|
|
To:blowtorch - Setuid uid/euid issue
|
|
setuid(2) System Calls setuid(2) NAME
setuid, setegid, seteuid, setgid - set user and group IDs SYNOPSIS
#include <sys/types.h> #include <unistd.h> int setuid(uid_t uid); int setgid(gid_t gid); int seteuid(uid_t euid); int setegid(gid_t egid); DESCRIPTION
The setuid() function sets the real user ID, effective user ID, and saved user ID of the calling process. The setgid() function sets the real group ID, effective group ID, and saved group ID of the calling process. The setegid() and seteuid() functions set the effective group and user IDs respectively for the calling process. See intro(2) for more information on real, effective, and saved user and group IDs. At login time, the real user ID, effective user ID, and saved user ID of the login process are set to the login ID of the user responsible for the creation of the process. The same is true for the real, effective, and saved group IDs; they are set to the group ID of the user responsible for the creation of the process. When a process calls one of the exec(2) family of functions to execute a file (program), the user and/or group identifiers associated with the process can change. If the file executed is a set-user-ID file, the effective and saved user IDs of the process are set to the owner of the file executed. If the file executed is a set-group-ID file, the effective and saved group IDs of the process are set to the group of the file executed. If the file executed is not a set-user-ID or set-group-ID file, the effective user ID, saved user ID, effective group ID, and saved group ID are not changed. If the {PRIV_PROC_SETID} privilege is asserted in the effective set of the process calling setuid(), the real, effective, and saved user IDs are set to the uid argument. If the uid argument is 0 and none of the saved, effective or real UID is 0, additional restrictions apply. See privileges(5). If the {PRIV_PROC_SETID} privilege is not asserted in the effective set, but uid is either the real user ID or the saved user ID of the calling process, the effective user ID is set to uid. If the {PRIV_PROC_SETID} privilege is asserted in the effective set of the process calling setgid(), the real, effective, and saved group IDs are set to the gid argument. If the {PRIV_PROC_SETID} privilege is not asserted in the effective set, but gid is either the real group ID or the saved group ID of the calling process, the effective group ID is set to gid. RETURN VALUES
Upon successful completion, 0 is returned. Otherwise, -1 is returned and errno is set to indicate the error. ERRORS
The setuid() and setgid() functions will fail if: EINVAL The value of uid or gid is out of range. EPERM For setuid() and seteuid(), the {PRIV_PROC_SETID} privilege is not asserted in the effective set of the calling process and the uid argument does not match either the real or saved user IDs, or an attempt is made to change to UID 0 and none of the existing UIDs is 0, in which case additional privileges are required. For setgid() and setegid(), the {PRIV_PROC_SETID} privilege is not asserted in the effective set and the gid argument does not match either the real or saved group IDs. ATTRIBUTES
See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Interface Stability |Standard | +-----------------------------+-----------------------------+ |MT-Level |Async-Signal-Safe | +-----------------------------+-----------------------------+ SEE ALSO
intro(2), exec(2), getgroups(2), getuid(2), stat.h(3HEAD), attributes(5), privileges(5), standards(5) SunOS 5.10 20 Jan 2003 setuid(2)
