2004-11-03 13:51:07 +00:00
|
|
|
.\" Copyright (C), 1994, Graeme W. Wilford (Wilf).
|
|
|
|
.\"
|
|
|
|
.\" Permission is granted to make and distribute verbatim copies of this
|
|
|
|
.\" manual provided the copyright notice and this permission notice are
|
|
|
|
.\" preserved on all copies.
|
|
|
|
.\"
|
|
|
|
.\" Permission is granted to copy and distribute modified versions of this
|
|
|
|
.\" manual under the conditions for verbatim copying, provided that the
|
|
|
|
.\" entire resulting derived work is distributed under the terms of a
|
|
|
|
.\" permission notice identical to this one.
|
|
|
|
.\"
|
|
|
|
.\" Since the Linux kernel and libraries are constantly changing, this
|
|
|
|
.\" manual page may be incorrect or out-of-date. The author(s) assume no
|
|
|
|
.\" responsibility for errors or omissions, or for damages resulting from
|
|
|
|
.\" the use of the information contained herein. The author(s) may not
|
|
|
|
.\" have taken the same level of care in the production of this manual,
|
|
|
|
.\" which is licensed free of charge, as they might when working
|
|
|
|
.\" professionally.
|
|
|
|
.\"
|
|
|
|
.\" Formatted or processed versions of this manual, if unaccompanied by
|
|
|
|
.\" the source, must acknowledge the copyright and authors of this work.
|
|
|
|
.\"
|
|
|
|
.\" Fri Jul 29th 12:56:44 BST 1994 Wilf. <G.Wilford@ee.surrey.ac.uk>
|
|
|
|
.\" Changes inspired by patch from Richard Kettlewell
|
|
|
|
.\" <richard@greenend.org.uk>, aeb 970616.
|
2004-11-03 14:43:40 +00:00
|
|
|
.\" Modified, 27 May 2004, Michael Kerrisk <mtk-manpages@gmx.net>
|
2004-11-03 13:51:07 +00:00
|
|
|
.\" Added notes on capability requirements
|
|
|
|
.TH SETUID 2 2004-05-27 "Linux 2.6.6" "Linux Programmer's Manual"
|
|
|
|
.SH NAME
|
|
|
|
setuid \- set user identity
|
|
|
|
.SH SYNOPSIS
|
|
|
|
.B #include <sys/types.h>
|
|
|
|
.br
|
|
|
|
.B #include <unistd.h>
|
|
|
|
.sp
|
|
|
|
.BI "int setuid(uid_t " uid );
|
|
|
|
.SH DESCRIPTION
|
2005-10-19 06:54:38 +00:00
|
|
|
.BR setuid ()
|
2004-11-03 13:51:07 +00:00
|
|
|
sets the effective user ID of the current process.
|
2005-07-18 16:55:22 +00:00
|
|
|
If the effective UID of the caller is root,
|
|
|
|
the real UID and saved set-user-ID are also set.
|
2004-11-03 13:51:07 +00:00
|
|
|
.PP
|
|
|
|
Under Linux,
|
2005-10-19 06:54:38 +00:00
|
|
|
.BR setuid ()
|
2004-11-03 13:51:07 +00:00
|
|
|
is implemented like the POSIX version with the _POSIX_SAVED_IDS feature.
|
2005-07-18 14:25:42 +00:00
|
|
|
This allows a set-user-ID (other than root) program to drop all of its user
|
2004-11-03 13:51:07 +00:00
|
|
|
privileges, do some un-privileged work, and then re-engage the original
|
|
|
|
effective user ID in a secure manner.
|
|
|
|
.PP
|
2005-07-18 14:25:42 +00:00
|
|
|
If the user is root or the program is set-user-ID-root, special care must be
|
2004-11-03 13:51:07 +00:00
|
|
|
taken. The
|
2005-10-19 06:54:38 +00:00
|
|
|
.BR setuid ()
|
2004-12-13 08:58:09 +00:00
|
|
|
function checks the effective user ID of the caller and if it is
|
|
|
|
the superuser, all process related user ID's are set to
|
2004-11-03 13:51:07 +00:00
|
|
|
.IR uid .
|
|
|
|
After this has occurred, it is impossible for the program to regain root
|
|
|
|
privileges.
|
|
|
|
.PP
|
2005-07-18 14:25:42 +00:00
|
|
|
Thus, a set-user-ID-root program wishing to temporarily drop root
|
2004-11-03 13:51:07 +00:00
|
|
|
privileges, assume the identity of a non-root user, and then regain
|
|
|
|
root privileges afterwards cannot use
|
2005-10-19 06:54:38 +00:00
|
|
|
.BR setuid ().
|
2004-11-03 13:51:07 +00:00
|
|
|
You can accomplish this with the (non-POSIX, BSD) call
|
2005-10-19 07:29:28 +00:00
|
|
|
.BR seteuid ().
|
2004-11-03 13:51:07 +00:00
|
|
|
.SH "RETURN VALUE"
|
|
|
|
On success, zero is returned. On error, \-1 is returned, and
|
|
|
|
.I errno
|
|
|
|
is set appropriately.
|
|
|
|
.SH ERRORS
|
|
|
|
.TP
|
|
|
|
.B EAGAIN
|
|
|
|
The
|
|
|
|
.I uid
|
|
|
|
does not match the current uid and
|
|
|
|
.I uid
|
|
|
|
brings process over it's NPROC rlimit.
|
|
|
|
.TP
|
|
|
|
.B EPERM
|
|
|
|
The user is not privileged (Linux: does not have the
|
|
|
|
.B CAP_SETUID
|
|
|
|
capability) and
|
|
|
|
.I uid
|
2005-07-18 16:55:22 +00:00
|
|
|
does not match the real UID or saved set-user-ID of the calling process.
|
2004-11-03 13:51:07 +00:00
|
|
|
.SH "CONFORMING TO"
|
2006-08-03 13:57:17 +00:00
|
|
|
SVr4, POSIX.1-2001.
|
|
|
|
Not quite compatible with the 4.4BSD call, which
|
|
|
|
sets all of the real, saved, and effective user IDs.
|
|
|
|
.\" SVr4 documents an additional EINVAL error condition.
|
2004-11-03 13:51:07 +00:00
|
|
|
.SH "LINUX-SPECIFIC REMARKS"
|
|
|
|
Linux has the concept of filesystem user ID, normally equal to the
|
|
|
|
effective user ID. The
|
2005-10-19 06:54:38 +00:00
|
|
|
.BR setuid ()
|
2004-11-03 13:51:07 +00:00
|
|
|
call also sets the filesystem user ID of the current process.
|
|
|
|
See
|
|
|
|
.BR setfsuid (2).
|
|
|
|
.PP
|
|
|
|
If
|
|
|
|
.I uid
|
|
|
|
is different from the old effective uid, the process will
|
|
|
|
be forbidden from leaving core dumps.
|
|
|
|
.SH "SEE ALSO"
|
|
|
|
.BR getuid (2),
|
|
|
|
.BR seteuid (2),
|
|
|
|
.BR setfsuid (2),
|
|
|
|
.BR setreuid (2),
|
|
|
|
.BR capabilities (7)
|