|
Packit |
7cfc04 |
.\" Copyright (C) 1995, Thomas K. Dyas <tdyas@eden.rutgers.edu>
|
|
Packit |
7cfc04 |
.\"
|
|
Packit |
7cfc04 |
.\" %%%LICENSE_START(VERBATIM)
|
|
Packit |
7cfc04 |
.\" Permission is granted to make and distribute verbatim copies of this
|
|
Packit |
7cfc04 |
.\" manual provided the copyright notice and this permission notice are
|
|
Packit |
7cfc04 |
.\" preserved on all copies.
|
|
Packit |
7cfc04 |
.\"
|
|
Packit |
7cfc04 |
.\" Permission is granted to copy and distribute modified versions of this
|
|
Packit |
7cfc04 |
.\" manual under the conditions for verbatim copying, provided that the
|
|
Packit |
7cfc04 |
.\" entire resulting derived work is distributed under the terms of a
|
|
Packit |
7cfc04 |
.\" permission notice identical to this one.
|
|
Packit |
7cfc04 |
.\"
|
|
Packit |
7cfc04 |
.\" Since the Linux kernel and libraries are constantly changing, this
|
|
Packit |
7cfc04 |
.\" manual page may be incorrect or out-of-date. The author(s) assume no
|
|
Packit |
7cfc04 |
.\" responsibility for errors or omissions, or for damages resulting from
|
|
Packit |
7cfc04 |
.\" the use of the information contained herein. The author(s) may not
|
|
Packit |
7cfc04 |
.\" have taken the same level of care in the production of this manual,
|
|
Packit |
7cfc04 |
.\" which is licensed free of charge, as they might when working
|
|
Packit |
7cfc04 |
.\" professionally.
|
|
Packit |
7cfc04 |
.\"
|
|
Packit |
7cfc04 |
.\" Formatted or processed versions of this manual, if unaccompanied by
|
|
Packit |
7cfc04 |
.\" the source, must acknowledge the copyright and authors of this work.
|
|
Packit |
7cfc04 |
.\" %%%LICENSE_END
|
|
Packit |
7cfc04 |
.\"
|
|
Packit |
7cfc04 |
.\" Created 1995-08-06 Thomas K. Dyas <tdyas@eden.rutgers.edu>
|
|
Packit |
7cfc04 |
.\" Modified 2000-07-01 aeb
|
|
Packit |
7cfc04 |
.\" Modified 2002-07-23 aeb
|
|
Packit |
7cfc04 |
.\" Modified, 27 May 2004, Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Packit |
7cfc04 |
.\" Added notes on capability requirements
|
|
Packit |
7cfc04 |
.\"
|
|
Packit |
7cfc04 |
.TH SETFSGID 2 2017-09-15 "Linux" "Linux Programmer's Manual"
|
|
Packit |
7cfc04 |
.SH NAME
|
|
Packit |
7cfc04 |
setfsgid \- set group identity used for filesystem checks
|
|
Packit |
7cfc04 |
.SH SYNOPSIS
|
|
Packit |
7cfc04 |
.B #include <sys/fsuid.h>
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
.BI "int setfsgid(uid_t " fsgid );
|
|
Packit |
7cfc04 |
.SH DESCRIPTION
|
|
Packit |
7cfc04 |
The system call
|
|
Packit |
7cfc04 |
.BR setfsgid ()
|
|
Packit |
7cfc04 |
changes the value of the caller's filesystem group ID\(emthe
|
|
Packit |
7cfc04 |
group ID that the Linux kernel uses to check for all accesses
|
|
Packit |
7cfc04 |
to the filesystem.
|
|
Packit |
7cfc04 |
Normally, the value of
|
|
Packit |
7cfc04 |
the filesystem group ID
|
|
Packit |
7cfc04 |
will shadow the value of the effective group ID.
|
|
Packit |
7cfc04 |
In fact, whenever the
|
|
Packit |
7cfc04 |
effective group ID is changed,
|
|
Packit |
7cfc04 |
the filesystem group ID
|
|
Packit |
7cfc04 |
will also be changed to the new value of the effective group ID.
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
Explicit calls to
|
|
Packit |
7cfc04 |
.BR setfsuid (2)
|
|
Packit |
7cfc04 |
and
|
|
Packit |
7cfc04 |
.BR setfsgid ()
|
|
Packit |
7cfc04 |
are usually used only by programs such as the Linux NFS server that
|
|
Packit |
7cfc04 |
need to change what user and group ID is used for file access without a
|
|
Packit |
7cfc04 |
corresponding change in the real and effective user and group IDs.
|
|
Packit |
7cfc04 |
A change in the normal user IDs for a program such as the NFS server
|
|
Packit |
7cfc04 |
is a security hole that can expose it to unwanted signals.
|
|
Packit |
7cfc04 |
(But see below.)
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
.BR setfsgid ()
|
|
Packit |
7cfc04 |
will succeed only if the caller is the superuser or if
|
|
Packit |
7cfc04 |
.I fsgid
|
|
Packit |
7cfc04 |
matches either the caller's real group ID, effective group ID,
|
|
Packit |
7cfc04 |
saved set-group-ID, or current the filesystem user ID.
|
|
Packit |
7cfc04 |
.SH RETURN VALUE
|
|
Packit |
7cfc04 |
On both success and failure,
|
|
Packit |
7cfc04 |
this call returns the previous filesystem group ID of the caller.
|
|
Packit |
7cfc04 |
.SH VERSIONS
|
|
Packit |
7cfc04 |
This system call is present in Linux since version 1.2.
|
|
Packit |
7cfc04 |
.\" This system call is present since Linux 1.1.44
|
|
Packit |
7cfc04 |
.\" and in libc since libc 4.7.6.
|
|
Packit |
7cfc04 |
.SH CONFORMING TO
|
|
Packit |
7cfc04 |
.BR setfsgid ()
|
|
Packit |
7cfc04 |
is Linux-specific and should not be used in programs intended
|
|
Packit |
7cfc04 |
to be portable.
|
|
Packit |
7cfc04 |
.SH NOTES
|
|
Packit |
7cfc04 |
Note that at the time this system call was introduced, a process
|
|
Packit |
7cfc04 |
could send a signal to a process with the same effective user ID.
|
|
Packit |
7cfc04 |
Today signal permission handling is slightly different.
|
|
Packit |
7cfc04 |
See
|
|
Packit |
7cfc04 |
.BR setfsuid (2)
|
|
Packit |
7cfc04 |
for a discussion of why the use of both
|
|
Packit |
7cfc04 |
.BR setfsuid (2)
|
|
Packit |
7cfc04 |
and
|
|
Packit |
7cfc04 |
.BR setfsgid ()
|
|
Packit |
7cfc04 |
is nowadays unneeded.
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
The original Linux
|
|
Packit |
7cfc04 |
.BR setfsgid ()
|
|
Packit |
7cfc04 |
system call supported only 16-bit group IDs.
|
|
Packit |
7cfc04 |
Subsequently, Linux 2.4 added
|
|
Packit |
7cfc04 |
.BR setfsgid32 ()
|
|
Packit |
7cfc04 |
supporting 32-bit IDs.
|
|
Packit |
7cfc04 |
The glibc
|
|
Packit |
7cfc04 |
.BR setfsgid ()
|
|
Packit |
7cfc04 |
wrapper function transparently deals with the variation across kernel versions.
|
|
Packit |
7cfc04 |
.SS C library/kernel differences
|
|
Packit |
7cfc04 |
In glibc 2.15 and earlier,
|
|
Packit |
7cfc04 |
when the wrapper for this system call determines that the argument can't be
|
|
Packit |
7cfc04 |
passed to the kernel without integer truncation (because the kernel
|
|
Packit |
7cfc04 |
is old and does not support 32-bit group IDs),
|
|
Packit |
7cfc04 |
they will return \-1 and set \fIerrno\fP to
|
|
Packit |
7cfc04 |
.B EINVAL
|
|
Packit |
7cfc04 |
without attempting
|
|
Packit |
7cfc04 |
the system call.
|
|
Packit |
7cfc04 |
.SH BUGS
|
|
Packit |
7cfc04 |
No error indications of any kind are returned to the caller,
|
|
Packit |
7cfc04 |
and the fact that both successful and unsuccessful calls return
|
|
Packit |
7cfc04 |
the same value makes it impossible to directly determine
|
|
Packit |
7cfc04 |
whether the call succeeded or failed.
|
|
Packit |
7cfc04 |
Instead, the caller must resort to looking at the return value
|
|
Packit |
7cfc04 |
from a further call such as
|
|
Packit |
7cfc04 |
.IR setfsgid(\-1)
|
|
Packit |
7cfc04 |
(which will always fail), in order to determine if a preceding call to
|
|
Packit |
7cfc04 |
.BR setfsgid ()
|
|
Packit |
7cfc04 |
changed the filesystem group ID.
|
|
Packit |
7cfc04 |
At the very
|
|
Packit |
7cfc04 |
least,
|
|
Packit |
7cfc04 |
.B EPERM
|
|
Packit |
7cfc04 |
should be returned when the call fails (because the caller lacks the
|
|
Packit |
7cfc04 |
.B CAP_SETGID
|
|
Packit |
7cfc04 |
capability).
|
|
Packit |
7cfc04 |
.SH SEE ALSO
|
|
Packit |
7cfc04 |
.BR kill (2),
|
|
Packit |
7cfc04 |
.BR setfsuid (2),
|
|
Packit |
7cfc04 |
.BR capabilities (7),
|
|
Packit |
7cfc04 |
.BR credentials (7)
|
|
Packit |
7cfc04 |
.SH COLOPHON
|
|
Packit |
7cfc04 |
This page is part of release 4.15 of the Linux
|
|
Packit |
7cfc04 |
.I man-pages
|
|
Packit |
7cfc04 |
project.
|
|
Packit |
7cfc04 |
A description of the project,
|
|
Packit |
7cfc04 |
information about reporting bugs,
|
|
Packit |
7cfc04 |
and the latest version of this page,
|
|
Packit |
7cfc04 |
can be found at
|
|
Packit |
7cfc04 |
\%https://www.kernel.org/doc/man\-pages/.
|