mirror of https://github.com/mkerrisk/man-pages
seteuid.2: Note user namespace requirements for CAP_SETUID and CAP_SETGID
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
7127bd53ee
commit
cdbc9e153d
|
@ -83,20 +83,23 @@ it is a grave security error to omit checking for a failure return from
|
||||||
The target user or group ID is not valid in this user namespace.
|
The target user or group ID is not valid in this user namespace.
|
||||||
.TP
|
.TP
|
||||||
.B EPERM
|
.B EPERM
|
||||||
The calling process is not privileged (Linux: does not have the
|
In the case of
|
||||||
.B CAP_SETUID
|
.BR seteuid ():
|
||||||
capability in the case of
|
the calling process is not privileged (does not have the
|
||||||
.BR seteuid (),
|
.BR CAP_SETUID
|
||||||
or the
|
capability in its user namespace) and
|
||||||
.B CAP_SETGID
|
|
||||||
capability in the case of
|
|
||||||
.BR setegid ())
|
|
||||||
and
|
|
||||||
.I euid
|
.I euid
|
||||||
(respectively,
|
does not match the current real user ID, current effective user ID,
|
||||||
.IR egid )
|
or current saved set-user-ID.
|
||||||
is not the real user (group) ID, the effective user (group) ID,
|
|
||||||
or the saved set-user-ID (saved set-group-ID).
|
In the case of
|
||||||
|
.BR setegid ():
|
||||||
|
the calling process is not privileged (does not have the
|
||||||
|
.BR CAP_SETGID
|
||||||
|
capability in its user namespace) and
|
||||||
|
.I egid
|
||||||
|
does not match the current real group ID, current effective group ID,
|
||||||
|
or current saved set-group-ID.
|
||||||
.SH CONFORMING TO
|
.SH CONFORMING TO
|
||||||
POSIX.1-2001, POSIX.1-2008, 4.3BSD.
|
POSIX.1-2001, POSIX.1-2008, 4.3BSD.
|
||||||
.SH NOTES
|
.SH NOTES
|
||||||
|
|
Loading…
Reference in New Issue