1 .\" Copyright (c) 1980, 1991, 1993
2 .\" The Regents of the University of California. All rights reserved.
4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
12 .\" 3. Neither the name of the University nor the names of its contributors
13 .\" may be used to endorse or promote products derived from this software
14 .\" without specific prior written permission.
16 .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
17 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
20 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28 .\" @(#)execve.2 8.5 (Berkeley) 6/1/94
43 .Fn execve "const char *path" "char *const argv[]" "char *const envp[]"
45 .Fn fexecve "int fd" "char *const argv[]" "char *const envp[]"
50 transforms the calling process into a new process.
51 The new process is constructed from an ordinary file,
52 whose name is pointed to by
55 .Em new process file .
58 system call is equivalent to
60 except that the file to be executed is determined by the file
65 This file is either an executable object file,
66 or a file of data for an interpreter.
67 An executable object file consists of an identifying header,
68 followed by pages of data representing the initial program (text)
69 and initialized data pages.
70 Additional pages may be specified
71 by the header to be initialized with zero data; see
76 An interpreter file begins with a line of the form:
78 .Bd -ragged -offset indent -compact
84 When an interpreter file is
92 is specified, it becomes the first argument to the
94 and the name of the originally
96 file becomes the second argument;
97 otherwise, the name of the originally
99 file becomes the first argument.
100 The original arguments are shifted over to
101 become the subsequent arguments.
102 The zeroth argument is set to the specified
107 is a pointer to a null-terminated array of
108 character pointers to null-terminated character strings.
109 These strings construct the argument list to be made available to the new
111 At least one argument must be present in
112 the array; by custom, the first element should be
113 the name of the executed program (for example, the last component of
118 is also a pointer to a null-terminated array of
119 character pointers to null-terminated strings.
120 A pointer to this array is normally stored in the global variable
122 These strings pass information to the
123 new process that is not directly an argument to the command (see
126 File descriptors open in the calling process image remain open in
127 the new process image, except for those for which the close-on-exec
132 Descriptors that remain open are unaffected by
134 If any of the standard descriptors (0, 1, and/or 2) are closed at the
137 is called, and the process will gain privilege as a result of set-id
138 semantics, those descriptors will be re-opened automatically.
139 No programs, whether privileged or not, should assume that these descriptors
140 will remain closed across a call to
143 Signals set to be ignored in the calling process are set to be ignored in
146 Signals which are set to be caught in the calling process image
147 are set to default action in the new process image.
148 Blocked signals remain blocked regardless of changes to the signal action.
149 The signal stack is reset to be undefined (see
151 for more information).
153 If the set-user-ID mode bit of the new process image file is set
156 the effective user ID of the new process image is set to the owner ID
157 of the new process image file.
158 If the set-group-ID mode bit of the new process image file is set,
159 the effective group ID of the new process image is set to the group ID
160 of the new process image file.
161 (The effective group ID is the first element of the group list.)
162 The real user ID, real group ID and
163 other group IDs of the new process image remain the same as the calling
165 After any set-user-ID and set-group-ID processing,
166 the effective user ID is recorded as the saved set-user-ID,
167 and the effective group ID is recorded as the saved set-group-ID.
168 These values may be used in changing the effective IDs later (see
171 The set-ID bits are not honored if the respective file system has the
173 option enabled or if the new process file is an interpreter file.
175 tracing is disabled if effective IDs are changed.
177 The new process also inherits the following attributes from
180 .Bl -column parent_process_ID -offset indent -compact
181 .It process ID Ta see Xr getpid 2
182 .It parent process ID Ta see Xr getppid 2
183 .It process group ID Ta see Xr getpgrp 2
184 .It access groups Ta see Xr getgroups 2
185 .It working directory Ta see Xr chdir 2
186 .It root directory Ta see Xr chroot 2
187 .It control terminal Ta see Xr termios 4
188 .It resource usages Ta see Xr getrusage 2
189 .It interval timers Ta see Xr getitimer 2
190 .It resource limits Ta see Xr getrlimit 2
191 .It file mode mask Ta see Xr umask 2
192 .It signal mask Ta see Xr sigaction 2 ,
196 When a program is executed as a result of an
198 system call, it is entered as follows:
199 .Bd -literal -offset indent
200 main(argc, argv, envp)
207 is the number of elements in
212 points to the array of character pointers
213 to the arguments themselves.
217 ignores the file offset of
219 Since execute permission is checked by
223 need not have been opened with the
226 However, if the file to be executed denies read permission for the process
227 preparing to do the exec, the only way to provide the
235 Note that the file to be executed can not be open for writing.
239 system call overlays the current process image
240 with a new process image the successful call
241 has no process to return to.
244 does return to the calling process an error has occurred; the
245 return value will be -1 and the global variable
247 is set to indicate the error.
252 will fail and return to the calling process if:
255 A component of the path prefix is not a directory.
256 .It Bq Er ENAMETOOLONG
257 A component of a pathname exceeded 255 characters,
258 or an entire path name exceeded 1023 characters.
260 When invoking an interpreted script, the length of the first line,
263 prefix and terminating newline, exceeds
267 The new process file does not exist.
269 Too many symbolic links were encountered in translating the pathname.
271 Search permission is denied for a component of the path prefix.
273 The new process file is not an ordinary file.
275 The new process file mode denies execute permission.
277 The new process file has the appropriate access
278 permission, but has an invalid magic number in its header.
280 The new process file is a pure procedure (shared text)
281 file that is currently open for writing by some process.
283 The new process requires more virtual memory than
284 is allowed by the imposed maximum
287 The number of bytes in the new process' argument list
288 is larger than the system-imposed limit.
289 This limit is specified by the
294 The new process file is not as long as indicated by
295 the size values in its header.
304 to an illegal address.
306 An I/O error occurred while reading from the file system.
308 Corrupted data was detected while reading from the file system.
313 will fail and return to the calling process if:
318 argument is not a valid file descriptor open for executing.
336 system call conforms to
338 with the exception of reopening descriptors 0, 1, and/or 2 in certain
340 A future update of the Standard is expected to require this behavior,
341 and it may become the default for non-privileged processes as well.
342 .\" NB: update this caveat when TC1 is blessed.
343 The support for executing interpreted programs is an extension.
346 system call conforms to The Open Group Extended API Set 2 specification.
350 system call appeared in
354 system call appeared in
359 to a non-super-user, but is executed when
362 is ``root'', then the program has some of the powers
363 of a super-user as well.
365 When executing an interpreted program through
369 as a second argument to the interpreter,
372 is the file descriptor passed in the
376 For this construction to work correctly, the
378 filesystem shall be mounted on