version 1, including all changes.
.
Rev |
Author |
# |
Line |
1 |
perry |
1 |
SETGID |
|
|
2 |
!!!SETGID |
|
|
3 |
NAME |
|
|
4 |
SYNOPSIS |
|
|
5 |
DESCRIPTION |
|
|
6 |
RETURN VALUE |
|
|
7 |
ERRORS |
|
|
8 |
CONFORMING TO |
|
|
9 |
SEE ALSO |
|
|
10 |
---- |
|
|
11 |
!!NAME |
|
|
12 |
|
|
|
13 |
|
|
|
14 |
setgid - set group identity |
|
|
15 |
!!SYNOPSIS |
|
|
16 |
|
|
|
17 |
|
|
|
18 |
__#include __ |
|
|
19 |
#include __ |
|
|
20 |
|
|
|
21 |
|
|
|
22 |
__int setgid(gid_t__ ''gid''__)__ |
|
|
23 |
!!DESCRIPTION |
|
|
24 |
|
|
|
25 |
|
|
|
26 |
__setgid__ sets the effective group ID of the current |
|
|
27 |
process. If the caller is the superuser, the real and saved |
|
|
28 |
group ID's are also set. |
|
|
29 |
|
|
|
30 |
|
|
|
31 |
Under Linux, __setgid__ is implemented like the POSIX |
|
|
32 |
version with the _POSIX_SAVED_IDS feature. This allows a |
|
|
33 |
setgid (other than root) program to drop all of its group |
|
|
34 |
privileges, do some un-privileged work, and then re-engage |
|
|
35 |
the original effective group ID in a secure |
|
|
36 |
manner. |
|
|
37 |
|
|
|
38 |
|
|
|
39 |
If the user is root or the program is setgid root, special |
|
|
40 |
care must be taken. The __setgid__ function checks the |
|
|
41 |
effective gid of the caller and if it is the superuser, all |
|
|
42 |
process related group ID's are set to ''gid''. After this |
|
|
43 |
has occurred, it is impossible for the program to regain |
|
|
44 |
root privileges. |
|
|
45 |
|
|
|
46 |
|
|
|
47 |
Thus, a setgid-root program wishing to temporarily drop root |
|
|
48 |
privileges, assume the identity of a non-root group, and |
|
|
49 |
then regain root privileges afterwards cannot use |
|
|
50 |
__setgid__. You can accomplish this with the (non-POSIX, |
|
|
51 |
BSD) call __setegid__. |
|
|
52 |
!!RETURN VALUE |
|
|
53 |
|
|
|
54 |
|
|
|
55 |
On success, zero is returned. On error, -1 is returned, and |
|
|
56 |
''errno'' is set appropriately. |
|
|
57 |
!!ERRORS |
|
|
58 |
|
|
|
59 |
|
|
|
60 |
__EPERM__ |
|
|
61 |
|
|
|
62 |
|
|
|
63 |
The user is not the super-user, and ''gid'' does not |
|
|
64 |
match the effective group ID or saved set-group-ID of the |
|
|
65 |
calling process. |
|
|
66 |
!!CONFORMING TO |
|
|
67 |
|
|
|
68 |
|
|
|
69 |
SVr4, SVID. |
|
|
70 |
!!SEE ALSO |
|
|
71 |
|
|
|
72 |
|
|
|
73 |
getgid(2), setregid(2), |
|
|
74 |
setegid(2) |
|
|
75 |
---- |