version 1, including all changes.
.
Rev |
Author |
# |
Line |
1 |
perry |
1 |
SETFSUID |
|
|
2 |
!!!SETFSUID |
|
|
3 |
NAME |
|
|
4 |
SYNOPSIS |
|
|
5 |
DESCRIPTION |
|
|
6 |
RETURN VALUE |
|
|
7 |
CONFORMING TO |
|
|
8 |
BUGS |
|
|
9 |
NOTE |
|
|
10 |
SEE ALSO |
|
|
11 |
---- |
|
|
12 |
!!NAME |
|
|
13 |
|
|
|
14 |
|
|
|
15 |
setfsuid - set user identity used for file system checks |
|
|
16 |
!!SYNOPSIS |
|
|
17 |
|
|
|
18 |
|
|
|
19 |
__#include __ /* glibc uses |
|
|
20 |
__ |
|
|
21 |
|
|
|
22 |
|
|
|
23 |
__int setfsuid(uid_t__ ''fsuid''__);__ |
|
|
24 |
!!DESCRIPTION |
|
|
25 |
|
|
|
26 |
|
|
|
27 |
__setfsuid__ sets the user ID that the Linux kernel uses |
|
|
28 |
to check for all accesses to the file system. Normally, the |
|
|
29 |
value of ''fsuid'' will shadow the value of the effective |
|
|
30 |
user ID. In fact, whenever the effective user ID is changed, |
|
|
31 |
''fsuid'' will also be changed to new value of effective |
|
|
32 |
user ID. |
|
|
33 |
|
|
|
34 |
|
|
|
35 |
An explict call to __setfsuid__ is usually only used by |
|
|
36 |
programs such as the Linux NFS server that need to change |
|
|
37 |
what user ID is used for file access without a corresponding |
|
|
38 |
change in the real and effective user IDs. A change in the |
|
|
39 |
normal user IDs for a program such as the NFS server is a |
|
|
40 |
security hole that can expose it to unwanted signals from |
|
|
41 |
other user IDs. |
|
|
42 |
|
|
|
43 |
|
|
|
44 |
__setfsuid__ will only succeed if the caller is the |
|
|
45 |
superuser or if ''fsuid'' matches either the real user |
|
|
46 |
ID, effective user ID, saved set-user-ID, or the current |
|
|
47 |
value of ''fsuid''. |
|
|
48 |
!!RETURN VALUE |
|
|
49 |
|
|
|
50 |
|
|
|
51 |
On success, the previous value of ''fsuid'' is returned. |
|
|
52 |
On error, the current value of ''fsuid'' is |
|
|
53 |
returned. |
|
|
54 |
!!CONFORMING TO |
|
|
55 |
|
|
|
56 |
|
|
|
57 |
__setfsuid__ is Linux specific and should not be used in |
|
|
58 |
programs intended to be portable. |
|
|
59 |
!!BUGS |
|
|
60 |
|
|
|
61 |
|
|
|
62 |
No error messages of any kind are returned to the caller. At |
|
|
63 |
the very least, __EPERM__ should be returned when the |
|
|
64 |
call fails. |
|
|
65 |
!!NOTE |
|
|
66 |
|
|
|
67 |
|
|
|
68 |
When glibc determines that the argument is not a valid uid, |
|
|
69 |
it will return -1 and set ''errno'' to EINVAL without |
|
|
70 |
attempting the system call. |
|
|
71 |
!!SEE ALSO |
|
|
72 |
|
|
|
73 |
|
|
|
74 |
setfsgid(2) |
|
|
75 |
---- |