Consistent use of "set-user-ID" and "set-group-ID".

2005-07-18 14:25:42 +00:00 · 2005-07-18 14:25:42 +00:00 · 880f5b4bc3
parent da2d9dad4e
commit 880f5b4bc3
23 changed files with 73 additions and 55 deletions
--- a/12
+++ b/12
@ -8,14 +8,18 @@ Contributors
 The following people contributed notes, ideas, or patches that have
 been incorporated in changes in this release:
-### Andries Brouwer <Andries.Brouwer@cwi.nl>
+Andries Brouwer <Andries.Brouwer@cwi.nl>
 ### Joey (Martin) Schulze <joey@infodrom.org>
 Mike Frysinger <vapier@gentoo.org>
 Apologies if I missed anyone!
 Global changes
 --------------
 The terms "set-user-ID" and "set-group-ID" are now used consistently
 (no abbreviations) accorss all manual pages.
 Typographical or grammatical errors have been corrected in several
 places.
@ -27,3 +31,9 @@ New pages
 Changes to individual pages
 ---------------------------
 stat.2
    Mike Frysinger
    	Improve description of st_dev and st_rdev.
    mtk
        Various wording and formatting improvements.
--- a/man1/chmod.1
+++ b/man1/chmod.1
@ -56,8 +56,8 @@ sticky bit (t), the permissions that the user
 who owns the file currently has for it (u), the permissions that other
 users in the file's group have for it (g), and the permissions that
 other users not in the file's group have for it (o).
-(Thus, `chmod g\-s file' removes the set-group-ID (sgid) bit,
+(Thus, `chmod g\-s file' removes the set-group-ID bit,
-\&`chmod ug+s file' sets both the suid and sgid bits, while
+\&`chmod ug+s file' sets both the set-user-ID and set-group-ID bits, while
 \&`chmod o+s file' does nothing.)
 .PP
 The name of the `sticky bit' derives from the original meaning:
@ -133,7 +133,7 @@ usual meaning.
 POSIX 1003.2 only requires the \-R option. Use of other options
 may not be portable. This standard does not describe the 't' permission
 bit. This standard does not specify whether \fBchmod\fP must preserve
-consistency by clearing or refusing to set the suid and sgid
+consistency by clearing or refusing to set the set-user-ID and set-group-ID
 bits, e.g., when all execute bits are cleared, or whether \fBchmod\fP
 honors the `s' bit at all.
 .SH "NONSTANDARD MODES"
@ -142,8 +142,10 @@ Various systems attach special meanings to otherwise
 meaningless combinations of mode bits.
 In particular, Linux, following System V (see
 System V Interface Definition (SVID) Version 3),
-lets the sgid bit for files without group execute permission
+uses the combination of having the set-group-ID bit enabled
-mark the file for mandatory locking. For more details, see
+while group execute bit is disabled to mean that
 mandatory locking is enabled for the file.
 For more details, see
 the file
 .IR /usr/src/linux/Documentation/mandatory.txt .
 .SH NOTES
--- a/man1/cp.1
+++ b/man1/cp.1
@ -86,10 +86,10 @@ Only copy upon an affirmative answer.)
 .TP
 .B \-p
 Preserve the original files' owner, group, permissions
-(including the setuid and setgid bits), time of last modification
+(including the set-user-ID and set-group-ID bits), time of last modification
 and time of last access.
-In case duplication of owner or group fails, the setuid and setgid
+In case duplication of owner or group fails,
-bits are cleared.
+the set-user-ID and set-group-ID bits are cleared.
 (Note that afterwards source and copy may well have different
 times of last access, since the copy operation is an access
 to the source file.)
--- a/man1/ls.1
+++ b/man1/ls.1
@ -222,12 +222,12 @@ combines multiple bits into the third character of each set of permissions
 .RS
 .TP
 .B s
-If the setuid or setgid bit and the corresponding executable bit are
+If the set-user-ID or set-group-ID bit and the corresponding 
-both set.
+executable bit are both set.
 .TP
 .B S
-If the setuid or setgid bit is set but the corresponding executable bit
+If the set-user-ID or set-group-ID bit is set 
-is not set. 
+but the corresponding executable bit is not set. 
 .TP	  
 .B t
 If the sticky bit and the other-executable bit are both set.
--- a/man1/mv.1
+++ b/man1/mv.1
@ -56,8 +56,9 @@ When they are on different filesystems, the source file is copied
 and then deleted.
 .B mv
 will copy modification time, access time, user and group ID, and mode
-if possible. When copying user and/or group ID fails, the setuid and
+if possible. 
-setgid bits are cleared in the copy.
+When copying user and/or group ID fails, the set-user-ID and
 set-group-ID bits are cleared in the copy.
 .SH "POSIX OPTIONS"
 .TP
 .B "\-f"
--- a/man2/access.2
+++ b/man2/access.2
@ -77,7 +77,8 @@ links encountered on the way.
 The check is done with the process's
 .I real
 UID and GID, rather than with the effective IDs as is done when
-actually attempting an operation.  This is to allow set-UID programs to
+actually attempting an operation.
 This is to allow set-user-ID programs to
 easily determine the invoking user's authority.
 Only access bits are checked, not the file type or contents.  Therefore, if
--- a/man2/execve.2
+++ b/man2/execve.2
@ -64,10 +64,10 @@ The SIGCHLD signal (when set to SIG_IGN) may or may not be reset to SIG_DFL.
 If the current program is being ptraced, a \fBSIGTRAP\fP is sent to it
 after a successful \fBexecve()\fP.
-If the set-uid bit is set on the program file pointed to by
+If the set-user-ID bit is set on the program file pointed to by
 \fIfilename\fP, and the calling process is not being ptraced,
 then the effective user ID of the calling process is changed
-to that of the owner of the program file.  Similarly, when the set-gid
+to that of the owner of the program file.  Similarly, when the set-group-ID
 bit of the program file is set the effective group ID of the calling
 process is set to the group of the program file.
--- a/man2/fcntl.2
+++ b/man2/fcntl.2
@ -335,7 +335,7 @@ To make use of mandatory locks, mandatory locking must be enabled
 .BR mount (8))
 for the file system containing the
 file to be locked and enabled on the file itself (by disabling
-group execute permission on the file and enabling the set-GID
+group execute permission on the file and enabling the set-group-ID
 permission bit).
 Advisory locks are not enforced and are useful only between
--- a/man2/mount.2
+++ b/man2/mount.2
@ -138,10 +138,10 @@ Do not allow programs to be executed from this file system.
 .\" users cannot execute files uploaded using ftp or so.)
 .TP
 .B MS_NOSUID
-Do not honour set-UID and set-GID bits when executing
+Do not honour set-user-ID and set-group-ID bits when executing
 programs from this file system.
-.\" (This is a security feature to prevent users executing set-UID and
+.\" (This is a security feature to prevent users executing set-user-ID and
-.\" set-GID programs from removable disk devices.)
+.\" set-group-ID programs from removable disk devices.)
 .TP
 .B MS_RDONLY
 Mount file system read-only.
@ -348,13 +348,13 @@ in more than one place, so specifying the device does not suffice).
 The original MS_SYNC flag was renamed MS_SYNCHRONOUS in 1.1.69
 when a different MS_SYNC was added to <mman.h>.
 .LP
-Before Linux 2.4 an attempt to execute a set-UID or set-GID program
+Before Linux 2.4 an attempt to execute a set-user-ID or set-group-ID program
 on a filesystem mounted with
 .B MS_NOSUID
 would fail with
 .BR EPERM .
-Since Linux 2.4 the set-UID and set-GID bits are just silently ignored
+Since Linux 2.4 the set-user-ID and set-group-ID bits are 
-in this case.
+just silently ignored in this case.
 .\" The change is in patch-2.4.0-prerelease.
 .SH "SEE ALSO"
 .BR path_resolution (2),
--- a/man2/prctl.2
+++ b/man2/prctl.2
@ -64,8 +64,8 @@ Set the state of the flag determining whether core dumps are produced
 for this process upon delivery of a signal whose default behaviour is
 to produce a core dump.
 (Normally this flag is set for a process by default, but it is cleared
-when a set-UID or set-GID program is executed and also by various system
+when a set-user-ID or set-group-ID program is executed and also by 
-calls that manipulate process UIDs and GIDs).
+various system calls that manipulate process UIDs and GIDs).
 .I arg2
 must be either 0 (process is not dumpable) or 1 (process is dumpable).
 .TP
--- a/man2/ptrace.2
+++ b/man2/ptrace.2
@ -248,8 +248,9 @@ The specified process cannot be traced.  This could be because the
 parent has insufficient privileges (the required capability is
 .BR CAP_SYS_PTRACE );
 non-root processes cannot trace processes that they
-cannot send signals to or those running setuid/setgid programs, for obvious
+cannot send signals to or those running set-user-ID/set-group-ID programs,
-reasons.  Alternatively, the process may already be being traced, or be
+for obvious reasons.
 Alternatively, the process may already be being traced, or be
 .BR init 
 (pid 1).
 .TP
--- a/man2/setgid.2
+++ b/man2/setgid.2
@ -41,7 +41,8 @@ superuser, the real and saved group ID's are also set.
 Under Linux, 
 .B setgid
 is implemented like the POSIX version with the _POSIX_SAVED_IDS feature.
-This allows a setgid program that is not suid root to drop all of its group
+This allows a set-group-ID program that is not set-user-ID-root root 
 to drop all of its group
 privileges, do some un-privileged work, and then re-engage the original
 effective group ID in a secure manner.
 .SH "RETURN VALUE"
--- a/man2/setuid.2
+++ b/man2/setuid.2
@ -43,11 +43,11 @@ the real and saved user ID's are also set.
 Under Linux, 
 .B setuid
 is implemented like the POSIX version with the _POSIX_SAVED_IDS feature.
-This allows a setuid (other than root) program to drop all of its user
+This allows a set-user-ID (other than root) program to drop all of its user
 privileges, do some un-privileged work, and then re-engage the original
 effective user ID in a secure manner.
 .PP
-If the user is root or the program is setuid root, special care must be
+If the user is root or the program is set-user-ID-root, special care must be
 taken. The 
 .B setuid
 function checks the effective user ID of the caller and if it is
@ -56,7 +56,7 @@ the superuser, all process related user ID's are set to
 After this has occurred, it is impossible for the program to regain root
 privileges.
 .PP
-Thus, a setuid-root program wishing to temporarily drop root
+Thus, a set-user-ID-root program wishing to temporarily drop root
 privileges, assume the identity of a non-root user, and then regain
 root privileges afterwards cannot use 
 .BR setuid .
--- a/man2/statvfs.2
+++ b/man2/statvfs.2
@ -80,7 +80,7 @@ Bits defined by POSIX are
 Read-only file system.
 .TP
 .B ST_NOSUID
-Setuid/setgid bits are ignored by
+Set-user-ID/set-group-ID bits are ignored by
 .BR exec (2).
 .LP
--- a/man2/truncate.2
+++ b/man2/truncate.2
@ -69,7 +69,8 @@ the extended part reads as zero bytes.
 The file pointer is not changed.
 .LP
 If the size changed, then the ctime and mtime fields for the file
-are updated, and suid and sgid mode bits may be cleared.
+are updated, 
 and set-user-ID and set-group-ID permission bits may be cleared.
 .LP
 With
 .BR ftruncate ,
--- a/man3/dlopen.3
+++ b/man3/dlopen.3
@ -88,8 +88,8 @@ If the environment variable
 .BR LD_LIBRARY_PATH
 is defined to contain a colon-separated list of directories,
 then these are searched.
-(As a security measure this variable is ignored for set-UID and 
+(As a security measure this variable is ignored for set-user-ID and 
-set-GID programs.)
+set-group-ID programs.)
 .IP o
 (ELF only) If the executable file for the calling program
 contains a DT_RUNPATH tag, then the directories listed in that tag
--- a/man3/getlogin.3
+++ b/man3/getlogin.3
@ -64,7 +64,7 @@ declared in \fBstdio.h\fP.
 .PP
 These functions let your program identify positively the user who is
 running (\fBcuserid\fP) or the user who logged in this session
-(\fBgetlogin\fP).  (These can differ when setuid programs are
+(\fBgetlogin\fP).  (These can differ when set-user-ID programs are
 involved.)
 .PP
 For most purposes, it is more useful to use the environment variable
--- a/man3/grantpt.3
+++ b/man3/grantpt.3
@ -50,7 +50,7 @@ POSIX 1003.1-2001
 .SH NOTES
 This is part of the Unix98 pty support, see
 .BR pts (4).
-Many systems implement this function via a setuid helper binary
+Many systems implement this function via a set-user-ID helper binary
 called "pt_chown". With Linux devpts no such helper binary is required.
 .SH "SEE ALSO"
 .BR open (2),
--- a/man3/system.3
+++ b/man3/system.3
@ -103,7 +103,7 @@ to check the exit status of the child. E.g.
 .PP
 Do not use
 .BR system ()
-from a program with set-UID or set-GID privileges,
+from a program with set-user-ID or set-group-ID privileges,
 because strange values for some environment variables
 might be used to subvert system integrity.
 Use the
@ -113,8 +113,8 @@ family of functions instead, but not
 or
 .BR execvp (3).
 .BR system ()
-will not, in fact, work properly from programs with set-UID or set-GID
+will not, in fact, work properly from programs with set-user-ID or 
-privileges on systems on which
+set-group-ID privileges on systems on which
 .I /bin/sh
 is bash version 2, since bash 2 drops privileges on startup.
 (Debian uses a modified bash which does not do this when invoked as
--- a/man3/tempnam.3
+++ b/man3/tempnam.3
@ -67,7 +67,7 @@ Allocation of storage failed.
 .LP
 .SH NOTES
 SUSv2 does not mention the use of TMPDIR; glibc will use it only
-when the program is not suid.
+when the program is not set-user-ID.
 SVID2 specifies that the directory used under (iv) is
 .IR /tmp .
 SVID2 specifies that the string returned by
--- a/man7/capabilities.7
+++ b/man7/capabilities.7
@ -272,7 +272,7 @@ the capabilities that the process may assume
 (i.e., a limiting superset for the effective and inheritable sets).
 If a process drops a capability from its permitted set,
 it can never re-acquire that capability (unless it execs a
-set-UID-root program).
+set-user-ID-root program).
 .TP
 .IR inheritable :
 the capabilities preserved across an
@ -281,7 +281,7 @@ the capabilities preserved across an
 In the current implementation, a process is granted all permitted and
 effective capabilities (subject to the operation of the
 capability bounding set described below)
-when it execs a set-UID-root program,
+when it execs a set-user-ID-root program,
 or if a process with a real UID of zero execs a new program.
 .PP
 A child created via
@ -360,12 +360,12 @@ support file capability sets, during an exec:
 .IP 1. 4
 All three file capability sets are initially assumed to be cleared.
 .IP 2. 4
-If a set-UID-root program is being execed,
+If a set-user-ID-root program is being execed,
 or the real user ID of the process is 0 (root)
 then the file allowed and forced sets are defined to be all ones
 (i.e., all capabilities set).
 .IP 3. 4
-If a set-UID-root program is being executed,
+If a set-user-ID-root program is being executed,
 then the file effective set is defined to be all ones.
 .PP
 During an exec, the kernel calculates the new capabilities of
--- a/man7/pthreads.7
+++ b/man7/pthreads.7
@ -191,7 +191,7 @@ However, the resulting process has the same PID as the thread that called
 it should have the same PID as the main thread.
 .IP \- 3
 Threads do not share user and group IDs.
-This can cause complications with set-UID programs and
+This can cause complications with set-user-ID programs and
 can cause failures in Pthreads functions if an application
 changes its credentials using
 .BR seteuid (2)
--- a/man8/ld.so.8
+++ b/man8/ld.so.8
@ -39,8 +39,8 @@ Use of DT_RPATH is deprecated.
 .IP o
 Using the environment variable
 .BR LD_LIBRARY_PATH .
-Except if the executable is a setuid/setgid binary, in which case it
+Except if the executable is a set-user-ID/set-group-ID binary, 
-is ignored.
+in which case it is ignored.
 .IP o
 (ELF only) Using the DT_RUNPATH dynamic section attribute
 of the binary if present.
@ -103,8 +103,9 @@ environment variable.
 A whitespace-separated list of additional, user-specified, ELF shared 
 libraries to be loaded before all others.
 This can be used to selectively override functions in other shared libraries.
-For setuid/setgid ELF binaries, only libraries in the standard search
+For set-user-ID/set-group-ID ELF binaries,
-directories that are also setuid will be loaded.
+only libraries in the standard search
 directories that are also set-user-ID will be loaded.
 .TP
 .B LD_BIND_NOW
 (libc5; glibc since 2.1.1)
@ -152,7 +153,7 @@ environment variable.
 File where
 .B LD_DEBUG
 output should be fed into, default is standard output.
-LD_DEBUG_OUTPUT is ignored for setuid/setgid binaries.
+LD_DEBUG_OUTPUT is ignored for set-user-ID/set-group-ID binaries.
 .TP
 .B LD_VERBOSE
 (glibc since 2.1)
@ -174,7 +175,7 @@ Shared object to be profiled.
 File where
 .B LD_PROFILE
 output should be stored, default is standard output.
-LD_DEBUG_OUTPUT is ignored for setuid/setgid binaries.
+LD_DEBUG_OUTPUT is ignored for set-user-ID/set-group-ID binaries.
 .TP
 .B LD_AOUT_LIBRARY_PATH
 (libc5)
@ -196,7 +197,7 @@ Mask for hardware capabilities.
 .TP
 .B LD_ORIGIN_PATH
 (glibc since 2.1)
-Path where the binary is found (for non-setuid programs).
+Path where the binary is found (for non-set-user-ID programs).
 .TP
 .B LD_DYNAMIC_WEAK
 (glibc since 2.1.91)