Skip site navigation (1)Skip section navigation (2)

FreeBSD Man Pages

Man Page or Keyword Search:
Man Architecture
Apropos Keyword Search (all sections) Output format
home | help
SETUID(2)		  FreeBSD System Calls Manual		     SETUID(2)

NAME
     setuid, seteuid, setgid, setegid -- set user and group ID

LIBRARY
     Standard C	Library	(libc, -lc)

SYNOPSIS
     #include <sys/types.h>
     #include <unistd.h>

     int
     setuid(uid_t uid);

     int
     seteuid(uid_t euid);

     int
     setgid(gid_t gid);

     int
     setegid(gid_t egid);

DESCRIPTION
     The setuid() system call sets the real and	effective user IDs and the
     saved set-user-ID of the current process to the specified value.  The
     setuid() system call is permitted if the specified	ID is equal to the
     real user ID or the effective user	ID of the process, or if the effective
     user ID is	that of	the super user.

     The setgid() system call sets the real and	effective group	IDs and	the
     saved set-group-ID	of the current process to the specified	value.	The
     setgid() system call is permitted if the specified	ID is equal to the
     real group	ID or the effective group ID of	the process, or	if the effec-
     tive user ID is that of the super user.

     The seteuid() system call (setegid()) sets	the effective user ID (group
     ID) of the	current	process.  The effective	user ID	may be set to the
     value of the real user ID or the saved set-user-ID	(see intro(2) and
     execve(2)); in this way, the effective user ID of a set-user-ID exe-
     cutable may be toggled by switching to the	real user ID, then re-enabled
     by	reverting to the set-user-ID value.  Similarly,	the effective group ID
     may be set	to the value of	the real group ID or the saved set-group-ID.

RETURN VALUES
     Upon successful completion, the value 0 is	returned; otherwise the
     value -1 is returned and the global variable errno	is set to indicate the
     error.

ERRORS
     The system	calls will fail	if:

     [EPERM]		The user is not	the super user and the ID specified is
			not the	real, effective	ID, or saved ID.

SEE ALSO
     getgid(2),	getuid(2), issetugid(2), setregid(2), setreuid(2)

STANDARDS
     The setuid() and setgid() system calls are	compliant with the ISO/IEC
     9945-1:1990 (``POSIX.1'') specification with _POSIX_SAVED_IDS not defined
     with the permitted	extensions from	Appendix B.4.2.2.  The seteuid() and
     setegid() system calls are	extensions based on the	POSIX concept of
     _POSIX_SAVED_IDS, and have	been proposed for a future revision of the
     standard.

HISTORY
     The setuid() and setgid() functions appeared in Version 7 AT&T UNIX.

SECURITY CONSIDERATIONS
     Read and write permissions	to files are determined	upon a call to
     open(2).  Once a file descriptor is open, dropping	privilege does not
     affect the	process's read/write permissions, even if the user ID speci-
     fied has no read or write permissions to the file.	 These files normally
     remain open in any	new process executed, resulting	in a user being	able
     to	read or	modify potentially sensitive data.

     To	prevent	these files from remaining open	after an exec(3) call, be sure
     to	set the	close-on-exec flag:

     void
     pseudocode(void)
     {
	     int fd;
	     /*	... */

	     fd	= open("/path/to/sensitive/data", O_RDWR);
	     if	(fd == -1)
		     err(1, "open");

	     /*
	      *	Set close-on-exec flag;	see fcntl(2) for more information.
	      */
	     if	(fcntl(fd, F_SETFD, FD_CLOEXEC)	== -1)
		     err(1, "fcntl(F_SETFD)");
	     /*	... */
	     execve(path, argv,	environ);
     }

FreeBSD	9.2			 June 4, 1993			   FreeBSD 9.2

NAME | LIBRARY | SYNOPSIS | DESCRIPTION | RETURN VALUES | ERRORS | SEE ALSO | STANDARDS | HISTORY | SECURITY CONSIDERATIONS

Want to link to this manual page? Use this URL:
<http://www.freebsd.org/cgi/man.cgi?query=setgid&sektion=2&manpath=FreeBSD+10.0-RELEASE>

home | help