Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ setxuid(2) — AIX PS/2 1.2.1

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

exec: execl, execv, execle, execve, execlp, execvp

rexec:

rexecl, rexecv, rexecle, rexecve, rexeclp, rexecvp

run: runl, runv, runle, runve, runlp, runvp

setuid, setgid



SETXUID(2,L)                AIX Technical Reference                SETXUID(2,L)



-------------------------------------------------------------------------------
setxuid



PURPOSE

Uses real user ID or group ID on subsequent invocations of the exec or run
system calls.

SYNTAX

#include <sys/types.h>

int setxuid(options)
int options;

#define GS_XUID 1
#define GS_XGID 2

DESCRIPTION

The setxuid system call allows a process to restore the real user ID and/or
real group ID to be used as the effective user ID and/or effective group ID,
respectively, at the end of a later exec, rexec or run system call.  setxuid
can turn these options on or off.  The possible options are:

GS_XUID   If this bit is turned on, the effective user ID of invoked programs
          is the current process's real user ID, unless the invoked program
          already has its setuid mode bit set.  If this bit is turned off, the
          effective user ID follows normal semantics; it is not modified in an
          invoked program unless the program has its setuid mode bit set.

GS_XGID   If this bit is turned on, the effective group ID of invoked programs
          is the current process's real group ID, unless the invoked program
          already has its setgid mode bit set.  If this bit is turned off, the
          effective group ID follows normal semantics; it is not modified in an
          invoked program unless the program has its setgid mode bit set.

This system call permits a setuid program to invoke another program with its
caller's permission while using the setuid program's permission to determine
execute access.  Its use in the invoking process is equivalent to using the
setuid and/or setgid system call as the first instructions in the invoked
process unless the invoked program has its setuid and/or setgid mode bits set.

The effect of this operation is carried around with the process until reset by
another call to setxuid or until a new image has been loaded by a successful
exec, rexec or run system calls.  In particular, this state is inherited by all
child processes.

A typical use of setxuid is to limit when or by whom another program can be
run.  In place of a program whose use is to be restricted, a small program of



Processed November 7, 1990       SETXUID(2,L)                                 1





SETXUID(2,L)                AIX Technical Reference                SETXUID(2,L)



the same name can be installed.  This program uses setuid or setgid for a more
privileged user or group.  After determining that the user should be allowed to
run the actual program, it calls setxuid and then calls exec to execute the
program, which has been installed elsewhere with restricted permissions.

RETURN VALUE

The old value of the options is returned.

RELATED INFORMATION

In this book:  "exec:  execl, execv, execle, execve, execlp, execvp," "rexec:
rexecl, rexecv, rexecle, rexecve, rexeclp, rexecvp," "run: runl, runv, runle,
runve, runlp, runvp," and "setuid, setgid."









































Processed November 7, 1990       SETXUID(2,L)                                 2



Typewritten Software • bear@typewritten.org • Edmonds, WA 98026