1 .\" Copyright (c) 1983, 1991 The Regents of the University of California.
2 .\" All rights reserved.
4 .\" %%%LICENSE_START(BSD_4_CLAUSE_UCB)
5 .\" Redistribution and use in source and binary forms, with or without
6 .\" modification, are permitted provided that the following conditions
8 .\" 1. Redistributions of source code must retain the above copyright
9 .\" notice, this list of conditions and the following disclaimer.
10 .\" 2. Redistributions in binary form must reproduce the above copyright
11 .\" notice, this list of conditions and the following disclaimer in the
12 .\" documentation and/or other materials provided with the distribution.
13 .\" 3. All advertising materials mentioning features or use of this software
14 .\" must display the following acknowledgement:
15 .\" This product includes software developed by the University of
16 .\" California, Berkeley and its contributors.
17 .\" 4. Neither the name of the University nor the names of its contributors
18 .\" may be used to endorse or promote products derived from this software
19 .\" without specific prior written permission.
21 .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 .\" @(#)setregid.2 6.4 (Berkeley) 3/10/91
36 .\" Modified Sat Jul 24 09:08:49 1993 by Rik Faith <faith@cs.unc.edu>
37 .\" Portions extracted from linux/kernel/sys.c:
38 .\" Copyright (C) 1991, 1992 Linus Torvalds
39 .\" May be distributed under the GNU General Public License
40 .\" Changes: 1994-07-29 by Wilf <G.Wilford@ee.surrey.ac.uk>
41 .\" 1994-08-02 by Wilf due to change in kernel.
43 .\" 2004-05-27 by Michael Kerrisk
45 .TH SETREUID 2 2014-09-21 "Linux" "Linux Programmer's Manual"
47 setreuid, setregid \- set real and/or effective user or group ID
49 .B #include <sys/types.h>
51 .B #include <unistd.h>
53 .BI "int setreuid(uid_t " ruid ", uid_t " euid );
55 .BI "int setregid(gid_t " rgid ", gid_t " egid );
58 Feature Test Macro Requirements for glibc (see
59 .BR feature_test_macros (7)):
66 _BSD_SOURCE || _XOPEN_SOURCE\ >=\ 500 ||
67 _XOPEN_SOURCE\ &&\ _XOPEN_SOURCE_EXTENDED
72 sets real and effective user IDs of the calling process.
74 Supplying a value of \-1 for either the real or effective user ID forces
75 the system to leave that ID unchanged.
77 Unprivileged processes may only set the effective user ID to the real user ID,
78 the effective user ID, or the saved set-user-ID.
80 Unprivileged users may only set the real user ID to
81 the real user ID or the effective user ID.
83 If the real user ID is set (i.e.,
85 is not \-1) or the effective user ID is set to a value
86 not equal to the previous real user ID,
87 the saved set-user-ID will be set to the new effective user ID.
89 Completely analogously,
91 sets real and effective group ID's of the calling process,
92 and all of the above holds with "group" instead of "user".
94 On success, zero is returned.
95 On error, \-1 is returned, and
100 there are cases where
102 can fail even when the caller is UID 0;
103 it is a grave security error to omit checking for a failure return from
108 The call would change the caller's real UID (i.e.,
110 does not match the caller's real UID),
111 but there was a temporary failure allocating the
112 necessary kernel data structures.
116 does not match the caller's real UID and this call would
117 bring the number of processes belonging to the real user ID
122 Since Linux 3.1, this error case no longer occurs
123 (but robust applications should check for this error);
124 see the description of
130 One or more of the target user or group IDs
131 is not valid in this user namespace.
134 The calling process is not privileged
135 (Linux: does not have the
137 capability in the case of
141 capability in the case of
143 and a change other than (i)
144 swapping the effective user (group) ID with the real user (group) ID,
145 or (ii) setting one to the value of the other or (iii) setting the
146 effective user (group) ID to the value of the
147 saved set-user-ID (saved set-group-ID) was specified.
149 POSIX.1-2001, 4.3BSD (the
153 function calls first appeared in 4.2BSD).
155 Setting the effective user (group) ID to the
156 saved set-user-ID (saved set-group-ID) is
157 possible since Linux 1.1.37 (1.1.38).
159 POSIX.1 does not specify all of possible ID changes that are permitted
160 on Linux for an unprivileged process.
163 the effective user ID can be made the same as the
164 real user ID or the save set-user-ID,
165 and it is unspecified whether unprivileged processes may set the
166 real user ID to the real user ID, the effective user ID, or the
170 the real group ID can be changed to the value of the saved set-group-ID,
171 and the effective group ID can be changed to the value of
172 the real group ID or the saved set-group-ID.
173 The precise details of what ID changes are permitted vary
174 across implementations.
176 POSIX.1 makes no specification about the effect of these calls
177 on the saved set-user-ID and saved set-group-ID.
183 system calls supported only 16-bit user and group IDs.
184 Subsequently, Linux 2.4 added
188 supporting 32-bit IDs.
193 wrapper functions transparently deal with the variations across kernel versions.
201 .BR capabilities (7),
202 .BR user_namespaces (7)