diff --git a/man2/setfsgid.2 b/man2/setfsgid.2 index ad81c92f0..3397fa006 100644 --- a/man2/setfsgid.2 +++ b/man2/setfsgid.2 @@ -1,4 +1,5 @@ .\" Copyright (C) 1995, Thomas K. Dyas +.\" and Copyright (C) 2019, Michael Kerrisk .\" .\" %%%LICENSE_START(VERBATIM) .\" Permission is granted to make and distribute verbatim copies of this @@ -36,29 +37,23 @@ setfsgid \- set group identity used for filesystem checks .PP .BI "int setfsgid(uid_t " fsgid ); .SH DESCRIPTION -The system call -.BR setfsgid () -changes the value of the caller's filesystem group ID\(emthe -group ID that the Linux kernel uses to check for all accesses -to the filesystem. -Normally, the value of -the filesystem group ID -will shadow the value of the effective group ID. -In fact, whenever the -effective group ID is changed, -the filesystem group ID -will also be changed to the new value of the effective group ID. +On Linux, a process has both a filesystem group ID and an effective group ID. +The (Linux-specific) filesystem group ID is used +for permissions checking when accessing filesystem objects, +while the effective group ID is used for some other kinds +of permissions checks (see +.BR credentials (7)). .PP -Explicit calls to -.BR setfsuid (2) -and +Normally, the value of the process's filesystem group ID +is the same as the value of its effective group ID. +This is so, because whenever a process's effective group ID is changed, +the kernel also changes the filesystem group ID to be the same as +the new value of the effective group ID. +A process can cause the value of its filesystem group ID to diverge +from its effective group ID by using .BR setfsgid () -are usually used only by programs such as the Linux NFS server that -need to change what user and group ID is used for file access without a -corresponding change in the real and effective user and group IDs. -A change in the normal user IDs for a program such as the NFS server -is a security hole that can expose it to unwanted signals. -(But see below.) +to change its filesystem group ID to the value given in +.IR fsgid . .PP .BR setfsgid () will succeed only if the caller is the superuser or if @@ -77,9 +72,10 @@ This system call is present in Linux since version 1.2. is Linux-specific and should not be used in programs intended to be portable. .SH NOTES -Note that at the time this system call was introduced, a process -could send a signal to a process with the same effective user ID. -Today signal permission handling is slightly different. +The filesystem group ID concept and the +.BR setfsgid () +system call were invented for historical reasons that are +no longer applicable on modern Linux kernels. See .BR setfsuid (2) for a discussion of why the use of both