1 .\" Copyright (c) 1983, 1991, 1993
2 .\" The Regents of the University of California. All rights reserved.
4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
12 .\" 3. Neither the name of the University nor the names of its contributors
13 .\" may be used to endorse or promote products derived from this software
14 .\" without specific prior written permission.
16 .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
17 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
20 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28 .\" @(#)setuid.2 8.1 (Berkeley) 6/4/93
39 .Nd set user and group ID
45 .Fn setuid "uid_t uid"
47 .Fn seteuid "uid_t euid"
49 .Fn setgid "gid_t gid"
51 .Fn setegid "gid_t egid"
56 sets the real and effective
57 user IDs and the saved set-user-ID of the current process
58 to the specified value.
59 .\" Comment out next block for !_POSIX_SAVED_IDS
60 .\" The real user ID and the saved set-user-ID are changed only if the
61 .\" effective user ID is that of the super user.
64 .\" system call is equal to
66 .\" system call if the effective user ID is not that of the super user.
70 system call is permitted if the specified ID is equal to the real user ID
71 .\" Comment out next line for !_POSIX_SAVED_IDS
72 .\" or the saved set-user-ID
73 .\" Next line is for Appendix B.4.2.2 case.
74 or the effective user ID
75 of the process, or if the effective user ID is that of the super user.
80 sets the real and effective
81 group IDs and the saved set-group-ID of the current process
82 to the specified value.
83 .\" Comment out next block for !_POSIX_SAVED_IDS
84 .\" The real group ID and the saved set-group-ID are changed only if the
85 .\" effective user ID is that of the super user.
88 .\" system call is equal to
90 .\" system call if the effective user ID is not that of the super user.
94 system call is permitted if the specified ID is equal to the real group ID
95 .\" Comment out next line for !_POSIX_SAVED_IDS
96 .\" or the saved set-group-ID
97 .\" Next line is for Appendix B.4.2.2 case.
98 or the effective group ID
99 of the process, or if the effective user ID is that of the super user.
105 sets the effective user ID (group ID) of the
107 The effective user ID may be set to the value
108 of the real user ID or the saved set-user-ID (see
112 in this way, the effective user ID of a set-user-ID executable
113 may be toggled by switching to the real user ID, then re-enabled
114 by reverting to the set-user-ID value.
115 Similarly, the effective group ID may be set to the value
116 of the real group ID or the saved set-group-ID.
120 The system calls will fail if:
123 The user is not the super user and the ID
124 specified is not the real, effective ID, or saved ID.
137 system calls are compliant with the
141 .\" Uncomment next line for !_POSIX_SAVED_IDS
143 defined with the permitted extensions from Appendix B.4.2.2.
148 system calls are extensions based on the
151 .Li _POSIX_SAVED_IDS ,
152 and have been proposed for a future revision of the standard.
162 .Sh SECURITY CONSIDERATIONS
163 Read and write permissions to files are determined upon a call to
165 Once a file descriptor is open, dropping privilege does not affect
166 the process's read/write permissions, even if the user ID specified
167 has no read or write permissions to the file.
168 These files normally remain open in any new process executed,
169 resulting in a user being able to read or modify
170 potentially sensitive data.
172 To prevent these files from remaining open after an
174 call, be sure to set the close-on-exec flag:
182 fd = open("/path/to/sensitive/data", O_RDWR | O_CLOEXEC);
187 execve(path, argv, environ);