1 .\" Copyright (c) 1983, 1991, 1993
2 .\" The Regents of the University of California. All rights reserved.
4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
12 .\" 3. All advertising materials mentioning features or use of this software
13 .\" must display the following acknowledgement:
14 .\" This product includes software developed by the University of
15 .\" California, Berkeley and its contributors.
16 .\" 4. Neither the name of the University nor the names of its contributors
17 .\" may be used to endorse or promote products derived from this software
18 .\" without specific prior written permission.
20 .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 .\" @(#)setuid.2 8.1 (Berkeley) 6/4/93
43 .Nd set user and group ID
50 .Fn setuid "uid_t uid"
52 .Fn seteuid "uid_t euid"
54 .Fn setgid "gid_t gid"
56 .Fn setegid "gid_t egid"
61 sets the real and effective
62 user IDs and the saved set-user-ID of the current process
63 to the specified value.
64 .\" Comment out next block for !_POSIX_SAVED_IDS
65 .\" The real user ID and the saved set-user-ID are changed only if the
66 .\" effective user ID is that of the super user.
69 .\" system call is equal to
71 .\" system call if the effective user ID is not that of the super user.
75 system call is permitted if the specified ID is equal to the real user ID
76 .\" Comment out next line for !_POSIX_SAVED_IDS
77 .\" or the saved set-user-ID
78 .\" Next line is for Appendix B.4.2.2 case.
79 or the effective user ID
80 of the process, or if the effective user ID is that of the super user.
85 sets the real and effective
86 group IDs and the saved set-group-ID of the current process
87 to the specified value.
88 .\" Comment out next block for !_POSIX_SAVED_IDS
89 .\" The real group ID and the saved set-group-ID are changed only if the
90 .\" effective user ID is that of the super user.
93 .\" system call is equal to
95 .\" system call if the effective user ID is not that of the super user.
99 system call is permitted if the specified ID is equal to the real group ID
100 .\" Comment out next line for !_POSIX_SAVED_IDS
101 .\" or the saved set-group-ID
102 .\" Next line is for Appendix B.4.2.2 case.
103 or the effective group ID
104 of the process, or if the effective user ID is that of the super user.
110 sets the effective user ID (group ID) of the
112 The effective user ID may be set to the value
113 of the real user ID or the saved set-user-ID (see
117 in this way, the effective user ID of a set-user-ID executable
118 may be toggled by switching to the real user ID, then re-enabled
119 by reverting to the set-user-ID value.
120 Similarly, the effective group ID may be set to the value
121 of the real group ID or the saved set-group-ID.
125 The system calls will fail if:
128 The user is not the super user and the ID
129 specified is not the real, effective ID, or saved ID.
131 .Sh SECURITY CONSIDERATIONS
132 Read and write permissions to files are determined upon a call to
134 Once a file descriptor is open, dropping privilege does not affect
135 the process's read/write permissions, even if the user ID specified
136 has no read or write permissions to the file.
137 These files normally remain open in any new process executed,
138 resulting in a user being able to read or modify
139 potentially sensitive data.
141 To prevent these files from remaining open after an
143 call, be sure to set the close-on-exec flag is set:
151 fd = open("/path/to/sensitive/data", O_RDWR);
156 * Set close-on-exec flag; see fcntl(2) for more information.
158 if (fcntl(fd, F_SETFD, FD_CLOEXEC) == -1)
159 err(1, "fcntl(F_SETFD)");
161 execve(path, argv, environ);
175 system calls are compliant with the
179 .\" Uncomment next line for !_POSIX_SAVED_IDS
181 defined with the permitted extensions from Appendix B.4.2.2.
186 system calls are extensions based on the
189 .Li _POSIX_SAVED_IDS ,
190 and have been proposed for a future revision of the standard.
196 functions appeared in