GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  SETEUID (2)

NAME

setuid, seteuid, setgid, setegid - set user and group ID

CONTENTS

Library
Synopsis
Description
Return Values
Errors
See Also
Standards
History
Security Considerations

LIBRARY


.Lb libc

SYNOPSIS


.In sys/types.h
.In unistd.h int setuid uid_t uid int seteuid uid_t euid int setgid gid_t gid int setegid gid_t egid

DESCRIPTION

The setuid system call sets the real and effective user IDs and the saved set-user-ID of the current process to the specified value. The setuid system call is permitted if the specified ID is equal to the real user ID or the effective user ID of the process, or if the effective user ID is that of the super user.

The setgid system call sets the real and effective group IDs and the saved set-group-ID of the current process to the specified value. The setgid system call is permitted if the specified ID is equal to the real group ID or the effective group ID of the process, or if the effective user ID is that of the super user.

The seteuid system call (setegid) sets the effective user ID (group ID) of the current process. The effective user ID may be set to the value of the real user ID or the saved set-user-ID (see intro(2) and execve(2)); in this way, the effective user ID of a set-user-ID executable may be toggled by switching to the real user ID, then re-enabled by reverting to the set-user-ID value. Similarly, the effective group ID may be set to the value of the real group ID or the saved set-group-ID.

RETURN VALUES


.Rv -std

ERRORS

The system calls will fail if:
[EPERM]
  The user is not the super user and the ID specified is not the real, effective ID, or saved ID.

SEE ALSO

getgid(2), getuid(2), issetugid(2), setregid(2), setreuid(2)

STANDARDS

The setuid and setgid system calls are compliant with the -p1003.1-90 specification with _POSIX_SAVED_IDS not defined with the permitted extensions from Appendix B.4.2.2. The seteuid and setegid system calls are extensions based on the POSIX concept of _POSIX_SAVED_IDS, and have been proposed for a future revision of the standard.

HISTORY

The setuid and setgid functions appeared in AT&T v7 .

SECURITY CONSIDERATIONS

Read and write permissions to files are determined upon a call to open(2). Once a file descriptor is open, dropping privilege does not affect the process’s read/write permissions, even if the user ID specified has no read or write permissions to the file. These files normally remain open in any new process executed, resulting in a user being able to read or modify potentially sensitive data.

To prevent these files from remaining open after an exec(3) call, be sure to set the close-on-exec flag:

void
pseudocode(void)
{
        int fd;
        /* ... */

        fd = open("/path/to/sensitive/data", O_RDWR);         if (fd == -1)                 err(1, "open");

        /*          * Set close-on-exec flag; see fcntl(2) for more information.          */         if (fcntl(fd, F_SETFD, FD_CLOEXEC) == -1)                 err(1, "fcntl(F_SETFD)");         /* ... */         execve(path, argv, environ); }

Search for    or go to Top of page |  Section 2 |  Main Index


Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.