Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
SETUID(2)		      System Calls Manual		     SETUID(2)

NAME
       setuid, seteuid,	setgid,	setegid	-- set user and	group ID

LIBRARY
       Standard	C Library (libc, -lc)

SYNOPSIS
       #include	<unistd.h>

       int
       setuid(uid_t uid);

       int
       seteuid(uid_t euid);

       int
       setgid(gid_t gid);

       int
       setegid(gid_t egid);

DESCRIPTION
       The  setuid()  system call sets the real	and effective user IDs and the
       saved set-user-ID of the	current	process	to the specified  value.   The
       setuid()	 system	 call is permitted if the specified ID is equal	to the
       real user ID or the effective user ID of	the process, or	if the	effec-
       tive user ID is that of the super user.

       The  setgid() system call sets the real and effective group IDs and the
       saved set-group-ID of the current process to the	specified value.   The
       setgid()	 system	 call is permitted if the specified ID is equal	to the
       real group ID or	the effective group ID of the process, or if  the  ef-
       fective user ID is that of the super user.

       The seteuid() system call (setegid()) sets the effective	user ID	(group
       ID)  of	the  current process.  The effective user ID may be set	to the
       value of	the real user ID or the	saved set-user-ID  (see	 intro(2)  and
       execve(2));  in	this  way, the effective user ID of a set-user-ID exe-
       cutable may be toggled by switching to the real user  ID,  then	re-en-
       abled  by reverting to the set-user-ID value.  Similarly, the effective
       group ID	may be set to the value	of the real group ID or	the saved set-
       group-ID.

RETURN VALUES
       Upon successful completion, the value  0	 is  returned;	otherwise  the
       value  -1  is returned and the global variable errno is set to indicate
       the error.

ERRORS
       The system calls	will fail if:

       [EPERM]		  The user is not the super user and the ID  specified
			  is not the real, effective ID, or saved ID.

SEE ALSO
       getgid(2), getuid(2), issetugid(2), setregid(2),	setreuid(2)

STANDARDS
       The  setuid()  and setgid() system calls	are compliant with the ISO/IEC
       9945-1:1990 ("POSIX.1") specification with _POSIX_SAVED_IDS not defined
       with the	permitted extensions from Appendix B.4.2.2.  The seteuid() and
       setegid() system	calls are extensions based on  the  POSIX  concept  of
       _POSIX_SAVED_IDS,  and  have been proposed for a	future revision	of the
       standard.

HISTORY
       The setuid() function appeared in Version 1 AT&T	 UNIX.	 The  setgid()
       function	appeared in Version 4 AT&T UNIX.

SECURITY CONSIDERATIONS
       Read  and  write	 permissions  to  files	 are determined	upon a call to
       open(2).	 Once a	file descriptor	is open, dropping privilege  does  not
       affect the process's read/write permissions, even if the	user ID	speci-
       fied  has  no  read or write permissions	to the file.  These files nor-
       mally remain open in any	new process executed, resulting	in a user  be-
       ing able	to read	or modify potentially sensitive	data.

       To  prevent  these  files from remaining	open after an exec(3) call, be
       sure to set the close-on-exec flag:

       void
       pseudocode(void)
       {
	       int fd;
	       /* ... */

	       fd = open("/path/to/sensitive/data", O_RDWR | O_CLOEXEC);
	       if (fd == -1)
		       err(1, "open");

	       /* ... */
	       execve(path, argv, environ);
       }

FreeBSD	13.2		       December	15, 2015		     SETUID(2)

NAME | LIBRARY | SYNOPSIS | DESCRIPTION | RETURN VALUES | ERRORS | SEE ALSO | STANDARDS | HISTORY | SECURITY CONSIDERATIONS

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=setgid&sektion=2&manpath=FreeBSD+14.2-RELEASE+and+Ports>

home | help