diff options
Diffstat (limited to 'man/man2/setuid.2')
| -rw-r--r-- | man/man2/setuid.2 | 156 |
1 files changed, 156 insertions, 0 deletions
diff --git a/man/man2/setuid.2 b/man/man2/setuid.2 new file mode 100644 index 000000000..2c987c437 --- /dev/null +++ b/man/man2/setuid.2 @@ -0,0 +1,156 @@ +.\" Copyright (C), 1994, Graeme W. Wilford (Wilf). +.\" and Copyright (C) 2010, 2014, 2015, Michael Kerrisk <mtk.manpages@gmail.com> +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.\" Fri Jul 29th 12:56:44 BST 1994 Wilf. <G.Wilford@ee.surrey.ac.uk> +.\" Changes inspired by patch from Richard Kettlewell +.\" <richard@greenend.org.uk>, aeb 970616. +.\" Modified, 27 May 2004, Michael Kerrisk <mtk.manpages@gmail.com> +.\" Added notes on capability requirements +.TH setuid 2 (date) "Linux man-pages (unreleased)" +.SH NAME +setuid \- set user identity +.SH LIBRARY +Standard C library +.RI ( libc ", " \-lc ) +.SH SYNOPSIS +.nf +.B #include <unistd.h> +.P +.BI "int setuid(uid_t " uid ); +.fi +.SH DESCRIPTION +.BR setuid () +sets the effective user ID of the calling process. +If the calling process is privileged +(more precisely: if the process has the +.B CAP_SETUID +capability in its user namespace), +the real UID and saved set-user-ID are also set. +.P +Under Linux, +.BR setuid () +is implemented like the POSIX version with the +.B _POSIX_SAVED_IDS +feature. +This allows a set-user-ID (other than root) program to drop all of its user +privileges, do some un-privileged work, and then reengage the original +effective user ID in a secure manner. +.P +If the user is root or the program is set-user-ID-root, special care must be +taken: +.BR setuid () +checks the effective user ID of the caller and if it is +the superuser, all process-related user ID's are set to +.IR uid . +After this has occurred, it is impossible for the program to regain root +privileges. +.P +Thus, a set-user-ID-root program wishing to temporarily drop root +privileges, assume the identity of an unprivileged user, and then regain +root privileges afterward cannot use +.BR setuid (). +You can accomplish this with +.BR seteuid (2). +.SH RETURN VALUE +On success, zero is returned. +On error, \-1 is returned, and +.I errno +is set to indicate the error. +.P +.IR Note : +there are cases where +.BR setuid () +can fail even when the caller is UID 0; +it is a grave security error to omit checking for a failure return from +.BR setuid (). +.SH ERRORS +.TP +.B EAGAIN +The call would change the caller's real UID (i.e., +.I uid +does not match the caller's real UID), +but there was a temporary failure allocating the +necessary kernel data structures. +.TP +.B EAGAIN +.I uid +does not match the real user ID of the caller and this call would +bring the number of processes belonging to the real user ID +.I uid +over the caller's +.B RLIMIT_NPROC +resource limit. +Since Linux 3.1, this error case no longer occurs +(but robust applications should check for this error); +see the description of +.B EAGAIN +in +.BR execve (2). +.TP +.B EINVAL +The user ID specified in +.I uid +is not valid in this user namespace. +.TP +.B EPERM +The user is not privileged (Linux: does not have the +.B CAP_SETUID +capability in its user namespace) and +.I uid +does not match the real UID or saved set-user-ID of the calling process. +.SH VERSIONS +.SS C library/kernel differences +At the kernel level, user IDs and group IDs are a per-thread attribute. +However, POSIX requires that all threads in a process +share the same credentials. +The NPTL threading implementation handles the POSIX requirements by +providing wrapper functions for +the various system calls that change process UIDs and GIDs. +These wrapper functions (including the one for +.BR setuid ()) +employ a signal-based technique to ensure +that when one thread changes credentials, +all of the other threads in the process also change their credentials. +For details, see +.BR nptl (7). +.SH STANDARDS +POSIX.1-2008. +.SH HISTORY +POSIX.1-2001, SVr4. +.P +Not quite compatible with the 4.4BSD call, which +sets all of the real, saved, and effective user IDs. +.\" SVr4 documents an additional EINVAL error condition. +.P +The original Linux +.BR setuid () +system call supported only 16-bit user IDs. +Subsequently, Linux 2.4 added +.BR setuid32 () +supporting 32-bit IDs. +The glibc +.BR setuid () +wrapper function transparently deals with the variation across kernel versions. +.SH NOTES +Linux has the concept of the filesystem user ID, normally equal to the +effective user ID. +The +.BR setuid () +call also sets the filesystem user ID of the calling process. +See +.BR setfsuid (2). +.P +If +.I uid +is different from the old effective UID, the process will +be forbidden from leaving core dumps. +.SH SEE ALSO +.BR getuid (2), +.BR seteuid (2), +.BR setfsuid (2), +.BR setreuid (2), +.BR capabilities (7), +.BR credentials (7), +.BR user_namespaces (7) |