mirror of https://github.com/mkerrisk/man-pages
Consistent use of "saved set-user-ID" and "saved set-group-ID".
This commit is contained in:
parent
b5a5add044
commit
d9df8ff80a
9
Changes
9
Changes
|
@ -18,7 +18,7 @@ Global changes
|
||||||
--------------
|
--------------
|
||||||
|
|
||||||
The terms "set-user-ID" and "set-group-ID" are now used consistently
|
The terms "set-user-ID" and "set-group-ID" are now used consistently
|
||||||
(no abbreviations) accorss all manual pages.
|
(no abbreviations) across all manual pages.
|
||||||
|
|
||||||
Classical BSD versions are now always named x.yBSD (formerly
|
Classical BSD versions are now always named x.yBSD (formerly
|
||||||
there was a mix of x.yBSD and BSD x.y).
|
there was a mix of x.yBSD and BSD x.y).
|
||||||
|
@ -27,6 +27,9 @@ there was a mix of x.yBSD and BSD x.y).
|
||||||
gid --> GID
|
gid --> GID
|
||||||
id --> ID
|
id --> ID
|
||||||
|
|
||||||
|
Consistent use of "saved set-user-ID" and "saved set-group-ID"
|
||||||
|
(no more "saved user ID", "saved group ID", etc.)
|
||||||
|
|
||||||
Typographical or grammatical errors have been corrected in several
|
Typographical or grammatical errors have been corrected in several
|
||||||
places.
|
places.
|
||||||
|
|
||||||
|
@ -39,6 +42,10 @@ New pages
|
||||||
Changes to individual pages
|
Changes to individual pages
|
||||||
---------------------------
|
---------------------------
|
||||||
|
|
||||||
|
setresuid.2
|
||||||
|
mtk
|
||||||
|
Some rewording.
|
||||||
|
|
||||||
stat.2
|
stat.2
|
||||||
Mike Frysinger
|
Mike Frysinger
|
||||||
Improve description of st_dev and st_rdev.
|
Improve description of st_dev and st_rdev.
|
||||||
|
|
|
@ -39,7 +39,7 @@ getresuid, getresgid \- get real, effective and saved user or group ID
|
||||||
and
|
and
|
||||||
.B getresgid
|
.B getresgid
|
||||||
(both introduced in Linux 2.1.44)
|
(both introduced in Linux 2.1.44)
|
||||||
get the real, effective and saved user ID's (resp. group ID's)
|
get the real UID, effective UID, and saved set-user-ID (resp. group ID's)
|
||||||
of the current process.
|
of the current process.
|
||||||
|
|
||||||
.SH "RETURN VALUE"
|
.SH "RETURN VALUE"
|
||||||
|
|
|
@ -78,8 +78,8 @@ process's dumpable flag.
|
||||||
Set the state of the process's "keep capabilities" flag,
|
Set the state of the process's "keep capabilities" flag,
|
||||||
which determines whether the process's effective and permitted
|
which determines whether the process's effective and permitted
|
||||||
capability sets are cleared when a change is made to the process's user IDs
|
capability sets are cleared when a change is made to the process's user IDs
|
||||||
such that all of the process's real, effective, and saved set-user-IDs
|
such that the process's real UID, effective UID, and saved set-user-ID
|
||||||
become non-zero when at least one of them previously had the value 0.
|
all become non-zero when at least one of them previously had the value 0.
|
||||||
(By default, these credential sets are cleared).
|
(By default, these credential sets are cleared).
|
||||||
.I arg2
|
.I arg2
|
||||||
must be either 0 (capabilities are cleared) or 1 (capabilities are kept).
|
must be either 0 (capabilities are cleared) or 1 (capabilities are kept).
|
||||||
|
|
|
@ -39,7 +39,7 @@ seteuid, setegid \- set effective user or group ID
|
||||||
.B seteuid
|
.B seteuid
|
||||||
sets the effective user ID of the current process.
|
sets the effective user ID of the current process.
|
||||||
Unprivileged user processes may only set the effective user ID to the
|
Unprivileged user processes may only set the effective user ID to the
|
||||||
real user ID, the effective user ID or the saved user ID.
|
real user ID, the effective user ID or the saved set-user-ID.
|
||||||
|
|
||||||
Precisely the same holds for
|
Precisely the same holds for
|
||||||
.B setegid
|
.B setegid
|
||||||
|
@ -69,10 +69,11 @@ and
|
||||||
.I euid
|
.I euid
|
||||||
(resp.
|
(resp.
|
||||||
.IR egid )
|
.IR egid )
|
||||||
is not the real user (group) ID, the effective user (group) ID
|
is not the real user (group) ID, the effective user (group) ID,
|
||||||
or the saved user (group) ID.
|
or the saved set-user-ID (saved set-group-ID).
|
||||||
.SH NOTES
|
.SH NOTES
|
||||||
Setting the effective user (group) ID to the saved user (group) ID is
|
Setting the effective user (group) ID to the
|
||||||
|
saved set-user-ID (saved set-group-ID) is
|
||||||
possible since Linux 1.1.37 (1.1.38).
|
possible since Linux 1.1.37 (1.1.38).
|
||||||
On an arbitrary system one should check _POSIX_SAVED_IDS.
|
On an arbitrary system one should check _POSIX_SAVED_IDS.
|
||||||
.LP
|
.LP
|
||||||
|
@ -80,10 +81,10 @@ Under libc4, libc5 and glibc2.0
|
||||||
.BI seteuid( euid )
|
.BI seteuid( euid )
|
||||||
is equivalent to
|
is equivalent to
|
||||||
.BI setreuid(\-1, " euid" )
|
.BI setreuid(\-1, " euid" )
|
||||||
and hence may change the saved user ID.
|
and hence may change the saved set-user-ID.
|
||||||
Under glibc2.1 it is equivalent to
|
Under glibc2.1 it is equivalent to
|
||||||
.BI setresuid(\-1, " euid" ,\-1)
|
.BI setresuid(\-1, " euid" ,\-1)
|
||||||
and hence does not change the saved user ID.
|
and hence does not change the saved set-user-ID.
|
||||||
Similar remarks hold for
|
Similar remarks hold for
|
||||||
.BR setegid .
|
.BR setegid .
|
||||||
.SH "CONFORMING TO"
|
.SH "CONFORMING TO"
|
||||||
|
|
|
@ -36,12 +36,12 @@ setgid \- set group identity
|
||||||
.SH DESCRIPTION
|
.SH DESCRIPTION
|
||||||
.B setgid
|
.B setgid
|
||||||
sets the effective group ID of the current process. If the caller is the
|
sets the effective group ID of the current process. If the caller is the
|
||||||
superuser, the real and saved group ID's are also set.
|
superuser, the real GID and saved set-group-ID are also set.
|
||||||
|
|
||||||
Under Linux,
|
Under Linux,
|
||||||
.B setgid
|
.B setgid
|
||||||
is implemented like the POSIX version with the _POSIX_SAVED_IDS feature.
|
is implemented like the POSIX version with the _POSIX_SAVED_IDS feature.
|
||||||
This allows a set-group-ID program that is not set-user-ID-root root
|
This allows a set-group-ID program that is not set-user-ID-root
|
||||||
to drop all of its group
|
to drop all of its group
|
||||||
privileges, do some un-privileged work, and then re-engage the original
|
privileges, do some un-privileged work, and then re-engage the original
|
||||||
effective group ID in a secure manner.
|
effective group ID in a secure manner.
|
||||||
|
|
|
@ -36,23 +36,26 @@ setresuid, setresgid \- set real, effective and saved user or group ID
|
||||||
.BI "int setresgid(gid_t " rgid ", gid_t " egid ", gid_t " sgid );
|
.BI "int setresgid(gid_t " rgid ", gid_t " egid ", gid_t " sgid );
|
||||||
.SH DESCRIPTION
|
.SH DESCRIPTION
|
||||||
.B setresuid
|
.B setresuid
|
||||||
sets the real user ID, the effective user ID, and the saved
|
sets the real user ID, the effective user ID, and the
|
||||||
(effective) user ID of the current process.
|
saved set-user-ID of the current process.
|
||||||
|
|
||||||
Unprivileged user processes (i.e., processes with each of
|
Unprivileged user processes
|
||||||
real, effective and saved user ID non-zero) may change the real,
|
may change the real UID,
|
||||||
effective and saved user ID, each to one of:
|
effective UID, and saved set-user-ID, each to one of:
|
||||||
the current uid, the current effective uid or the current saved uid.
|
the current real UID, the current effective UID or the
|
||||||
|
current saved set-user-ID.
|
||||||
|
|
||||||
The superuser may set real, effective and saved user ID to arbitrary values.
|
Privileged processes (on Linux, those having the CAP_SETUID capability)
|
||||||
|
may set the real UID, effective UID, and
|
||||||
|
saved set-user-ID to arbitrary values.
|
||||||
|
|
||||||
If one of the parameters equals \-1, the corresponding value is not changed.
|
If one of the parameters equals \-1, the corresponding value is not changed.
|
||||||
|
|
||||||
Completely analogously,
|
Completely analogously,
|
||||||
.B setresgid
|
.B setresgid
|
||||||
sets the real, effective and saved group ID's of the current process,
|
sets the real GID, effective GID, and saved set-group-ID
|
||||||
with the same restrictions for processes with each of
|
of the current process,
|
||||||
real, effective and saved user ID non-zero.
|
with the same restrictions for non-privileged processes.
|
||||||
|
|
||||||
.SH "RETURN VALUE"
|
.SH "RETURN VALUE"
|
||||||
On success, zero is returned. On error, \-1 is returned, and
|
On success, zero is returned. On error, \-1 is returned, and
|
||||||
|
@ -62,8 +65,8 @@ is set appropriately.
|
||||||
.TP
|
.TP
|
||||||
.B EAGAIN
|
.B EAGAIN
|
||||||
.I uid
|
.I uid
|
||||||
does not match the current uid and this call would
|
does not match the current UID and this call would
|
||||||
bring that userID over its NPROC rlimit.
|
bring that user ID over its NPROC rlimit.
|
||||||
.TP
|
.TP
|
||||||
.B EPERM
|
.B EPERM
|
||||||
The calling process is not privileged (did not have the CAP_SETUID
|
The calling process is not privileged (did not have the CAP_SETUID
|
||||||
|
|
|
@ -59,18 +59,18 @@ Supplying a value of \-1 for either the real or effective user ID forces
|
||||||
the system to leave that ID unchanged.
|
the system to leave that ID unchanged.
|
||||||
|
|
||||||
Unprivileged processes may only set the effective user ID to the real user ID,
|
Unprivileged processes may only set the effective user ID to the real user ID,
|
||||||
the effective user ID or the saved effective user ID.
|
the effective user ID or the saved set-user-ID.
|
||||||
|
|
||||||
POSIX: It is unspecified whether unprivileged processes may set the
|
POSIX: It is unspecified whether unprivileged processes may set the
|
||||||
real user ID to the real user ID, the effective user ID or the saved
|
real user ID to the real user ID, the effective user ID or the
|
||||||
effective user ID.
|
saved set-user-ID.
|
||||||
|
|
||||||
Linux: Unprivileged users may only set the real user ID to
|
Linux: Unprivileged users may only set the real user ID to
|
||||||
the real user ID or the effective user ID.
|
the real user ID or the effective user ID.
|
||||||
|
|
||||||
Linux: If the real user ID is set or the effective user ID is set to a value
|
Linux: If the real user ID is set or the effective user ID is set to a value
|
||||||
not equal to the previous real user ID, the saved user ID will be set to the
|
not equal to the previous real user ID,
|
||||||
new effective user ID.
|
the saved set-user-ID will be set to the new effective user ID.
|
||||||
|
|
||||||
Completely analogously,
|
Completely analogously,
|
||||||
.B setregid
|
.B setregid
|
||||||
|
@ -96,10 +96,11 @@ capability in the case of
|
||||||
and a change other than (i)
|
and a change other than (i)
|
||||||
swapping the effective user (group) ID with the real user (group) ID,
|
swapping the effective user (group) ID with the real user (group) ID,
|
||||||
or (ii) setting one to the value of the other or (iii) setting the
|
or (ii) setting one to the value of the other or (iii) setting the
|
||||||
effective user (group) ID to the value of the saved user (group) ID
|
effective user (group) ID to the value of the
|
||||||
was specified.
|
saved set-user-ID (saved set-group-ID) was specified.
|
||||||
.SH NOTES
|
.SH NOTES
|
||||||
Setting the effective user (group) ID to the saved user ID is
|
Setting the effective user (group) ID to the
|
||||||
|
saved set-user-ID (saved set-group-ID) is
|
||||||
possible since Linux 1.1.37 (1.1.38).
|
possible since Linux 1.1.37 (1.1.38).
|
||||||
.SH "CONFORMING TO"
|
.SH "CONFORMING TO"
|
||||||
4.3BSD (the
|
4.3BSD (the
|
||||||
|
|
|
@ -37,8 +37,8 @@ setuid \- set user identity
|
||||||
.SH DESCRIPTION
|
.SH DESCRIPTION
|
||||||
.B setuid
|
.B setuid
|
||||||
sets the effective user ID of the current process.
|
sets the effective user ID of the current process.
|
||||||
If the effective userid of the caller is root,
|
If the effective UID of the caller is root,
|
||||||
the real and saved user ID's are also set.
|
the real UID and saved set-user-ID are also set.
|
||||||
.PP
|
.PP
|
||||||
Under Linux,
|
Under Linux,
|
||||||
.B setuid
|
.B setuid
|
||||||
|
@ -80,7 +80,7 @@ The user is not privileged (Linux: does not have the
|
||||||
.B CAP_SETUID
|
.B CAP_SETUID
|
||||||
capability) and
|
capability) and
|
||||||
.I uid
|
.I uid
|
||||||
does not match the real or saved user ID of the calling process.
|
does not match the real UID or saved set-user-ID of the calling process.
|
||||||
.SH "CONFORMING TO"
|
.SH "CONFORMING TO"
|
||||||
SVr4, SVID, POSIX.1. Not quite compatible with the 4.4BSD call, which
|
SVr4, SVID, POSIX.1. Not quite compatible with the 4.4BSD call, which
|
||||||
sets all of the real, saved, and effective user IDs. SVr4 documents an
|
sets all of the real, saved, and effective user IDs. SVr4 documents an
|
||||||
|
|
Loading…
Reference in New Issue