1 .\" Copyright (c) 1980, 1991, 1993
2 .\" The Regents of the University of California. All rights reserved.
4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
12 .\" 3. Neither the name of the University nor the names of its contributors
13 .\" may be used to endorse or promote products derived from this software
14 .\" without specific prior written permission.
16 .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
17 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
20 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
40 .Fn execve "const char *path" "char *const argv[]" "char *const envp[]"
42 .Fn fexecve "int fd" "char *const argv[]" "char *const envp[]"
47 transforms the calling process into a new process.
48 The new process is constructed from an ordinary file,
49 whose name is pointed to by
52 .Em new process file .
55 system call is equivalent to
57 except that the file to be executed is determined by the file
62 This file is either an executable object file,
63 or a file of data for an interpreter.
64 An executable object file consists of an identifying header,
65 followed by pages of data representing the initial program (text)
66 and initialized data pages.
67 Additional pages may be specified
68 by the header to be initialized with zero data; see
73 An interpreter file begins with a line of the form:
75 .Bd -ragged -offset indent -compact
81 When an interpreter file is
89 is specified, it becomes the first argument to the
91 and the name of the originally
93 file becomes the second argument;
94 otherwise, the name of the originally
96 file becomes the first argument.
97 The original arguments are shifted over to
98 become the subsequent arguments.
99 The zeroth argument is set to the specified
104 is a pointer to a null-terminated array of
105 character pointers to null-terminated character strings.
106 These strings construct the argument list to be made available to the new
108 At least one argument must be present in
109 the array; by custom, the first element should be
110 the name of the executed program (for example, the last component of
115 is also a pointer to a null-terminated array of
116 character pointers to null-terminated strings.
117 A pointer to this array is normally stored in the global variable
119 These strings pass information to the
120 new process that is not directly an argument to the command (see
123 File descriptors open in the calling process image remain open in
124 the new process image, except for those for which the close-on-exec
129 Descriptors that remain open are unaffected by
131 If any of the standard descriptors (0, 1, and/or 2) are closed at the
134 is called, and the process will gain privilege as a result of set-id
135 semantics, those descriptors will be re-opened automatically.
136 No programs, whether privileged or not, should assume that these descriptors
137 will remain closed across a call to
140 Signals set to be ignored in the calling process are set to be ignored in
143 Signals which are set to be caught in the calling process image
144 are set to default action in the new process image.
145 Blocked signals remain blocked regardless of changes to the signal action.
146 The signal stack is reset to be undefined (see
148 for more information).
150 If the set-user-ID mode bit of the new process image file is set
153 the effective user ID of the new process image is set to the owner ID
154 of the new process image file.
155 If the set-group-ID mode bit of the new process image file is set,
156 the effective group ID of the new process image is set to the group ID
157 of the new process image file.
158 (The effective group ID is the first element of the group list.)
159 The real user ID, real group ID and
160 other group IDs of the new process image remain the same as the calling
162 After any set-user-ID and set-group-ID processing,
163 the effective user ID is recorded as the saved set-user-ID,
164 and the effective group ID is recorded as the saved set-group-ID.
165 These values may be used in changing the effective IDs later (see
168 The set-ID bits are not honored if the respective file system has the
170 option enabled or if the new process file is an interpreter file.
172 tracing is disabled if effective IDs are changed.
174 The new process also inherits the following attributes from
177 .Bl -column parent_process_ID -offset indent -compact
178 .It process ID Ta see Xr getpid 2
179 .It parent process ID Ta see Xr getppid 2
180 .It process group ID Ta see Xr getpgrp 2
181 .It access groups Ta see Xr getgroups 2
182 .It working directory Ta see Xr chdir 2
183 .It root directory Ta see Xr chroot 2
184 .It control terminal Ta see Xr termios 4
185 .It resource usages Ta see Xr getrusage 2
186 .It interval timers Ta see Xr getitimer 2
187 .It resource limits Ta see Xr getrlimit 2
188 .It file mode mask Ta see Xr umask 2
189 .It signal mask Ta see Xr sigaction 2 ,
193 When a program is executed as a result of an
195 system call, it is entered as follows:
196 .Bd -literal -offset indent
197 main(argc, argv, envp)
204 is the number of elements in
209 points to the array of character pointers
210 to the arguments themselves.
214 ignores the file offset of
216 Since execute permission is checked by
220 need not have been opened with the
223 However, if the file to be executed denies read permission for the process
224 preparing to do the exec, the only way to provide the
232 Note that the file to be executed can not be open for writing.
236 system call overlays the current process image
237 with a new process image the successful call
238 has no process to return to.
241 does return to the calling process an error has occurred; the
242 return value will be -1 and the global variable
244 is set to indicate the error.
249 will fail and return to the calling process if:
252 A component of the path prefix is not a directory.
253 .It Bq Er ENAMETOOLONG
254 A component of a pathname exceeded 255 characters,
255 or an entire path name exceeded 1023 characters.
257 When invoking an interpreted script, the length of the first line,
260 prefix and terminating newline, exceeds
264 The new process file does not exist.
266 Too many symbolic links were encountered in translating the pathname.
268 Search permission is denied for a component of the path prefix.
270 The new process file is not an ordinary file.
272 The new process file mode denies execute permission.
275 did not contain at least one element.
277 The new process file has the appropriate access
278 permission, but has an invalid magic number in its header.
280 The new process file is a pure procedure (shared text)
281 file that is currently open for writing by some process.
283 The new process requires more virtual memory than
284 is allowed by the imposed maximum
287 The number of bytes in the new process' argument list
288 is larger than the system-imposed limit.
289 This limit is specified by the
294 The new process file is not as long as indicated by
295 the size values in its header.
304 to an illegal address.
306 An I/O error occurred while reading from the file system.
308 Corrupted data was detected while reading from the file system.
313 will fail and return to the calling process if:
318 argument is not a valid file descriptor open for executing.
336 system call conforms to
338 with the exception of reopening descriptors 0, 1, and/or 2 in certain
340 A future update of the Standard is expected to require this behavior,
341 and it may become the default for non-privileged processes as well.
342 .\" NB: update this caveat when TC1 is blessed.
343 The support for executing interpreted programs is an extension.
346 system call conforms to The Open Group Extended API Set 2 specification.
350 system call appeared in
354 system call appeared in
359 to a non-super-user, but is executed when
362 is ``root'', then the program has some of the powers
363 of a super-user as well.
365 When executing an interpreted program through
369 as a second argument to the interpreter,
372 is the file descriptor passed in the
376 For this construction to work correctly, the
378 filesystem shall be mounted on