setuid(2) SYSTEM CALLS setuid(2)
NAME
setuid, setgid - set user and group IDs
SYNOPSIS
#include <sys/types.h>
#include <unistd.h>
int setuid(uidt uid);
int setgid(gidt gid);
DESCRIPTION
The setuid system call sets the real user ID, effective user
ID, and saved user ID of the calling process. The setgid
system call sets the real group ID, effective group ID, and
saved group ID of the calling process. At login time, the
real user ID, effective user ID, and saved user ID of the
login process are set to the login ID of the user responsi-
ble for the creation of the process. The same is true for
the real, effective, and saved group IDs; they are set to
the group ID of the user responsible for the creation of the
process. When a process calls exec(2) to execute a file
(program), the user and/or group identifiers associated with
the process can change. If the file executed is a set-
user-ID file, the effective and saved user IDs of the pro-
cess are set to the owner of the file executed. If the file
executed is a set-group-ID file, the effective and saved
group IDs of the process are set to the group of the file
executed. If the file executed is not a set-user-ID or
set-group-ID file, the effective user ID, saved user ID,
effective group ID, and saved group ID are not changed. The
following subsections describe the behavior of setuid and
setgid with respect to the three types of user and group
IDs.
setuid
If the effective user ID of the process calling setuid is
the superuser, the real, effective, and saved user IDs are
set to the uid parameter. If the effective user ID of the
calling process is not the superuser, but uid is either the
real user ID or the saved user ID of the calling process,
the effective user ID is set to uid.
setgid
If the effective user ID of the process calling setgid is
the superuser, the real, effective, and saved group IDs are
set to the gid parameter. If the effective user ID of the
calling process is not the superuser, but gid is either the
real group ID or the saved group ID of the calling process,
the effective group ID is set to gid. setuid and setgid
fail if one or more of the following is true:
1
setuid(2) SYSTEM CALLS setuid(2)
EPERM For setuid, if the effective user ID is not the
superuser, and the uid parameter does not match
either the real or saved user IDs. For setgid, if
the effective user ID is not the superuser, and
the gid parameter does not match either the real
or saved group IDs.
EINVAL The uid or gid is out of range.
DIAGNOSTICS
Upon successful completion, a value of 0 is returned. Oth-
erwise, a value of -1 is returned and errno is set to indi-
cate the error.
SEE ALSO
intro(2), exec(2), getgroups(2), getuid(2), stat(5).
2