TUX: Penguin Power!
Linux| Perl| PHP| Webserv| Databases| Sysadmin| Programming| Filesystems| Java| Webprog

Make Tux happy: Link to us!


SYNOPSIS
       #include <unistd.h>

       int setuid(uid_t uid);


DESCRIPTION
       If  the process has appropriate privileges, setuid() shall set the real
       user ID, effective user ID, and the saved set-user-ID  of  the  calling
       process to uid.

       If  the  process does not have appropriate privileges, but uid is equal
       to the real user ID or the saved set-user-ID, setuid()  shall  set  the
       effective  user ID to uid; the real user ID and saved set-user-ID shall
       remain unchanged.

       The setuid() function shall not affect the supplementary group list  in
       any way.

RETURN VALUE
       Upon successful completion, 0 shall be returned. Otherwise, -1 shall be
       returned and errno set to indicate the error.

ERRORS
       The setuid() function shall fail, return -1, and set errno to the  cor-
       responding value if one or more of the following are true:

       EINVAL The  value  of  the uid argument is invalid and not supported by
              the implementation.

       EPERM  The process does not have appropriate privileges  and  uid  does
              not match the real user ID or the saved set-user-ID.


       The following sections are informative.

EXAMPLES
       None.

APPLICATION USAGE
       None.

RATIONALE
       The  various  behaviors  of  the  setuid()  and setgid() functions when
       called by non-privileged processes reflect the  behavior  of  different
       historical implementations. For portability, it is recommended that new
       non-privileged applications use the seteuid() and  setegid()  functions
       instead.

       The  saved set-user-ID capability allows a program to regain the effec-
       tive user ID established at the last exec call.  Similarly,  the  saved
       set-group-ID  capability allows a program to regain the effective group
       ID established at the last exec call. These  capabilities  are  derived
       implementations  that  supported  it.  When the caller did not have the
       appropriate privilege, the function set only  the  effective  user  ID,
       subject  to  permission  checks. The former use is generally needed for
       utilities like login and su, which are not conforming applications  and
       thus  outside  the scope of IEEE Std 1003.1-2001.  These utilities wish
       to change the user ID irrevocably to a new value, generally that of  an
       unprivileged  user.   The  latter use is needed for conforming applica-
       tions that are installed with the set-user-ID bit and need  to  perform
       operations using the real user ID.

       IEEE Std 1003.1-2001 augments the latter functionality with a mandatory
       feature named _POSIX_SAVED_IDS.  This  feature  permits  a  set-user-ID
       application  to switch its effective user ID back and forth between the
       values of its exec-time real user ID and effective  user  ID.  Unfortu-
       nately,  the POSIX.1-1990 standard did not permit a conforming applica-
       tion using this feature to work properly when it happened  to  be  exe-
       cuted with the (implementation-defined) appropriate privilege. Further-
       more, the application did not even have a means to tell whether it  had
       this  privilege. Since the saved set-user-ID feature is quite desirable
       for applications, as evidenced by the fact that  NIST  required  it  in
       FIPS  151-2,  it  has  been  mandated by IEEE Std 1003.1-2001. However,
       there are implementors who have been reluctant to support it given  the
       limitation described above.

       The 4.3BSD system handles the problem by supporting separate functions:
       setuid() (which always sets both the real and effective user IDs,  like
       setuid()  in  IEEE Std 1003.1-2001 for privileged users), and seteuid()
       (which always sets  just  the  effective  user  ID,  like  setuid()  in
       IEEE Std 1003.1-2001  for  non-privileged  users).  This  separation of
       functionality into distinct functions seems desirable.  4.3BSD does not
       support  the saved set-user-ID feature. It supports similar functional-
       ity of switching the effective user ID back and forth  via  setreuid(),
       which  permits  reversing  the real and effective user IDs.  This model
       seems less desirable than the saved set-user-ID because the  real  user
       ID  changes  as a side effect. The current 4.4BSD includes saved effec-
       tive IDs and uses them for seteuid() and setegid() as described  above.
       The setreuid() and setregid() functions will be deprecated or removed.

       The solution here is:

        * Require  that  all  implementations support the functionality of the
          saved set-user-ID, which is set by the exec functions and by  privi-
          leged calls to setuid().

        * Add  the  seteuid() and setegid() functions as portable alternatives
          to setuid() and setgid()  for  non-privileged  and  privileged  pro-
          cesses.

       Historical  systems  have  provided  two  mechanisms  for a set-user-ID
       process to change its effective user ID to be the same as its real user
       ID  in  such  a way that it could return to the original effective user
       ID: the use of the setuid() function in the presence of  a  saved  set-
       user-ID,  or  the use of the BSD setreuid() function, which was able to
       swap  the  real  and  effective  user  IDs.  The  changes  included  in
       fied,  the  process  would  then have an effective user ID equal to the
       original real user ID, and both real and  saved  set-user-ID  would  be
       equal  to  the original effective user ID. In that state, the real user
       would be unable to kill the process, even though the effective user  ID
       of the process matches that of the real user, if the kill() behavior of
       _POSIX_SAVED_IDS was used. This is obviously not acceptable. The alter-
       native  choice,  which  is  used  in at least one implementation, is to
       change the saved set-user-ID to the effective user ID during most calls
       to  setreuid().  The standard developers considered that alternative to
       be less correct than the retention of the old  behavior  of  kill()  in
       such  systems. Current conforming applications shall accommodate either
       behavior from kill(), and there appears to  be  no  strong  reason  for
       kill()  to  check  the saved set-user-ID rather than the effective user
       ID.

FUTURE DIRECTIONS
       None.

SEE ALSO
       exec() , getegid() , geteuid() , getgid()  ,  getuid()  ,  setegid()  ,
       seteuid()  ,  setgid() , setregid() , setreuid() , the Base Definitions
       volume of IEEE Std 1003.1-2001, <sys/types.h>, <unistd.h>

COPYRIGHT
       Portions of this text are reprinted and reproduced in  electronic  form
       from IEEE Std 1003.1, 2003 Edition, Standard for Information Technology
       -- Portable Operating System Interface (POSIX),  The  Open  Group  Base
       Specifications  Issue  6,  Copyright  (C) 2001-2003 by the Institute of
       Electrical and Electronics Engineers, Inc and The Open  Group.  In  the
       event of any discrepancy between this version and the original IEEE and
       The Open Group Standard, the original IEEE and The Open Group  Standard
       is  the  referee document. The original Standard can be obtained online
       at http://www.opengroup.org/unix/online.html .
Find all the song lyrics here: Lyrics Now!