HP-UX Reference (11i v3 07/02) - 2 System Calls (vol 5)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

401

402

403

404

405

406

407

408

409

410

setuid(2) setuid(2)

NAME

setuid(), setgid() - set user and group IDs

SYNOPSIS

#include <unistd.h>

int setuid(uid_t uid);

int setgid(gid_t gid);

DESCRIPTION

setuid() sets the real-user-ID (ruid), effective-user-ID (euid), and/or saved-user-ID (suid) of the calling

process. If the Security Containment product is installed, these interfaces treat a process observing

CHSUBJIDENT as a privileged process. Otherwise, only processes with an euid of zero are treated as

privileged processes. See privileges (5) for more information on Security Containment and ﬁne-grained

privileges.

The following conditions govern setuid’s behavior:

• If the process is privileged,

setuid() sets the ruid, euid, and suid to uid.

• If the process is not privileged and the argument uid is equal to the ruid or the suid,

setuid()

sets the euid to uid; the ruid and suid remain unchanged. (If a set-user-ID program is not running

as superuser, it can change its euid to match its ruid and reset itself to the previous euid value.)

• If the process is not privileged, the argument uid is equal to the euid, and the calling process has

the

PRIV_SETRUGID privilege, setuid()

sets the ruid to uid; the euid and suid remain

unchanged.

setgid() sets the real-group-ID (rgid), effective-group-ID (egid), and/or saved-group-ID (sgid) of the cal-

ling process. The following conditions govern

setgid()’s behavior:

• If the process is privileged, setgid() sets the rgid and egid to gid.

• If the process is not privileged and the argument gid is equal to the rgid or the sgid,

setgid()

sets the egid to gid; the rgid and sgid remain unchanged.

• If the process is not privileged, the argument gid is equal to the egid, and the calling process has

the

PRIV_SETRUGID privilege, setgid()

sets the rgid to gid; the egid and sgid remain

unchanged.

Security Restrictions

Some or all of the actions associated with this system call require the

CHSUBJIDENT privilege. Processes

owned by the superuser have this privilege. Processes owned by other users may have this privilege,

depending on system conﬁguration.

See privileges(5) for more information about privileged access on systems that support ﬁne-grained

privileges.

RETURN VALUE

Upon successful completion,

setuid() and setgid() return 0; otherwise, they return −1 and set

errno to indicate the error.

ERRORS

setuid() and setgid() fail and return −1 if any of the following conditions are encountered:

[EPERM] None of the conditions above are met.

[EINVAL] uid (gid) is not a valid user (group) ID.

WARNINGS

It is recommended that the PRIV_SETRUGID capability be avoided, as it is provided for backward compa-

tibility. This feature may be modiﬁed or dropped from future HP-UX releases. When changing the real

user ID and real group ID, use of setresuid() and setresgid() (see setresuid(2)) is recommended

instead.

AUTHOR

setuid() was developed by AT&T, the University of California, Berkeley, and HP.

HP-UX 11i Version 3: February 2007 − 1 − Hewlett-Packard Company 409