mirror of https://github.com/mkerrisk/man-pages
Consistent use of "saved set-user-ID" and "saved set-group-ID".
This commit is contained in:
Michael Kerrisk
parent
b5a5add044
commit
d9df8ff80a
9
Changes
9
Changes
|
|
@ -18,7 +18,7 @@ Global changes
|
|||
--------------
|
||||
|
||||
The terms "set-user-ID" and "set-group-ID" are now used consistently
|
||||
(no abbreviations) accorss all manual pages.
|
||||
(no abbreviations) across all manual pages.
|
||||
|
||||
Classical BSD versions are now always named x.yBSD (formerly
|
||||
there was a mix of x.yBSD and BSD x.y).
|
||||
|
|
@ -27,6 +27,9 @@ there was a mix of x.yBSD and BSD x.y).
|
|||
gid --> GID
|
||||
id --> ID
|
||||
|
||||
Consistent use of "saved set-user-ID" and "saved set-group-ID"
|
||||
(no more "saved user ID", "saved group ID", etc.)
|
||||
|
||||
Typographical or grammatical errors have been corrected in several
|
||||
places.
|
||||
|
||||
|
|
@ -39,6 +42,10 @@ New pages
|
|||
Changes to individual pages
|
||||
---------------------------
|
||||
|
||||
setresuid.2
|
||||
mtk
|
||||
Some rewording.
|
||||
|
||||
stat.2
|
||||
Mike Frysinger
|
||||
Improve description of st_dev and st_rdev.
|
||||
|
|
|
|||
|
|
@ -39,7 +39,7 @@ getresuid, getresgid \- get real, effective and saved user or group ID
|
|||
and
|
||||
.B getresgid
|
||||
(both introduced in Linux 2.1.44)
|
||||
get the real, effective and saved user ID's (resp. group ID's)
|
||||
get the real UID, effective UID, and saved set-user-ID (resp. group ID's)
|
||||
of the current process.
|
||||
|
||||
.SH "RETURN VALUE"
|
||||
|
|
|
|||
|
|
@ -78,8 +78,8 @@ process's dumpable flag.
|
|||
Set the state of the process's "keep capabilities" flag,
|
||||
which determines whether the process's effective and permitted
|
||||
capability sets are cleared when a change is made to the process's user IDs
|
||||
such that all of the process's real, effective, and saved set-user-IDs
|
||||
become non-zero when at least one of them previously had the value 0.
|
||||
such that the process's real UID, effective UID, and saved set-user-ID
|
||||
all become non-zero when at least one of them previously had the value 0.
|
||||
(By default, these credential sets are cleared).
|
||||
.I arg2
|
||||
must be either 0 (capabilities are cleared) or 1 (capabilities are kept).
|
||||
|
|
|
|||
|
|
@ -39,7 +39,7 @@ seteuid, setegid \- set effective user or group ID
|
|||
.B seteuid
|
||||
sets the effective user ID of the current process.
|
||||
Unprivileged user processes may only set the effective user ID to the
|
||||
real user ID, the effective user ID or the saved user ID.
|
||||
real user ID, the effective user ID or the saved set-user-ID.
|
||||
|
||||
Precisely the same holds for
|
||||
.B setegid
|
||||
|
|
@ -69,10 +69,11 @@ and
|
|||
.I euid
|
||||
(resp.
|
||||
.IR egid )
|
||||
is not the real user (group) ID, the effective user (group) ID
|
||||
or the saved user (group) ID.
|
||||
is not the real user (group) ID, the effective user (group) ID,
|
||||
or the saved set-user-ID (saved set-group-ID).
|
||||
.SH NOTES
|
||||
Setting the effective user (group) ID to the saved user (group) ID is
|
||||
Setting the effective user (group) ID to the
|
||||
saved set-user-ID (saved set-group-ID) is
|
||||
possible since Linux 1.1.37 (1.1.38).
|
||||
On an arbitrary system one should check _POSIX_SAVED_IDS.
|
||||
.LP
|
||||
|
|
@ -80,10 +81,10 @@ Under libc4, libc5 and glibc2.0
|
|||
.BI seteuid( euid )
|
||||
is equivalent to
|
||||
.BI setreuid(\-1, " euid" )
|
||||
and hence may change the saved user ID.
|
||||
and hence may change the saved set-user-ID.
|
||||
Under glibc2.1 it is equivalent to
|
||||
.BI setresuid(\-1, " euid" ,\-1)
|
||||
and hence does not change the saved user ID.
|
||||
and hence does not change the saved set-user-ID.
|
||||
Similar remarks hold for
|
||||
.BR setegid .
|
||||
.SH "CONFORMING TO"
|
||||
|
|
|
|||
|
|
@ -36,12 +36,12 @@ setgid \- set group identity
|
|||
.SH DESCRIPTION
|
||||
.B setgid
|
||||
sets the effective group ID of the current process. If the caller is the
|
||||
superuser, the real and saved group ID's are also set.
|
||||
superuser, the real GID and saved set-group-ID are also set.
|
||||
|
||||
Under Linux,
|
||||
.B setgid
|
||||
is implemented like the POSIX version with the _POSIX_SAVED_IDS feature.
|
||||
This allows a set-group-ID program that is not set-user-ID-root root
|
||||
This allows a set-group-ID program that is not set-user-ID-root
|
||||
to drop all of its group
|
||||
privileges, do some un-privileged work, and then re-engage the original
|
||||
effective group ID in a secure manner.
|
||||
|
|
|
|||
|
|
@ -36,23 +36,26 @@ setresuid, setresgid \- set real, effective and saved user or group ID
|
|||
.BI "int setresgid(gid_t " rgid ", gid_t " egid ", gid_t " sgid );
|
||||
.SH DESCRIPTION
|
||||
.B setresuid
|
||||
sets the real user ID, the effective user ID, and the saved
|
||||
(effective) user ID of the current process.
|
||||
sets the real user ID, the effective user ID, and the
|
||||
saved set-user-ID of the current process.
|
||||
|
||||
Unprivileged user processes (i.e., processes with each of
|
||||
real, effective and saved user ID non-zero) may change the real,
|
||||
effective and saved user ID, each to one of:
|
||||
the current uid, the current effective uid or the current saved uid.
|
||||
Unprivileged user processes
|
||||
may change the real UID,
|
||||
effective UID, and saved set-user-ID, each to one of:
|
||||
the current real UID, the current effective UID or the
|
||||
current saved set-user-ID.
|
||||
|
||||
The superuser may set real, effective and saved user ID to arbitrary values.
|
||||
Privileged processes (on Linux, those having the CAP_SETUID capability)
|
||||
may set the real UID, effective UID, and
|
||||
saved set-user-ID to arbitrary values.
|
||||
|
||||
If one of the parameters equals \-1, the corresponding value is not changed.
|
||||
|
||||
Completely analogously,
|
||||
.B setresgid
|
||||
sets the real, effective and saved group ID's of the current process,
|
||||
with the same restrictions for processes with each of
|
||||
real, effective and saved user ID non-zero.
|
||||
sets the real GID, effective GID, and saved set-group-ID
|
||||
of the current process,
|
||||
with the same restrictions for non-privileged processes.
|
||||
|
||||
.SH "RETURN VALUE"
|
||||
On success, zero is returned. On error, \-1 is returned, and
|
||||
|
|
@ -62,8 +65,8 @@ is set appropriately.
|
|||
.TP
|
||||
.B EAGAIN
|
||||
.I uid
|
||||
does not match the current uid and this call would
|
||||
bring that userID over its NPROC rlimit.
|
||||
does not match the current UID and this call would
|
||||
bring that user ID over its NPROC rlimit.
|
||||
.TP
|
||||
.B EPERM
|
||||
The calling process is not privileged (did not have the CAP_SETUID
|
||||
|
|
|
|||
|
|
@ -59,18 +59,18 @@ Supplying a value of \-1 for either the real or effective user ID forces
|
|||
the system to leave that ID unchanged.
|
||||
|
||||
Unprivileged processes may only set the effective user ID to the real user ID,
|
||||
the effective user ID or the saved effective user ID.
|
||||
the effective user ID or the saved set-user-ID.
|
||||
|
||||
POSIX: It is unspecified whether unprivileged processes may set the
|
||||
real user ID to the real user ID, the effective user ID or the saved
|
||||
effective user ID.
|
||||
real user ID to the real user ID, the effective user ID or the
|
||||
saved set-user-ID.
|
||||
|
||||
Linux: Unprivileged users may only set the real user ID to
|
||||
the real user ID or the effective user ID.
|
||||
|
||||
Linux: If the real user ID is set or the effective user ID is set to a value
|
||||
not equal to the previous real user ID, the saved user ID will be set to the
|
||||
new effective user ID.
|
||||
not equal to the previous real user ID,
|
||||
the saved set-user-ID will be set to the new effective user ID.
|
||||
|
||||
Completely analogously,
|
||||
.B setregid
|
||||
|
|
@ -96,10 +96,11 @@ capability in the case of
|
|||
and a change other than (i)
|
||||
swapping the effective user (group) ID with the real user (group) ID,
|
||||
or (ii) setting one to the value of the other or (iii) setting the
|
||||
effective user (group) ID to the value of the saved user (group) ID
|
||||
was specified.
|
||||
effective user (group) ID to the value of the
|
||||
saved set-user-ID (saved set-group-ID) was specified.
|
||||
.SH NOTES
|
||||
Setting the effective user (group) ID to the saved user ID is
|
||||
Setting the effective user (group) ID to the
|
||||
saved set-user-ID (saved set-group-ID) is
|
||||
possible since Linux 1.1.37 (1.1.38).
|
||||
.SH "CONFORMING TO"
|
||||
4.3BSD (the
|
||||
|
|
|
|||
|
|
@ -37,8 +37,8 @@ setuid \- set user identity
|
|||
.SH DESCRIPTION
|
||||
.B setuid
|
||||
sets the effective user ID of the current process.
|
||||
If the effective userid of the caller is root,
|
||||
the real and saved user ID's are also set.
|
||||
If the effective UID of the caller is root,
|
||||
the real UID and saved set-user-ID are also set.
|
||||
.PP
|
||||
Under Linux,
|
||||
.B setuid
|
||||
|
|
@ -80,7 +80,7 @@ The user is not privileged (Linux: does not have the
|
|||
.B CAP_SETUID
|
||||
capability) and
|
||||
.I uid
|
||||
does not match the real or saved user ID of the calling process.
|
||||
does not match the real UID or saved set-user-ID of the calling process.
|
||||
.SH "CONFORMING TO"
|
||||
SVr4, SVID, POSIX.1. Not quite compatible with the 4.4BSD call, which
|
||||
sets all of the real, saved, and effective user IDs. SVr4 documents an
|
||||
|
|
|
|||
Loading…
Reference in New Issue