mirror of https://github.com/mkerrisk/man-pages
seteuid.2: Note user namespace requirements for CAP_SETUID and CAP_SETGID
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
7127bd53ee
commit
cdbc9e153d
|
@ -83,20 +83,23 @@ it is a grave security error to omit checking for a failure return from
|
|||
The target user or group ID is not valid in this user namespace.
|
||||
.TP
|
||||
.B EPERM
|
||||
The calling process is not privileged (Linux: does not have the
|
||||
.B CAP_SETUID
|
||||
capability in the case of
|
||||
.BR seteuid (),
|
||||
or the
|
||||
.B CAP_SETGID
|
||||
capability in the case of
|
||||
.BR setegid ())
|
||||
and
|
||||
In the case of
|
||||
.BR seteuid ():
|
||||
the calling process is not privileged (does not have the
|
||||
.BR CAP_SETUID
|
||||
capability in its user namespace) and
|
||||
.I euid
|
||||
(respectively,
|
||||
.IR egid )
|
||||
is not the real user (group) ID, the effective user (group) ID,
|
||||
or the saved set-user-ID (saved set-group-ID).
|
||||
does not match the current real user ID, current effective user ID,
|
||||
or current saved set-user-ID.
|
||||
|
||||
In the case of
|
||||
.BR setegid ():
|
||||
the calling process is not privileged (does not have the
|
||||
.BR CAP_SETGID
|
||||
capability in its user namespace) and
|
||||
.I egid
|
||||
does not match the current real group ID, current effective group ID,
|
||||
or current saved set-group-ID.
|
||||
.SH CONFORMING TO
|
||||
POSIX.1-2001, POSIX.1-2008, 4.3BSD.
|
||||
.SH NOTES
|
||||
|
|
Loading…
Reference in New Issue