2004-11-03 13:51:07 +00:00
|
|
|
.\" Copyright (C), 1994, Graeme W. Wilford (Wilf).
|
|
|
|
.\"
|
|
|
|
.\" Permission is granted to make and distribute verbatim copies of this
|
|
|
|
.\" manual provided the copyright notice and this permission notice are
|
|
|
|
.\" preserved on all copies.
|
|
|
|
.\"
|
|
|
|
.\" Permission is granted to copy and distribute modified versions of this
|
|
|
|
.\" manual under the conditions for verbatim copying, provided that the
|
|
|
|
.\" entire resulting derived work is distributed under the terms of a
|
|
|
|
.\" permission notice identical to this one.
|
2007-04-12 22:42:49 +00:00
|
|
|
.\"
|
2004-11-03 13:51:07 +00:00
|
|
|
.\" Since the Linux kernel and libraries are constantly changing, this
|
|
|
|
.\" manual page may be incorrect or out-of-date. The author(s) assume no
|
|
|
|
.\" responsibility for errors or omissions, or for damages resulting from
|
|
|
|
.\" the use of the information contained herein. The author(s) may not
|
|
|
|
.\" have taken the same level of care in the production of this manual,
|
|
|
|
.\" which is licensed free of charge, as they might when working
|
|
|
|
.\" professionally.
|
2007-04-12 22:42:49 +00:00
|
|
|
.\"
|
2004-11-03 13:51:07 +00:00
|
|
|
.\" Formatted or processed versions of this manual, if unaccompanied by
|
|
|
|
.\" the source, must acknowledge the copyright and authors of this work.
|
|
|
|
.\"
|
2007-04-12 22:42:49 +00:00
|
|
|
.\" Fri Jul 29th 12:56:44 BST 1994 Wilf. <G.Wilford@ee.surrey.ac.uk>
|
2004-11-03 13:51:07 +00:00
|
|
|
.\" Changes inspired by patch from Richard Kettlewell
|
|
|
|
.\" <richard@greenend.org.uk>, aeb 970616.
|
2007-09-20 06:52:22 +00:00
|
|
|
.\" Modified, 27 May 2004, Michael Kerrisk <mtk.manpages@gmail.com>
|
2004-11-03 13:51:07 +00:00
|
|
|
.\" Added notes on capability requirements
|
2010-02-21 13:43:05 +00:00
|
|
|
.TH SETUID 2 2010-02-21 "Linux" "Linux Programmer's Manual"
|
2004-11-03 13:51:07 +00:00
|
|
|
.SH NAME
|
|
|
|
setuid \- set user identity
|
|
|
|
.SH SYNOPSIS
|
|
|
|
.B #include <sys/types.h>
|
|
|
|
.br
|
|
|
|
.B #include <unistd.h>
|
|
|
|
.sp
|
|
|
|
.BI "int setuid(uid_t " uid );
|
|
|
|
.SH DESCRIPTION
|
2005-10-19 06:54:38 +00:00
|
|
|
.BR setuid ()
|
2007-12-27 16:06:35 +00:00
|
|
|
sets the effective user ID of the calling process.
|
2005-07-18 16:55:22 +00:00
|
|
|
If the effective UID of the caller is root,
|
|
|
|
the real UID and saved set-user-ID are also set.
|
2004-11-03 13:51:07 +00:00
|
|
|
.PP
|
2007-04-12 22:42:49 +00:00
|
|
|
Under Linux,
|
2005-10-19 06:54:38 +00:00
|
|
|
.BR setuid ()
|
2007-07-08 16:21:19 +00:00
|
|
|
is implemented like the POSIX version with the
|
|
|
|
.B _POSIX_SAVED_IDS
|
|
|
|
feature.
|
2005-07-18 14:25:42 +00:00
|
|
|
This allows a set-user-ID (other than root) program to drop all of its user
|
close.2, epoll_create.2, epoll_ctl.2, fcntl.2, madvise.2, mmap.2, mremap.2, select_tut.2, setgid.2, setuid.2, syscalls.2, vmsplice.2, dlopen.3, fts.3, getpw.3, stdio.3, fd.4, initrd.4, random.4, sd.4, bootparam.7, capabilities.7, cpuset.7, epoll.7, inotify.7, man.7, socket.7, x25.7: Global fix: s/re-/re/
The tendency in English, as prescribed in style guides like
Chicago MoS, is towards removing hyphens after prefixes
like "re-" etc.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2010-01-16 17:45:23 +00:00
|
|
|
privileges, do some un-privileged work, and then reengage the original
|
2004-11-03 13:51:07 +00:00
|
|
|
effective user ID in a secure manner.
|
|
|
|
.PP
|
2005-07-18 14:25:42 +00:00
|
|
|
If the user is root or the program is set-user-ID-root, special care must be
|
2007-04-12 22:42:49 +00:00
|
|
|
taken.
|
|
|
|
The
|
2005-10-19 06:54:38 +00:00
|
|
|
.BR setuid ()
|
2004-12-13 08:58:09 +00:00
|
|
|
function checks the effective user ID of the caller and if it is
|
2007-06-02 05:49:27 +00:00
|
|
|
the superuser, all process-related user ID's are set to
|
2007-04-12 22:42:49 +00:00
|
|
|
.IR uid .
|
2004-11-03 13:51:07 +00:00
|
|
|
After this has occurred, it is impossible for the program to regain root
|
|
|
|
privileges.
|
|
|
|
.PP
|
2005-07-18 14:25:42 +00:00
|
|
|
Thus, a set-user-ID-root program wishing to temporarily drop root
|
2010-01-16 17:24:09 +00:00
|
|
|
privileges, assume the identity of an unprivileged user, and then regain
|
Changes.old, clone.2, execve.2, fcntl.2, futex.2, getitimer.2, getpriority.2, mmap.2, mount.2, mprotect.2, sched_setscheduler.2, select_tut.2, setuid.2, sigaltstack.2, vfork.2, div.3, fenv.3, fmod.3, memchr.3, pthread_attr_setstackaddr.3, pthread_attr_setstacksize.3, pthread_getattr_np.3, queue.3, scanf.3, trunc.3, st.4, proc.5, services.5, utmp.5, bootparam.7, capabilities.7, feature_test_macros.7, futex.7, glob.7, man.7, netlink.7, unicode.7: Switch to American usage: "-wards" ==> "-ward"
American English uses "afterward" in preference to "afterwards",
and so on
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2010-09-26 05:34:47 +00:00
|
|
|
root privileges afterward cannot use
|
2005-10-19 06:54:38 +00:00
|
|
|
.BR setuid ().
|
2010-02-21 13:43:05 +00:00
|
|
|
You can accomplish this with
|
2007-05-11 23:07:02 +00:00
|
|
|
.BR seteuid (2).
|
2004-11-03 13:51:07 +00:00
|
|
|
.SH "RETURN VALUE"
|
2007-04-12 22:42:49 +00:00
|
|
|
On success, zero is returned.
|
|
|
|
On error, \-1 is returned, and
|
2004-11-03 13:51:07 +00:00
|
|
|
.I errno
|
|
|
|
is set appropriately.
|
|
|
|
.SH ERRORS
|
|
|
|
.TP
|
|
|
|
.B EAGAIN
|
|
|
|
The
|
|
|
|
.I uid
|
2007-04-12 22:42:49 +00:00
|
|
|
does not match the current uid and
|
2004-11-03 13:51:07 +00:00
|
|
|
.I uid
|
2007-06-23 07:19:07 +00:00
|
|
|
brings process over its
|
2007-09-20 16:26:31 +00:00
|
|
|
.B RLIMIT_NPROC
|
2007-06-22 19:42:52 +00:00
|
|
|
resource limit.
|
2004-11-03 13:51:07 +00:00
|
|
|
.TP
|
|
|
|
.B EPERM
|
|
|
|
The user is not privileged (Linux: does not have the
|
|
|
|
.B CAP_SETUID
|
|
|
|
capability) and
|
|
|
|
.I uid
|
2005-07-18 16:55:22 +00:00
|
|
|
does not match the real UID or saved set-user-ID of the calling process.
|
2004-11-03 13:51:07 +00:00
|
|
|
.SH "CONFORMING TO"
|
2007-04-12 22:42:49 +00:00
|
|
|
SVr4, POSIX.1-2001.
|
2006-08-03 13:57:17 +00:00
|
|
|
Not quite compatible with the 4.4BSD call, which
|
2007-04-12 22:42:49 +00:00
|
|
|
sets all of the real, saved, and effective user IDs.
|
2006-08-03 13:57:17 +00:00
|
|
|
.\" SVr4 documents an additional EINVAL error condition.
|
2007-05-18 10:39:45 +00:00
|
|
|
.SH NOTES
|
|
|
|
.SS Linux Notes
|
2008-03-19 07:26:08 +00:00
|
|
|
Linux has the concept of file system user ID, normally equal to the
|
2007-04-12 22:42:49 +00:00
|
|
|
effective user ID.
|
|
|
|
The
|
2005-10-19 06:54:38 +00:00
|
|
|
.BR setuid ()
|
2008-03-19 07:26:08 +00:00
|
|
|
call also sets the file system user ID of the calling process.
|
2004-11-03 13:51:07 +00:00
|
|
|
See
|
|
|
|
.BR setfsuid (2).
|
|
|
|
.PP
|
|
|
|
If
|
|
|
|
.I uid
|
|
|
|
is different from the old effective uid, the process will
|
|
|
|
be forbidden from leaving core dumps.
|
|
|
|
.SH "SEE ALSO"
|
|
|
|
.BR getuid (2),
|
|
|
|
.BR seteuid (2),
|
|
|
|
.BR setfsuid (2),
|
|
|
|
.BR setreuid (2),
|
2007-06-08 07:57:18 +00:00
|
|
|
.BR capabilities (7),
|
|
|
|
.BR credentials (7)
|