|
Packit |
7cfc04 |
'\" et
|
|
Packit |
7cfc04 |
.TH SETREUID "3P" 2013 "IEEE/The Open Group" "POSIX Programmer's Manual"
|
|
Packit |
7cfc04 |
.SH PROLOG
|
|
Packit |
7cfc04 |
This manual page is part of the POSIX Programmer's Manual.
|
|
Packit |
7cfc04 |
The Linux implementation of this interface may differ (consult
|
|
Packit |
7cfc04 |
the corresponding Linux manual page for details of Linux behavior),
|
|
Packit |
7cfc04 |
or the interface may not be implemented on Linux.
|
|
Packit |
7cfc04 |
|
|
Packit |
7cfc04 |
.SH NAME
|
|
Packit |
7cfc04 |
setreuid
|
|
Packit |
7cfc04 |
\(em set real and effective user IDs
|
|
Packit |
7cfc04 |
.SH SYNOPSIS
|
|
Packit |
7cfc04 |
.LP
|
|
Packit |
7cfc04 |
.nf
|
|
Packit |
7cfc04 |
#include <unistd.h>
|
|
Packit |
7cfc04 |
.P
|
|
Packit |
7cfc04 |
int setreuid(uid_t \fIruid\fP, uid_t \fIeuid\fP);
|
|
Packit |
7cfc04 |
.fi
|
|
Packit |
7cfc04 |
.SH DESCRIPTION
|
|
Packit |
7cfc04 |
The
|
|
Packit |
7cfc04 |
\fIsetreuid\fR()
|
|
Packit |
7cfc04 |
function shall set the real and effective user IDs of the current
|
|
Packit |
7cfc04 |
process to the values specified by the
|
|
Packit |
7cfc04 |
.IR ruid
|
|
Packit |
7cfc04 |
and
|
|
Packit |
7cfc04 |
.IR euid
|
|
Packit |
7cfc04 |
arguments. If
|
|
Packit |
7cfc04 |
.IR ruid
|
|
Packit |
7cfc04 |
or
|
|
Packit |
7cfc04 |
.IR euid
|
|
Packit |
7cfc04 |
is \(mi1, the corresponding effective or real user ID of the current
|
|
Packit |
7cfc04 |
process shall be left unchanged.
|
|
Packit |
7cfc04 |
.P
|
|
Packit |
7cfc04 |
A process with appropriate privileges can set either ID to any value.
|
|
Packit |
7cfc04 |
An unprivileged process can only set the effective user ID if the
|
|
Packit |
7cfc04 |
.IR euid
|
|
Packit |
7cfc04 |
argument is equal to either the real, effective, or saved user ID of
|
|
Packit |
7cfc04 |
the process.
|
|
Packit |
7cfc04 |
.P
|
|
Packit |
7cfc04 |
If the real user ID is being set (\c
|
|
Packit |
7cfc04 |
.IR ruid
|
|
Packit |
7cfc04 |
is not \(mi1), or the effective user ID is being set to a value not
|
|
Packit |
7cfc04 |
equal to the real user ID, then the saved set-user-ID of the current
|
|
Packit |
7cfc04 |
process shall be set equal to the new effective user ID.
|
|
Packit |
7cfc04 |
.P
|
|
Packit |
7cfc04 |
It is unspecified whether a process without appropriate privileges is
|
|
Packit |
7cfc04 |
permitted to change the real user ID to match the current effective user
|
|
Packit |
7cfc04 |
ID or saved set-user-ID of the process.
|
|
Packit |
7cfc04 |
.SH "RETURN VALUE"
|
|
Packit |
7cfc04 |
Upon successful completion, 0 shall be returned. Otherwise, \(mi1
|
|
Packit |
7cfc04 |
shall be returned and
|
|
Packit |
7cfc04 |
.IR errno
|
|
Packit |
7cfc04 |
set to indicate the error.
|
|
Packit |
7cfc04 |
.SH ERRORS
|
|
Packit |
7cfc04 |
The
|
|
Packit |
7cfc04 |
\fIsetreuid\fR()
|
|
Packit |
7cfc04 |
function shall fail if:
|
|
Packit |
7cfc04 |
.TP
|
|
Packit |
7cfc04 |
.BR EINVAL
|
|
Packit |
7cfc04 |
The value of the
|
|
Packit |
7cfc04 |
.IR ruid
|
|
Packit |
7cfc04 |
or
|
|
Packit |
7cfc04 |
.IR euid
|
|
Packit |
7cfc04 |
argument is invalid or out-of-range.
|
|
Packit |
7cfc04 |
.TP
|
|
Packit |
7cfc04 |
.BR EPERM
|
|
Packit |
7cfc04 |
The current process does not have appropriate privileges, and either an
|
|
Packit |
7cfc04 |
attempt was made to change the effective user ID to a value other than
|
|
Packit |
7cfc04 |
the real user ID or the saved set-user-ID or an attempt was made to
|
|
Packit |
7cfc04 |
change the real user ID to a value not permitted by the
|
|
Packit |
7cfc04 |
implementation.
|
|
Packit |
7cfc04 |
.LP
|
|
Packit |
7cfc04 |
.IR "The following sections are informative."
|
|
Packit |
7cfc04 |
.SH EXAMPLES
|
|
Packit |
7cfc04 |
.SS "Setting the Effective User ID to the Real User ID"
|
|
Packit |
7cfc04 |
.P
|
|
Packit |
7cfc04 |
The following example sets the effective user ID of the calling process
|
|
Packit |
7cfc04 |
to the real user ID, so that files created later will be owned by the
|
|
Packit |
7cfc04 |
current user. It also sets the saved set-user-ID to the real user ID,
|
|
Packit |
7cfc04 |
so any future attempt to set the effective user ID back to its previous
|
|
Packit |
7cfc04 |
value will fail.
|
|
Packit |
7cfc04 |
.sp
|
|
Packit |
7cfc04 |
.RS 4
|
|
Packit |
7cfc04 |
.nf
|
|
Packit |
7cfc04 |
\fB
|
|
Packit |
7cfc04 |
#include <unistd.h>
|
|
Packit |
7cfc04 |
#include <sys/types.h>
|
|
Packit |
7cfc04 |
\&...
|
|
Packit |
7cfc04 |
setreuid(getuid(), getuid());
|
|
Packit |
7cfc04 |
\&...
|
|
Packit |
7cfc04 |
.fi \fR
|
|
Packit |
7cfc04 |
.P
|
|
Packit |
7cfc04 |
.RE
|
|
Packit |
7cfc04 |
.SH "APPLICATION USAGE"
|
|
Packit |
7cfc04 |
None.
|
|
Packit |
7cfc04 |
.SH RATIONALE
|
|
Packit |
7cfc04 |
Earlier versions of this standard did not specify whether the saved
|
|
Packit |
7cfc04 |
set-user-ID was affected by
|
|
Packit |
7cfc04 |
\fIsetreuid\fR()
|
|
Packit |
7cfc04 |
calls. This version specifies common existing practice that constitutes
|
|
Packit |
7cfc04 |
an important security feature. The ability to set both the effective user
|
|
Packit |
7cfc04 |
ID and saved set-user-ID to be the same as the real user ID means that
|
|
Packit |
7cfc04 |
any security weakness in code that is executed after that point cannot
|
|
Packit |
7cfc04 |
result in malicious code being executed with the previous effective user
|
|
Packit |
7cfc04 |
ID. Privileged applications could already do this using just
|
|
Packit |
7cfc04 |
\fIsetuid\fR(),
|
|
Packit |
7cfc04 |
but for non-privileged applications the only standard method available
|
|
Packit |
7cfc04 |
is to use this feature of
|
|
Packit |
7cfc04 |
\fIsetreuid\fR().
|
|
Packit |
7cfc04 |
.SH "FUTURE DIRECTIONS"
|
|
Packit |
7cfc04 |
None.
|
|
Packit |
7cfc04 |
.SH "SEE ALSO"
|
|
Packit |
7cfc04 |
.IR "\fIgetegid\fR\^(\|)",
|
|
Packit |
7cfc04 |
.IR "\fIgeteuid\fR\^(\|)",
|
|
Packit |
7cfc04 |
.IR "\fIgetgid\fR\^(\|)",
|
|
Packit |
7cfc04 |
.IR "\fIgetuid\fR\^(\|)",
|
|
Packit |
7cfc04 |
.IR "\fIsetegid\fR\^(\|)",
|
|
Packit |
7cfc04 |
.IR "\fIseteuid\fR\^(\|)",
|
|
Packit |
7cfc04 |
.IR "\fIsetgid\fR\^(\|)",
|
|
Packit |
7cfc04 |
.IR "\fIsetregid\fR\^(\|)",
|
|
Packit |
7cfc04 |
.IR "\fIsetuid\fR\^(\|)"
|
|
Packit |
7cfc04 |
.P
|
|
Packit |
7cfc04 |
The Base Definitions volume of POSIX.1\(hy2008,
|
|
Packit |
7cfc04 |
.IR "\fB<unistd.h>\fP"
|
|
Packit |
7cfc04 |
.SH COPYRIGHT
|
|
Packit |
7cfc04 |
Portions of this text are reprinted and reproduced in electronic form
|
|
Packit |
7cfc04 |
from IEEE Std 1003.1, 2013 Edition, Standard for Information Technology
|
|
Packit |
7cfc04 |
-- Portable Operating System Interface (POSIX), The Open Group Base
|
|
Packit |
7cfc04 |
Specifications Issue 7, Copyright (C) 2013 by the Institute of
|
|
Packit |
7cfc04 |
Electrical and Electronics Engineers, Inc and The Open Group.
|
|
Packit |
7cfc04 |
(This is POSIX.1-2008 with the 2013 Technical Corrigendum 1 applied.) In the
|
|
Packit |
7cfc04 |
event of any discrepancy between this version and the original IEEE and
|
|
Packit |
7cfc04 |
The Open Group Standard, the original IEEE and The Open Group Standard
|
|
Packit |
7cfc04 |
is the referee document. The original Standard can be obtained online at
|
|
Packit |
7cfc04 |
http://www.unix.org/online.html .
|
|
Packit |
7cfc04 |
|
|
Packit |
7cfc04 |
Any typographical or formatting errors that appear
|
|
Packit |
7cfc04 |
in this page are most likely
|
|
Packit |
7cfc04 |
to have been introduced during the conversion of the source files to
|
|
Packit |
7cfc04 |
man page format. To report such errors, see
|
|
Packit |
7cfc04 |
https://www.kernel.org/doc/man-pages/reporting_bugs.html .
|