SETXUID(2,L) AIX Technical Reference SETXUID(2,L)
-------------------------------------------------------------------------------
setxuid
PURPOSE
Uses real user ID or group ID on subsequent invocations of the exec or run
system calls.
SYNTAX
#include <sys/types.h>
int setxuid(options)
int options;
#define GS_XUID 1
#define GS_XGID 2
DESCRIPTION
The setxuid system call allows a process to restore the real user ID and/or
real group ID to be used as the effective user ID and/or effective group ID,
respectively, at the end of a later exec, rexec or run system call. setxuid
can turn these options on or off. The possible options are:
GS_XUID If this bit is turned on, the effective user ID of invoked programs
is the current process's real user ID, unless the invoked program
already has its setuid mode bit set. If this bit is turned off, the
effective user ID follows normal semantics; it is not modified in an
invoked program unless the program has its setuid mode bit set.
GS_XGID If this bit is turned on, the effective group ID of invoked programs
is the current process's real group ID, unless the invoked program
already has its setgid mode bit set. If this bit is turned off, the
effective group ID follows normal semantics; it is not modified in an
invoked program unless the program has its setgid mode bit set.
This system call permits a setuid program to invoke another program with its
caller's permission while using the setuid program's permission to determine
execute access. Its use in the invoking process is equivalent to using the
setuid and/or setgid system call as the first instructions in the invoked
process unless the invoked program has its setuid and/or setgid mode bits set.
The effect of this operation is carried around with the process until reset by
another call to setxuid or until a new image has been loaded by a successful
exec, rexec or run system calls. In particular, this state is inherited by all
child processes.
A typical use of setxuid is to limit when or by whom another program can be
run. In place of a program whose use is to be restricted, a small program of
Processed November 7, 1990 SETXUID(2,L) 1
SETXUID(2,L) AIX Technical Reference SETXUID(2,L)
the same name can be installed. This program uses setuid or setgid for a more
privileged user or group. After determining that the user should be allowed to
run the actual program, it calls setxuid and then calls exec to execute the
program, which has been installed elsewhere with restricted permissions.
RETURN VALUE
The old value of the options is returned.
RELATED INFORMATION
In this book: "exec: execl, execv, execle, execve, execlp, execvp," "rexec:
rexecl, rexecv, rexecle, rexecve, rexeclp, rexecvp," "run: runl, runv, runle,
runve, runlp, runvp," and "setuid, setgid."
Processed November 7, 1990 SETXUID(2,L) 2