|
Packit |
7cfc04 |
.\" Copyright (C), 1994, Graeme W. Wilford. (Wilf.)
|
|
Packit |
7cfc04 |
.\" and Copyright (C) 2010, 2015, Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Packit |
7cfc04 |
.\"
|
|
Packit |
7cfc04 |
.\" %%%LICENSE_START(VERBATIM)
|
|
Packit |
7cfc04 |
.\" Permission is granted to make and distribute verbatim copies of this
|
|
Packit |
7cfc04 |
.\" manual provided the copyright notice and this permission notice are
|
|
Packit |
7cfc04 |
.\" preserved on all copies.
|
|
Packit |
7cfc04 |
.\"
|
|
Packit |
7cfc04 |
.\" Permission is granted to copy and distribute modified versions of this
|
|
Packit |
7cfc04 |
.\" manual under the conditions for verbatim copying, provided that the
|
|
Packit |
7cfc04 |
.\" entire resulting derived work is distributed under the terms of a
|
|
Packit |
7cfc04 |
.\" permission notice identical to this one.
|
|
Packit |
7cfc04 |
.\"
|
|
Packit |
7cfc04 |
.\" Since the Linux kernel and libraries are constantly changing, this
|
|
Packit |
7cfc04 |
.\" manual page may be incorrect or out-of-date. The author(s) assume no
|
|
Packit |
7cfc04 |
.\" responsibility for errors or omissions, or for damages resulting from
|
|
Packit |
7cfc04 |
.\" the use of the information contained herein. The author(s) may not
|
|
Packit |
7cfc04 |
.\" have taken the same level of care in the production of this manual,
|
|
Packit |
7cfc04 |
.\" which is licensed free of charge, as they might when working
|
|
Packit |
7cfc04 |
.\" professionally.
|
|
Packit |
7cfc04 |
.\"
|
|
Packit |
7cfc04 |
.\" Formatted or processed versions of this manual, if unaccompanied by
|
|
Packit |
7cfc04 |
.\" the source, must acknowledge the copyright and authors of this work.
|
|
Packit |
7cfc04 |
.\" %%%LICENSE_END
|
|
Packit |
7cfc04 |
.\"
|
|
Packit |
7cfc04 |
.\" Fri Jul 29th 12:56:44 BST 1994 Wilf. <G.Wilford@ee.surrey.ac.uk>
|
|
Packit |
7cfc04 |
.\" Modified 1997-01-31 by Eric S. Raymond <esr@thyrsus.com>
|
|
Packit |
7cfc04 |
.\" Modified 2002-03-09 by aeb
|
|
Packit |
7cfc04 |
.\"
|
|
Packit |
7cfc04 |
.TH SETGID 2 2017-09-15 "Linux" "Linux Programmer's Manual"
|
|
Packit |
7cfc04 |
.SH NAME
|
|
Packit |
7cfc04 |
setgid \- set group identity
|
|
Packit |
7cfc04 |
.SH SYNOPSIS
|
|
Packit |
7cfc04 |
.B #include <sys/types.h>
|
|
Packit |
7cfc04 |
.br
|
|
Packit |
7cfc04 |
.B #include <unistd.h>
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
.BI "int setgid(gid_t " gid );
|
|
Packit |
7cfc04 |
.SH DESCRIPTION
|
|
Packit |
7cfc04 |
.BR setgid ()
|
|
Packit |
7cfc04 |
sets the effective group ID of the calling process.
|
|
Packit |
7cfc04 |
If the calling process is privileged (has the
|
|
Packit |
7cfc04 |
.B CAP_SETGID
|
|
Packit |
7cfc04 |
capability in its user namespace),
|
|
Packit |
7cfc04 |
the real GID and saved set-group-ID are also set.
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
Under Linux,
|
|
Packit |
7cfc04 |
.BR setgid ()
|
|
Packit |
7cfc04 |
is implemented like the POSIX version with the
|
|
Packit |
7cfc04 |
.B _POSIX_SAVED_IDS
|
|
Packit |
7cfc04 |
feature.
|
|
Packit |
7cfc04 |
This allows a set-group-ID program that is not set-user-ID-root
|
|
Packit |
7cfc04 |
to drop all of its group
|
|
Packit |
7cfc04 |
privileges, do some un-privileged work, and then reengage the original
|
|
Packit |
7cfc04 |
effective group ID in a secure manner.
|
|
Packit |
7cfc04 |
.SH RETURN VALUE
|
|
Packit |
7cfc04 |
On success, zero is returned.
|
|
Packit |
7cfc04 |
On error, \-1 is returned, and
|
|
Packit |
7cfc04 |
.I errno
|
|
Packit |
7cfc04 |
is set appropriately.
|
|
Packit |
7cfc04 |
.SH ERRORS
|
|
Packit |
7cfc04 |
.TP
|
|
Packit |
7cfc04 |
.B EINVAL
|
|
Packit |
7cfc04 |
The group ID specified in
|
|
Packit |
7cfc04 |
.I gid
|
|
Packit |
7cfc04 |
is not valid in this user namespace.
|
|
Packit |
7cfc04 |
.TP
|
|
Packit |
7cfc04 |
.B EPERM
|
|
Packit |
7cfc04 |
The calling process is not privileged (does not have the
|
|
Packit |
7cfc04 |
\fBCAP_SETGID\fP capability), and
|
|
Packit |
7cfc04 |
.I gid
|
|
Packit |
7cfc04 |
does not match the real group ID or saved set-group-ID of
|
|
Packit |
7cfc04 |
the calling process.
|
|
Packit |
7cfc04 |
.SH CONFORMING TO
|
|
Packit |
7cfc04 |
POSIX.1-2001, POSIX.1-2008, SVr4.
|
|
Packit |
7cfc04 |
.SH NOTES
|
|
Packit |
7cfc04 |
The original Linux
|
|
Packit |
7cfc04 |
.BR setgid ()
|
|
Packit |
7cfc04 |
system call supported only 16-bit group IDs.
|
|
Packit |
7cfc04 |
Subsequently, Linux 2.4 added
|
|
Packit |
7cfc04 |
.BR setgid32 ()
|
|
Packit |
7cfc04 |
supporting 32-bit IDs.
|
|
Packit |
7cfc04 |
The glibc
|
|
Packit |
7cfc04 |
.BR setgid ()
|
|
Packit |
7cfc04 |
wrapper function transparently deals with the variation across kernel versions.
|
|
Packit |
7cfc04 |
.\"
|
|
Packit |
7cfc04 |
.SS C library/kernel differences
|
|
Packit |
7cfc04 |
At the kernel level, user IDs and group IDs are a per-thread attribute.
|
|
Packit |
7cfc04 |
However, POSIX requires that all threads in a process
|
|
Packit |
7cfc04 |
share the same credentials.
|
|
Packit |
7cfc04 |
The NPTL threading implementation handles the POSIX requirements by
|
|
Packit |
7cfc04 |
providing wrapper functions for
|
|
Packit |
7cfc04 |
the various system calls that change process UIDs and GIDs.
|
|
Packit |
7cfc04 |
These wrapper functions (including the one for
|
|
Packit |
7cfc04 |
.BR setgid ())
|
|
Packit |
7cfc04 |
employ a signal-based technique to ensure
|
|
Packit |
7cfc04 |
that when one thread changes credentials,
|
|
Packit |
7cfc04 |
all of the other threads in the process also change their credentials.
|
|
Packit |
7cfc04 |
For details, see
|
|
Packit |
7cfc04 |
.BR nptl (7).
|
|
Packit |
7cfc04 |
.SH SEE ALSO
|
|
Packit |
7cfc04 |
.BR getgid (2),
|
|
Packit |
7cfc04 |
.BR setegid (2),
|
|
Packit |
7cfc04 |
.BR setregid (2),
|
|
Packit |
7cfc04 |
.BR capabilities (7),
|
|
Packit |
7cfc04 |
.BR credentials (7),
|
|
Packit |
7cfc04 |
.BR user_namespaces (7)
|
|
Packit |
7cfc04 |
.SH COLOPHON
|
|
Packit |
7cfc04 |
This page is part of release 4.15 of the Linux
|
|
Packit |
7cfc04 |
.I man-pages
|
|
Packit |
7cfc04 |
project.
|
|
Packit |
7cfc04 |
A description of the project,
|
|
Packit |
7cfc04 |
information about reporting bugs,
|
|
Packit |
7cfc04 |
and the latest version of this page,
|
|
Packit |
7cfc04 |
can be found at
|
|
Packit |
7cfc04 |
\%https://www.kernel.org/doc/man\-pages/.
|