LDP
/
man-pages
mirror of https://github.com/mkerrisk/man-pages
0
1
Fork 0
Code Releases Activity

Consistent use of "saved set-user-ID" and "saved set-group-ID".

This commit is contained in:
Michael Kerrisk 2005-07-18 16:55:22 +00:00
parent b5a5add044
commit d9df8ff80a
8 changed files with 47 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
Changes
View File

@ -18,7 +18,7 @@ Global changes
-------------- --------------
The terms "set-user-ID" and "set-group-ID" are now used consistently The terms "set-user-ID" and "set-group-ID" are now used consistently
(no abbreviations) accorss all manual pages. (no abbreviations) across all manual pages.
Classical BSD versions are now always named x.yBSD (formerly Classical BSD versions are now always named x.yBSD (formerly
there was a mix of x.yBSD and BSD x.y). there was a mix of x.yBSD and BSD x.y).
@ -27,6 +27,9 @@ there was a mix of x.yBSD and BSD x.y).
gid --> GID gid --> GID
id --> ID id --> ID
Consistent use of "saved set-user-ID" and "saved set-group-ID"
(no more "saved user ID", "saved group ID", etc.)
Typographical or grammatical errors have been corrected in several Typographical or grammatical errors have been corrected in several
places. places.
@ -39,6 +42,10 @@ New pages
Changes to individual pages Changes to individual pages
--------------------------- ---------------------------
setresuid.2
mtk
Some rewording.
stat.2 stat.2
Mike Frysinger Mike Frysinger
Improve description of st_dev and st_rdev. Improve description of st_dev and st_rdev.

2
man2/getresuid.2
View File

@ -39,7 +39,7 @@ getresuid, getresgid \- get real, effective and saved user or group ID
and and
.B getresgid .B getresgid
(both introduced in Linux 2.1.44) (both introduced in Linux 2.1.44)
get the real, effective and saved user ID's (resp. group ID's) get the real UID, effective UID, and saved set-user-ID (resp. group ID's)
of the current process. of the current process.
.SH "RETURN VALUE" .SH "RETURN VALUE"

4
man2/prctl.2
View File

@ -78,8 +78,8 @@ process's dumpable flag.
Set the state of the process's "keep capabilities" flag, Set the state of the process's "keep capabilities" flag,
which determines whether the process's effective and permitted which determines whether the process's effective and permitted
capability sets are cleared when a change is made to the process's user IDs capability sets are cleared when a change is made to the process's user IDs
such that all of the process's real, effective, and saved set-user-IDs such that the process's real UID, effective UID, and saved set-user-ID
become non-zero when at least one of them previously had the value 0. all become non-zero when at least one of them previously had the value 0.
(By default, these credential sets are cleared). (By default, these credential sets are cleared).
.I arg2 .I arg2
must be either 0 (capabilities are cleared) or 1 (capabilities are kept). must be either 0 (capabilities are cleared) or 1 (capabilities are kept).

13
man2/seteuid.2
View File

@ -39,7 +39,7 @@ seteuid, setegid \- set effective user or group ID
.B seteuid .B seteuid
sets the effective user ID of the current process. sets the effective user ID of the current process.
Unprivileged user processes may only set the effective user ID to the Unprivileged user processes may only set the effective user ID to the
real user ID, the effective user ID or the saved user ID. real user ID, the effective user ID or the saved set-user-ID.
Precisely the same holds for Precisely the same holds for
.B setegid .B setegid
@ -69,10 +69,11 @@ and
.I euid .I euid
(resp. (resp.
.IR egid ) .IR egid )
is not the real user (group) ID, the effective user (group) ID is not the real user (group) ID, the effective user (group) ID,
or the saved user (group) ID. or the saved set-user-ID (saved set-group-ID).
.SH NOTES .SH NOTES
Setting the effective user (group) ID to the saved user (group) ID is Setting the effective user (group) ID to the
saved set-user-ID (saved set-group-ID) is
possible since Linux 1.1.37 (1.1.38). possible since Linux 1.1.37 (1.1.38).
On an arbitrary system one should check _POSIX_SAVED_IDS. On an arbitrary system one should check _POSIX_SAVED_IDS.
.LP .LP
@ -80,10 +81,10 @@ Under libc4, libc5 and glibc2.0
.BI seteuid( euid ) .BI seteuid( euid )
is equivalent to is equivalent to
.BI setreuid(\-1, " euid" ) .BI setreuid(\-1, " euid" )
and hence may change the saved user ID. and hence may change the saved set-user-ID.
Under glibc2.1 it is equivalent to Under glibc2.1 it is equivalent to
.BI setresuid(\-1, " euid" ,\-1) .BI setresuid(\-1, " euid" ,\-1)
and hence does not change the saved user ID. and hence does not change the saved set-user-ID.
Similar remarks hold for Similar remarks hold for
.BR setegid . .BR setegid .
.SH "CONFORMING TO" .SH "CONFORMING TO"

4
man2/setgid.2
View File

@ -36,12 +36,12 @@ setgid \- set group identity
.SH DESCRIPTION .SH DESCRIPTION
.B setgid .B setgid
sets the effective group ID of the current process. If the caller is the sets the effective group ID of the current process. If the caller is the
superuser, the real and saved group ID's are also set. superuser, the real GID and saved set-group-ID are also set.
Under Linux, Under Linux,
.B setgid .B setgid
is implemented like the POSIX version with the _POSIX_SAVED_IDS feature. is implemented like the POSIX version with the _POSIX_SAVED_IDS feature.
This allows a set-group-ID program that is not set-user-ID-root root This allows a set-group-ID program that is not set-user-ID-root
to drop all of its group to drop all of its group
privileges, do some un-privileged work, and then re-engage the original privileges, do some un-privileged work, and then re-engage the original
effective group ID in a secure manner. effective group ID in a secure manner.

27
man2/setresuid.2
View File

@ -36,23 +36,26 @@ setresuid, setresgid \- set real, effective and saved user or group ID
.BI "int setresgid(gid_t " rgid ", gid_t " egid ", gid_t " sgid ); .BI "int setresgid(gid_t " rgid ", gid_t " egid ", gid_t " sgid );
.SH DESCRIPTION .SH DESCRIPTION
.B setresuid .B setresuid
sets the real user ID, the effective user ID, and the saved sets the real user ID, the effective user ID, and the
(effective) user ID of the current process. saved set-user-ID of the current process.
Unprivileged user processes (i.e., processes with each of Unprivileged user processes
real, effective and saved user ID non-zero) may change the real, may change the real UID,
effective and saved user ID, each to one of: effective UID, and saved set-user-ID, each to one of:
the current uid, the current effective uid or the current saved uid. the current real UID, the current effective UID or the
current saved set-user-ID.
The superuser may set real, effective and saved user ID to arbitrary values. Privileged processes (on Linux, those having the CAP_SETUID capability)
may set the real UID, effective UID, and
saved set-user-ID to arbitrary values.
If one of the parameters equals \-1, the corresponding value is not changed. If one of the parameters equals \-1, the corresponding value is not changed.
Completely analogously, Completely analogously,
.B setresgid .B setresgid
sets the real, effective and saved group ID's of the current process, sets the real GID, effective GID, and saved set-group-ID
with the same restrictions for processes with each of of the current process,
real, effective and saved user ID non-zero. with the same restrictions for non-privileged processes.
.SH "RETURN VALUE" .SH "RETURN VALUE"
On success, zero is returned. On error, \-1 is returned, and On success, zero is returned. On error, \-1 is returned, and
@ -62,8 +65,8 @@ is set appropriately.
.TP .TP
.B EAGAIN .B EAGAIN
.I uid .I uid
does not match the current uid and this call would does not match the current UID and this call would
bring that userID over its NPROC rlimit. bring that user ID over its NPROC rlimit.
.TP .TP
.B EPERM .B EPERM
The calling process is not privileged (did not have the CAP_SETUID The calling process is not privileged (did not have the CAP_SETUID

17
man2/setreuid.2
View File

@ -59,18 +59,18 @@ Supplying a value of \-1 for either the real or effective user ID forces
the system to leave that ID unchanged. the system to leave that ID unchanged.
Unprivileged processes may only set the effective user ID to the real user ID, Unprivileged processes may only set the effective user ID to the real user ID,
the effective user ID or the saved effective user ID. the effective user ID or the saved set-user-ID.
POSIX: It is unspecified whether unprivileged processes may set the POSIX: It is unspecified whether unprivileged processes may set the
real user ID to the real user ID, the effective user ID or the saved real user ID to the real user ID, the effective user ID or the
effective user ID. saved set-user-ID.
Linux: Unprivileged users may only set the real user ID to Linux: Unprivileged users may only set the real user ID to
the real user ID or the effective user ID. the real user ID or the effective user ID.
Linux: If the real user ID is set or the effective user ID is set to a value Linux: If the real user ID is set or the effective user ID is set to a value
not equal to the previous real user ID, the saved user ID will be set to the not equal to the previous real user ID,
new effective user ID. the saved set-user-ID will be set to the new effective user ID.
Completely analogously, Completely analogously,
.B setregid .B setregid
@ -96,10 +96,11 @@ capability in the case of
and a change other than (i) and a change other than (i)
swapping the effective user (group) ID with the real user (group) ID, swapping the effective user (group) ID with the real user (group) ID,
or (ii) setting one to the value of the other or (iii) setting the or (ii) setting one to the value of the other or (iii) setting the
effective user (group) ID to the value of the saved user (group) ID effective user (group) ID to the value of the
was specified. saved set-user-ID (saved set-group-ID) was specified.
.SH NOTES .SH NOTES
Setting the effective user (group) ID to the saved user ID is Setting the effective user (group) ID to the
saved set-user-ID (saved set-group-ID) is
possible since Linux 1.1.37 (1.1.38). possible since Linux 1.1.37 (1.1.38).
.SH "CONFORMING TO" .SH "CONFORMING TO"
4.3BSD (the 4.3BSD (the

6
man2/setuid.2
View File

@ -37,8 +37,8 @@ setuid \- set user identity
.SH DESCRIPTION .SH DESCRIPTION
.B setuid .B setuid
sets the effective user ID of the current process. sets the effective user ID of the current process.
If the effective userid of the caller is root, If the effective UID of the caller is root,
the real and saved user ID's are also set. the real UID and saved set-user-ID are also set.
.PP .PP
Under Linux, Under Linux,
.B setuid .B setuid
@ -80,7 +80,7 @@ The user is not privileged (Linux: does not have the
.B CAP_SETUID .B CAP_SETUID
capability) and capability) and
.I uid .I uid
does not match the real or saved user ID of the calling process. does not match the real UID or saved set-user-ID of the calling process.
.SH "CONFORMING TO" .SH "CONFORMING TO"
SVr4, SVID, POSIX.1. Not quite compatible with the 4.4BSD call, which SVr4, SVID, POSIX.1. Not quite compatible with the 4.4BSD call, which
sets all of the real, saved, and effective user IDs. SVr4 documents an sets all of the real, saved, and effective user IDs. SVr4 documents an