seteuid (2)
Leading comments
Copyright (c) 1983, 1991, 1993 The Regents of the University of California. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the fol...
NAME
setuid seteuid setgid setegid - set user and group IDLIBRARY
Lb libcSYNOPSIS
In sys/types.h In unistd.h Ft int Fn setuid uid_t uid Ft int Fn seteuid uid_t euid Ft int Fn setgid gid_t gid Ft int Fn setegid gid_t egidDESCRIPTION
The Fn setuid system call sets the real and effective user IDs and the saved set-user-ID of the current process to the specified value. The Fn setuid system call is permitted if the specified ID is equal to the real user ID or the effective user ID of the process, or if the effective user ID is that of the super user.The Fn setgid system call sets the real and effective group IDs and the saved set-group-ID of the current process to the specified value. The Fn setgid system call is permitted if the specified ID is equal to the real group ID or the effective group ID of the process, or if the effective user ID is that of the super user.
The Fn seteuid system call (Fn setegid ) sets the effective user ID (group ID) of the current process. The effective user ID may be set to the value of the real user ID or the saved set-user-ID (see intro(2) and execve(2)); in this way, the effective user ID of a set-user-ID executable may be toggled by switching to the real user ID, then re-enabled by reverting to the set-user-ID value. Similarly, the effective group ID may be set to the value of the real group ID or the saved set-group-ID.
RETURN VALUES
Rv -stdERRORS
The system calls will fail if:- Bq Er EPERM
- The user is not the super user and the ID specified is not the real, effective ID, or saved ID.
SEE ALSO
getgid(2), getuid(2), issetugid(2), setregid(2), setreuid(2)STANDARDS
The Fn setuid and Fn setgid system calls are compliant with the St -p1003.1-90 specification with _POSIX_SAVED_IDS not defined with the permitted extensions from Appendix B.4.2.2. The Fn seteuid and Fn setegid system calls are extensions based on the POSIX concept of _POSIX_SAVED_IDS and have been proposed for a future revision of the standard.HISTORY
The Fn setuid and Fn setgid functions appeared in AT&T System v7 .SECURITY CONSIDERATIONS
Read and write permissions to files are determined upon a call to open(2). Once a file descriptor is open, dropping privilege does not affect the process's read/write permissions, even if the user ID specified has no read or write permissions to the file. These files normally remain open in any new process executed, resulting in a user being able to read or modify potentially sensitive data.To prevent these files from remaining open after an exec(3) call, be sure to set the close-on-exec flag:
void pseudocode(void) { int fd; /* ... */ fd = open("/path/to/sensitive/data", O_RDWR); if (fd == -1) err(1, "open"); /* * Set close-on-exec flag; see fcntl(2) for more information. */ if (fcntl(fd, F_SETFD, FD_CLOEXEC) == -1) err(1, "fcntl(F_SETFD)"); /* ... */ execve(path, argv, environ); }