CentOS 7.0 - man page for capng_change_id (centos section 3)
|Linux & Unix Commands - Search Man Pages
CAPNG_CHANGE_ID(3) Libcap-ng API CAPNG_CHANGE_ID(3)
capng_change_id - change the credentials retaining capabilities
int capng_change_id(int uid, int gid, capng_flags_t flag);
This function will change uid and gid to the ones given while retaining the capabilities
previously specified in capng_update. It is not necessary and perhaps better if
capng_apply has not been called prior to this function so that all necessary privileges
are still intact. The caller is required to have CAP_SETPCAP capability still active
before calling this function.
This function also takes a flag parameter that helps to tailor the exact actions performed
by the function to secure the environment. The option may be or'ed together. The legal
Simply change uid and retain specified capabilities and that's all.
After changing id, remove and supplement groups that may come with the
After changing the uid and gid, clear the bounding set regardless to the
internal representation already setup.
This returns 0 on success and a negative number on failure. -1 means capng has not been
initted properly, -2 means a failure requesting to keep capabilities across the uid
change, -3 means that applying the intermediate capabilities failed, -4 means changing gid
failed, -5 means dropping supplemental groups failed, -6 means changing the uid failed, -7
means dropping the ability to retain caps across a uid change failed, -8 means clearing
the bounding set failed, -9 means dropping CAP_SETPCAP failed.
Note: the only safe action to do upon failure of this function is to probably exit. This
is because you are likely in a situation with partial permissions and not what you
capng_update(3), capng_apply(3), prctl(2), capabilities(7)
Red Hat June 2009 CAPNG_CHANGE_ID(3)
All times are GMT -4. The time now is 03:19 PM.