.\" Copyright (C) 2001 Andries Brouwer (aeb@cwi.nl)
.\"
+.\" %%%LICENSE_START(VERBATIM)
.\" Permission is granted to make and distribute verbatim copies of this
.\" manual provided the copyright notice and this permission notice are
.\" preserved on all copies.
.\"
.\" Formatted or processed versions of this manual, if unaccompanied by
.\" the source, must acknowledge the copyright and authors of this work.
+.\" %%%LICENSE_END
.\"
.\" [should really be seteuid.3]
.\" Modified, 27 May 2004, Michael Kerrisk <mtk.manpages@gmail.com>
.\" Added notes on capability requirements
.\"
-.TH SETEUID 2 2009-10-17 "Linux" "Linux Programmer's Manual"
+.TH SETEUID 2 2014-09-21 "Linux" "Linux Programmer's Manual"
.SH NAME
seteuid, setegid \- set effective user or group ID
.SH SYNOPSIS
.\" equals \-1, nothing is changed.
.\" (This is an artifact of the implementation in glibc of seteuid()
.\" using setresuid(2).)
-.SH "RETURN VALUE"
+.SH RETURN VALUE
On success, zero is returned.
On error, \-1 is returned, and
.I errno
is set appropriately.
+
+.IR Note :
+there are cases where
+.BR seteuid ()
+can fail even when the caller is UID 0;
+it is a grave security error to omit checking for a failure return from
+.BR seteuid ().
.SH ERRORS
-.\" .TP
-.\" .B EINVAL
+.TP
+.B EINVAL
+The target user or group ID is not valid in this user namespace.
.TP
.B EPERM
The calling process is not privileged (Linux: does not have the
.IR egid )
is not the real user (group) ID, the effective user (group) ID,
or the saved set-user-ID (saved set-group-ID).
-.SH "CONFORMING TO"
+.SH CONFORMING TO
4.3BSD, POSIX.1-2001.
.SH NOTES
Setting the effective user (group) ID to the
On an arbitrary system one should check
.BR _POSIX_SAVED_IDS .
.LP
-Under libc4, libc5 and glibc 2.0
+Under glibc 2.0
.BI seteuid( euid )
is equivalent to
.BI setreuid(\-1, " euid" )
Under glibc 2.1 and later it is equivalent to
.BI setresuid(\-1, " euid" ", \-1)"
and hence does not change the saved set-user-ID.
-Similar remarks hold for
-.BR setegid ().
+Analogous remarks hold for
+.BR setegid (),
+with the difference that the change in implementation from
+.BI setregid(\-1, " egid" )
+to
+.BI setresgid(\-1, " egid" ", \-1)"
+occurred in glibc 2.2 or 2.3 (depending on the hardware architecture).
According to POSIX.1,
.BR seteuid ()
.RI ( egid )
to be the same value as the current effective user (group) ID,
and some implementations do not permit this.
-.SH "SEE ALSO"
+.SS C library/kernel ABI differences
+On Linux,
+.BR seteuid ()
+and
+.BR setegid ()
+are implemented as library functions that call, respectively,
+.BR setreuid (2)
+and
+.BR setresgid (2).
+.SH SEE ALSO
.BR geteuid (2),
.BR setresuid (2),
.BR setreuid (2),
.BR setuid (2),
.BR capabilities (7),
-.BR credentials (7)
+.BR credentials (7),
+.BR user_namespaces (7)
+.SH COLOPHON
+This page is part of release 3.79 of the Linux
+.I man-pages
+project.
+A description of the project,
+information about reporting bugs,
+and the latest version of this page,
+can be found at
+\%http://www.kernel.org/doc/man\-pages/.