seteuid, setegid — set effective user or group ID
#include <sys/types.h> #include <unistd.h>
int
seteuid( |
uid_t | euid) ; |
int
setegid( |
gid_t | egid) ; |
seteuid
() sets the effective
user ID of the current process. Unprivileged user processes
may only set the effective user ID to the real user ID, the
effective user ID or the saved set-user-ID.
Precisely the same holds for setegid
() with "group" instead of
"user".
On success, zero is returned. On error, −1 is
returned, and errno
is set
appropriately.
The current process is not privileged (Linux: does
not have the CAP_SETUID
capability in the case of seteuid
(), or the CAP_SETGID
capability in the case of
setegid
()) and euid
(resp. egid
) is not the real
user (group) ID, the effective user (group) ID, or the
saved set-user-ID (saved set-group-ID).
Setting the effective user (group) ID to the saved set-user-ID (saved set-group-ID) is possible since Linux 1.1.37 (1.1.38). On an arbitrary system one should check _POSIX_SAVED_IDS.
Under libc4, libc5 and glibc 2.0 seteuid
(euid
) is equivalent to
setreuid
(−1
, euid
) and hence may change the
saved set-user-ID. Under glibc2.1 it is equivalent to
setresuid
(−1
, euid
, −1
) and hence does not
change the saved set-user-ID. Similar remarks hold for
setegid
().
geteuid(2), setresuid(2), setreuid(2), setuid(2), capabilities(7)
|