From d9df8ff80a80ede6c93dc4677db09bf2b466ffbc Mon Sep 17 00:00:00 2001 From: Michael Kerrisk Date: Mon, 18 Jul 2005 16:55:22 +0000 Subject: [PATCH] Consistent use of "saved set-user-ID" and "saved set-group-ID". --- Changes | 9 ++++++++- man2/getresuid.2 | 2 +- man2/prctl.2 | 4 ++-- man2/seteuid.2 | 13 +++++++------ man2/setgid.2 | 4 ++-- man2/setresuid.2 | 27 +++++++++++++++------------ man2/setreuid.2 | 17 +++++++++-------- man2/setuid.2 | 6 +++--- 8 files changed, 47 insertions(+), 35 deletions(-) diff --git a/Changes b/Changes index 6d2de3cc7..f21c0db9b 100644 --- a/Changes +++ b/Changes @@ -18,7 +18,7 @@ Global changes -------------- The terms "set-user-ID" and "set-group-ID" are now used consistently -(no abbreviations) accorss all manual pages. +(no abbreviations) across all manual pages. Classical BSD versions are now always named x.yBSD (formerly there was a mix of x.yBSD and BSD x.y). @@ -27,6 +27,9 @@ there was a mix of x.yBSD and BSD x.y). gid --> GID id --> ID +Consistent use of "saved set-user-ID" and "saved set-group-ID" +(no more "saved user ID", "saved group ID", etc.) + Typographical or grammatical errors have been corrected in several places. @@ -39,6 +42,10 @@ New pages Changes to individual pages --------------------------- +setresuid.2 + mtk + Some rewording. + stat.2 Mike Frysinger Improve description of st_dev and st_rdev. diff --git a/man2/getresuid.2 b/man2/getresuid.2 index 3e44caf3d..59b2be113 100644 --- a/man2/getresuid.2 +++ b/man2/getresuid.2 @@ -39,7 +39,7 @@ getresuid, getresgid \- get real, effective and saved user or group ID and .B getresgid (both introduced in Linux 2.1.44) -get the real, effective and saved user ID's (resp. group ID's) +get the real UID, effective UID, and saved set-user-ID (resp. group ID's) of the current process. .SH "RETURN VALUE" diff --git a/man2/prctl.2 b/man2/prctl.2 index 4df46381e..ef39f6792 100644 --- a/man2/prctl.2 +++ b/man2/prctl.2 @@ -78,8 +78,8 @@ process's dumpable flag. Set the state of the process's "keep capabilities" flag, which determines whether the process's effective and permitted capability sets are cleared when a change is made to the process's user IDs -such that all of the process's real, effective, and saved set-user-IDs -become non-zero when at least one of them previously had the value 0. +such that the process's real UID, effective UID, and saved set-user-ID +all become non-zero when at least one of them previously had the value 0. (By default, these credential sets are cleared). .I arg2 must be either 0 (capabilities are cleared) or 1 (capabilities are kept). diff --git a/man2/seteuid.2 b/man2/seteuid.2 index c29b9a815..f332f8e13 100644 --- a/man2/seteuid.2 +++ b/man2/seteuid.2 @@ -39,7 +39,7 @@ seteuid, setegid \- set effective user or group ID .B seteuid sets the effective user ID of the current process. Unprivileged user processes may only set the effective user ID to the -real user ID, the effective user ID or the saved user ID. +real user ID, the effective user ID or the saved set-user-ID. Precisely the same holds for .B setegid @@ -69,10 +69,11 @@ and .I euid (resp. .IR egid ) -is not the real user (group) ID, the effective user (group) ID -or the saved user (group) ID. +is not the real user (group) ID, the effective user (group) ID, +or the saved set-user-ID (saved set-group-ID). .SH NOTES -Setting the effective user (group) ID to the saved user (group) ID is +Setting the effective user (group) ID to the +saved set-user-ID (saved set-group-ID) is possible since Linux 1.1.37 (1.1.38). On an arbitrary system one should check _POSIX_SAVED_IDS. .LP @@ -80,10 +81,10 @@ Under libc4, libc5 and glibc2.0 .BI seteuid( euid ) is equivalent to .BI setreuid(\-1, " euid" ) -and hence may change the saved user ID. +and hence may change the saved set-user-ID. Under glibc2.1 it is equivalent to .BI setresuid(\-1, " euid" ,\-1) -and hence does not change the saved user ID. +and hence does not change the saved set-user-ID. Similar remarks hold for .BR setegid . .SH "CONFORMING TO" diff --git a/man2/setgid.2 b/man2/setgid.2 index 10a70df43..8324cf45f 100644 --- a/man2/setgid.2 +++ b/man2/setgid.2 @@ -36,12 +36,12 @@ setgid \- set group identity .SH DESCRIPTION .B setgid sets the effective group ID of the current process. If the caller is the -superuser, the real and saved group ID's are also set. +superuser, the real GID and saved set-group-ID are also set. Under Linux, .B setgid is implemented like the POSIX version with the _POSIX_SAVED_IDS feature. -This allows a set-group-ID program that is not set-user-ID-root root +This allows a set-group-ID program that is not set-user-ID-root to drop all of its group privileges, do some un-privileged work, and then re-engage the original effective group ID in a secure manner. diff --git a/man2/setresuid.2 b/man2/setresuid.2 index d4415ac1b..5b6352c3f 100644 --- a/man2/setresuid.2 +++ b/man2/setresuid.2 @@ -36,23 +36,26 @@ setresuid, setresgid \- set real, effective and saved user or group ID .BI "int setresgid(gid_t " rgid ", gid_t " egid ", gid_t " sgid ); .SH DESCRIPTION .B setresuid -sets the real user ID, the effective user ID, and the saved -(effective) user ID of the current process. +sets the real user ID, the effective user ID, and the +saved set-user-ID of the current process. -Unprivileged user processes (i.e., processes with each of -real, effective and saved user ID non-zero) may change the real, -effective and saved user ID, each to one of: -the current uid, the current effective uid or the current saved uid. +Unprivileged user processes +may change the real UID, +effective UID, and saved set-user-ID, each to one of: +the current real UID, the current effective UID or the +current saved set-user-ID. -The superuser may set real, effective and saved user ID to arbitrary values. +Privileged processes (on Linux, those having the CAP_SETUID capability) +may set the real UID, effective UID, and +saved set-user-ID to arbitrary values. If one of the parameters equals \-1, the corresponding value is not changed. Completely analogously, .B setresgid -sets the real, effective and saved group ID's of the current process, -with the same restrictions for processes with each of -real, effective and saved user ID non-zero. +sets the real GID, effective GID, and saved set-group-ID +of the current process, +with the same restrictions for non-privileged processes. .SH "RETURN VALUE" On success, zero is returned. On error, \-1 is returned, and @@ -62,8 +65,8 @@ is set appropriately. .TP .B EAGAIN .I uid -does not match the current uid and this call would -bring that userID over its NPROC rlimit. +does not match the current UID and this call would +bring that user ID over its NPROC rlimit. .TP .B EPERM The calling process is not privileged (did not have the CAP_SETUID diff --git a/man2/setreuid.2 b/man2/setreuid.2 index bca5e1175..fa7f8ab4b 100644 --- a/man2/setreuid.2 +++ b/man2/setreuid.2 @@ -59,18 +59,18 @@ Supplying a value of \-1 for either the real or effective user ID forces the system to leave that ID unchanged. Unprivileged processes may only set the effective user ID to the real user ID, -the effective user ID or the saved effective user ID. +the effective user ID or the saved set-user-ID. POSIX: It is unspecified whether unprivileged processes may set the -real user ID to the real user ID, the effective user ID or the saved -effective user ID. +real user ID to the real user ID, the effective user ID or the +saved set-user-ID. Linux: Unprivileged users may only set the real user ID to the real user ID or the effective user ID. Linux: If the real user ID is set or the effective user ID is set to a value -not equal to the previous real user ID, the saved user ID will be set to the -new effective user ID. +not equal to the previous real user ID, +the saved set-user-ID will be set to the new effective user ID. Completely analogously, .B setregid @@ -96,10 +96,11 @@ capability in the case of and a change other than (i) swapping the effective user (group) ID with the real user (group) ID, or (ii) setting one to the value of the other or (iii) setting the -effective user (group) ID to the value of the saved user (group) ID -was specified. +effective user (group) ID to the value of the +saved set-user-ID (saved set-group-ID) was specified. .SH NOTES -Setting the effective user (group) ID to the saved user ID is +Setting the effective user (group) ID to the +saved set-user-ID (saved set-group-ID) is possible since Linux 1.1.37 (1.1.38). .SH "CONFORMING TO" 4.3BSD (the diff --git a/man2/setuid.2 b/man2/setuid.2 index 2e066fa95..0504fe5d6 100644 --- a/man2/setuid.2 +++ b/man2/setuid.2 @@ -37,8 +37,8 @@ setuid \- set user identity .SH DESCRIPTION .B setuid sets the effective user ID of the current process. -If the effective userid of the caller is root, -the real and saved user ID's are also set. +If the effective UID of the caller is root, +the real UID and saved set-user-ID are also set. .PP Under Linux, .B setuid @@ -80,7 +80,7 @@ The user is not privileged (Linux: does not have the .B CAP_SETUID capability) and .I uid -does not match the real or saved user ID of the calling process. +does not match the real UID or saved set-user-ID of the calling process. .SH "CONFORMING TO" SVr4, SVID, POSIX.1. Not quite compatible with the 4.4BSD call, which sets all of the real, saved, and effective user IDs. SVr4 documents an