setgroups(2) System Calls Manual setgroups(2)NAME
setgroups - set group access list
SYNOPSIS DESCRIPTION
sets the group access list of the current user process according to the array gidset. The parameter ngroups indicates the number of
entries in the array and must be no more than
Only a user with the privilege can set new groups by adding to the group access list of the current user process; any user can delete
groups from it.
Security Restrictions
Some or all of the actions associated with this system call require the privilege. Processes owned by the superuser have this privilege.
Processes owned by other users may have this privilege, depending on system configuration. See privileges(5) for more information about
privileged access on systems that support fine-grained privileges.
RETURN VALUE
Upon successful completion, returns 0; otherwise it returns -1 and sets to indicate the error.
ERRORS
fails if any of the following conditions are encountered:
The caller is not a user with the privilege and has attempted to set new groups.
The address specified for
gidset is outside the process address space. The reliable detection of this error is implementation dependent.
ngroups is greater than or not positive.
An entry in gidset is not a valid group ID.
AUTHOR
was developed by the University of California, Berkeley.
SEE ALSO getgroups(2), initgroups(3C), privileges(5).
STANDARDS CONFORMANCE setgroups(2)
Check Out this Related Man Page
getprivgrp(2) System Calls Manual getprivgrp(2)NAME
getprivgrp(), setprivgrp() - get and set special attributes for group
SYNOPSIS DESCRIPTION
getprivgrp()
The system call returns a table of the privileged group assignments into a user-supplied structure. grplist points to an array of struc-
tures of type associating a group ID with a privilege mask. Privilege masks are formed by ORing together elements from the access types
specified in The array may have gaps in it, distinguished as having a field value of The group number gives the global privilege mask.
Only information about groups which are in the user's group access list, or about the user's real or effective group ID, is returned to an
ordinary user. The complete set is returned to a user with the privilege.
setprivgrp()
The system call associates a kernel capability with a group ID. This allows subletting of superuser-like privileges to members of a par-
ticular group or groups. takes two arguments: grpid, the integer group ID, and mask, a mask of permissions. The mask is created by treat-
ing the access types defined in as bit numbers (using 1 for the least significant bit). Thus, privilege number 5 would be represented by
the bits or 16. More generally, privilege p is represented by:
where is given 8 bits per byte. As it is possible to have more than word-size distinct privileges, mask is a pointer to an integer array
of size
privileges include those specified in the file A process can access the system call protected by a specific privileged group if it belongs
to or has an effective group ID of a group having access to the system call. All processes are considered to belong to the pseudo-group
Specifying a grpid of causes privileges to be revoked on all privileged groups that have any of the privileges specified in mask. Specify-
ing a grpid of causes privileges to be granted to all processes.
The constant in defines the system limit on the number of groups that can be assigned privileges. One of these is always the psuedo-group
allowing for actual groups.
Only processes with the privilege can use
Security Restrictions
Some or all of the actions associated with this system call require the privilege. Processes owned by the superuser have this privilege.
Processes owned by other users may have this privilege, depending on system configuration. See privileges(5) for more information about
privileged access on systems that support fine-grained privileges.
RETURN VALUE
and return the following values:
Successful completion.
Failure.
is set to indicate the error.
ERRORS
If fails, is set to one of the following values.
grplist points to an illegal address. The reliable detection of this error is implementation dependent.
If fails, is set to one of the following values.
The request would require assigning privileges to more than
groups.
mask points to an illegal address. The reliable detection of this error is implementation dependent.
mask has bits set for one or more unknown privileges.
grpid is out of range.
The caller is not a privileged user.
EXAMPLES
The following example prints out and the group IDs of the privilege groups to which the user belongs:
AUTHOR
and were developed by HP.
SEE ALSO getprivgrp(1), setprivgrp(1M), setgroups(2), privgrp(4), privileges(5).
getprivgrp(2)