.\" SPDX-License-Identifier: Linux-man-pages-copyleft
+.\"
+.\" Fri Jul 29th 12:56:44 BST 1994 Wilf. <G.Wilford@ee.surrey.ac.uk>
+.\" Changes inspired by patch from Richard Kettlewell
+.\" <richard@greenend.org.uk>, aeb 970616.
+.\" Modified, 27 May 2004, Michael Kerrisk <mtk.manpages@gmail.com>
+.\" Added notes on capability requirements
+.TH setuid 2 2023-03-30 "Linux man-pages 6.05.01"
+.SH NAME
+setuid \- set user identity
+.SH LIBRARY
+Standard C library
+.RI ( libc ", " \-lc )
+.SH SYNOPSIS
+.nf
+.B #include <unistd.h>
+.PP
+.BI "int setuid(uid_t " uid );
+.fi
+.SH DESCRIPTION
+.BR setuid ()
+sets the effective user ID of the calling process.
+If the calling process is privileged
+(more precisely: if the process has the
+.B CAP_SETUID
+capability in its user namespace),
+the real UID and saved set-user-ID are also set.
+.PP
+Under Linux,
+.BR setuid ()
+is implemented like the POSIX version with the
+.B _POSIX_SAVED_IDS
+feature.
+This allows a set-user-ID (other than root) program to drop all of its user
+privileges, do some un-privileged work, and then reengage the original
+effective user ID in a secure manner.
+.PP
+If the user is root or the program is set-user-ID-root, special care must be
+taken:
+.BR setuid ()
+checks the effective user ID of the caller and if it is
+the superuser, all process-related user ID's are set to
+.IR uid .
+After this has occurred, it is impossible for the program to regain root
+privileges.
+.PP
+Thus, a set-user-ID-root program wishing to temporarily drop root
+privileges, assume the identity of an unprivileged user, and then regain
+root privileges afterward cannot use
+.BR setuid ().
+You can accomplish this with
+.BR seteuid (2).
+.SH RETURN VALUE
+On success, zero is returned.
+On error, \-1 is returned, and
+.I errno
+is set to indicate the error.
+.PP
+.IR Note :
+there are cases where
+.BR setuid ()
+can fail even when the caller is UID 0;
+it is a grave security error to omit checking for a failure return from
+.BR setuid ().
+.SH ERRORS
+.TP
+.B EAGAIN
+The call would change the caller's real UID (i.e.,
+.I uid
+does not match the caller's real UID),
+but there was a temporary failure allocating the
+necessary kernel data structures.
+.TP
+.B EAGAIN
+.I uid
+does not match the real user ID of the caller and this call would
+bring the number of processes belonging to the real user ID
+.I uid
+over the caller's
+.B RLIMIT_NPROC
+resource limit.
+Since Linux 3.1, this error case no longer occurs
+(but robust applications should check for this error);
+see the description of
+.B EAGAIN
+in
+.BR execve (2).
+.TP
+.B EINVAL
+The user ID specified in
+.I uid
+is not valid in this user namespace.
+.TP
+.B EPERM
+The user is not privileged (Linux: does not have the
+.B CAP_SETUID
+capability in its user namespace) and
+.I uid
+does not match the real UID or saved set-user-ID of the calling process.
+.SH VERSIONS
+.SS C library/kernel differences
+At the kernel level, user IDs and group IDs are a per-thread attribute.
+However, POSIX requires that all threads in a process
+share the same credentials.
+The NPTL threading implementation handles the POSIX requirements by
+providing wrapper functions for
+the various system calls that change process UIDs and GIDs.
+These wrapper functions (including the one for
+.BR setuid ())
+employ a signal-based technique to ensure
+that when one thread changes credentials,
+all of the other threads in the process also change their credentials.
+For details, see
+.BR nptl (7).
+.SH STANDARDS
+POSIX.1-2008.
+.SH HISTORY
+POSIX.1-2001, SVr4.
+.PP
+Not quite compatible with the 4.4BSD call, which
+sets all of the real, saved, and effective user IDs.
+.\" SVr4 documents an additional EINVAL error condition.
+.PP
+The original Linux
+.BR setuid ()
+system call supported only 16-bit user IDs.
+Subsequently, Linux 2.4 added
+.BR setuid32 ()
+supporting 32-bit IDs.
+The glibc
+.BR setuid ()
+wrapper function transparently deals with the variation across kernel versions.
+.SH NOTES
+Linux has the concept of the filesystem user ID, normally equal to the
+effective user ID.
+The
+.BR setuid ()
+call also sets the filesystem user ID of the calling process.
+See
+.BR setfsuid (2).
+.PP
+If
+.I uid
+is different from the old effective UID, the process will
+be forbidden from leaving core dumps.
+.SH SEE ALSO
+.BR getuid (2),
+.BR seteuid (2),
+.BR setfsuid (2),
+.BR setreuid (2),
+.BR capabilities (7),
+.BR credentials (7),
+.BR user_namespaces (7)