1.\" 2.\" Sun Microsystems, Inc. gratefully acknowledges The Open Group for 3.\" permission to reproduce portions of its copyrighted documentation. 4.\" Original documentation from The Open Group can be obtained online at 5.\" http://www.opengroup.org/bookstore/. 6.\" 7.\" The Institute of Electrical and Electronics Engineers and The Open 8.\" Group, have given us permission to reprint portions of their 9.\" documentation. 10.\" 11.\" In the following statement, the phrase ``this text'' refers to portions 12.\" of the system documentation. 13.\" 14.\" Portions of this text are reprinted and reproduced in electronic form 15.\" in the SunOS Reference Manual, from IEEE Std 1003.1, 2004 Edition, 16.\" Standard for Information Technology -- Portable Operating System 17.\" Interface (POSIX), The Open Group Base Specifications Issue 6, 18.\" Copyright (C) 2001-2004 by the Institute of Electrical and Electronics 19.\" Engineers, Inc and The Open Group. In the event of any discrepancy 20.\" between these versions and the original IEEE and The Open Group 21.\" Standard, the original IEEE and The Open Group Standard is the referee 22.\" document. The original Standard can be obtained online at 23.\" http://www.opengroup.org/unix/online.html. 24.\" 25.\" This notice shall appear on any product containing this material. 26.\" 27.\" The contents of this file are subject to the terms of the 28.\" Common Development and Distribution License (the "License"). 29.\" You may not use this file except in compliance with the License. 30.\" 31.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 32.\" or http://www.opensolaris.org/os/licensing. 33.\" See the License for the specific language governing permissions 34.\" and limitations under the License. 35.\" 36.\" When distributing Covered Code, include this CDDL HEADER in each 37.\" file and include the License file at usr/src/OPENSOLARIS.LICENSE. 38.\" If applicable, add the following below this CDDL HEADER, with the 39.\" fields enclosed by brackets "[]" replaced with your own identifying 40.\" information: Portions Copyright [yyyy] [name of copyright owner] 41.\" 42.\" 43.\" Copyright 1989 AT&T. 44.\" Portions Copyright (c) 1992, X/Open Company Limited. All Rights Reserved. 45.\" Copyright (c) 2008, Sun Microsystems, Inc. All Rights Reserved. 46.\" Copyright 2015, Joyent, Inc. 47.\" Copyright 2024 Oxide Computer Company 48.\" 49.Dd January 12, 2024 50.Dt EXEC 2 51.Os 52.Sh NAME 53.Nm exec , 54.Nm execl , 55.Nm execle , 56.Nm execlp , 57.Nm execv , 58.Nm execve , 59.Nm execvp 60.Nd execute a file 61.Sh SYNOPSIS 62.In unistd.h 63.Ft int 64.Fo execl 65.Fa "const char *path" 66.Fa "const char *arg0" 67.Fa "..." 68.Fa NULL 69.Fc 70.Ft int 71.Fo execv 72.Fa "const char *path" 73.Fa "char *const argv[]" 74.Fc 75.Ft int 76.Fo execle 77.Fa "const char *path" 78.Fa "const char *arg0" 79.Fa "..." 80.Fa NULL 81.Fa "char *const envp[]" 82.Fc 83.Ft int 84.Fo execve 85.Fa "const char *path" 86.Fa "char *const argv[]" 87.Fa "char *const envp[]" 88.Fc 89.Ft int 90.Fo execlp 91.Fa "const char *file" 92.Fa "const char *arg0" 93.Fa "..." 94.Fa NULL 95.Fc 96.Ft int 97.Fo execvp 98.Fa "const char *file" 99.Fa "char *const argv[]" 100.Fc 101.Sh DESCRIPTION 102Each of the functions in the 103.Nm 104family replaces the current process image with a new process image. 105The new image is constructed from a regular, executable file called the new 106process image file. 107This file is either an executable object file or a file of data for an 108interpreter. 109There is no return from a successful call to one of these functions because the 110calling process image is overlaid by the new process image. 111.Pp 112An interpreter file begins with a line of the form 113.Pp 114.Dl #! Pa pathname Op Ar arg 115.Pp 116where 117.Pa pathname 118is the path of the interpreter, and 119.Ar arg 120is an optional argument. 121When an interpreter file is executed, the system invokes the specified 122interpreter. 123The pathname specified in the interpreter file is passed as 124.Fa arg0 125to the interpreter. 126If 127.Ar arg 128was specified in the interpreter file, it is passed as 129.Fa arg1 130to the interpreter. 131The remaining arguments to the interpreter are 132.Fa arg0 133through 134.Fa argn 135of the originally exec'd file. 136The interpreter named by 137.Pa pathname 138may also be an interpreter file. 139There can be up to four nested interpreter files before the final interpreter. 140The setid bits on nested interpreters are silently ignored. 141.Pp 142When a C-language program is executed as a result of this call, it is entered 143as a C-language function call as follows: 144.Pp 145.Dl int main Ns (int Fa argc Ns No , char * Ns Fa argv[])\&; 146.Pp 147where 148.Fa argc 149is the argument count and 150.Fa argv 151is an array of character pointers to the arguments themselves. 152In addition, the following variable: 153.Pp 154.Dl Va "extern char **environ\&;" 155.Pp 156is initialized as a pointer to an array of character pointers to the 157environment strings. 158The 159.Fa argv 160and 161.Va environ 162arrays are each terminated by a null pointer. 163The null pointer terminating the 164.Fa argv 165array is not counted in 166.Fa argc . 167.Pp 168The value of 169.Fa argc 170is non-negative, and if greater than 0, 171.Fa argv[0] 172points to a string containing the name of the file. 173If 174.Fa argc 175is 0, 176.Fa argv[0] 177is a null pointer, in which case there are no arguments. 178Applications should verify that 179.Fa argc 180is greater than 0 or that 181.Fa argv[0] 182is not a null pointer before dereferencing 183.Fa argv[0] . 184.Pp 185The arguments specified by a program with one of the 186.Nm 187functions are passed on to the new process image in the 188.Fn main 189arguments. 190.Pp 191The 192.Fa path 193argument points to a path name that identifies the new process image file. 194.Pp 195The 196.Fa file 197argument is used to construct a pathname that identifies the new process image 198file. 199If the 200.Fa file 201argument contains a slash character, it is used as the pathname for this file. 202Otherwise, the path prefix for this file is obtained by a search of the 203directories passed in the 204.Ev PATH 205environment variable 206.Po 207see 208.Xr environ 7 209.Pc . 210The environment is supplied typically by the shell. 211If the process image file is not a valid executable object file, 212.Fn execlp 213and 214.Fn execvp 215use the contents of that file as standard input to the shell. 216In this case, the shell becomes the new process image. 217The standard to which the caller conforms determines which shell is used. 218See 219.Xr standards 7 . 220.Pp 221The arguments represented by 222.Fa arg0 Ns No \&... 223are pointers to null-terminated character strings. 224These strings constitute the argument list available to the new process image. 225The list is terminated by a null pointer. 226The 227.Fa arg0 228argument should point to a filename that is associated with the process being 229started by one of the 230.Nm 231functions. 232.Pp 233The 234.Fa argv 235argument is an array of character pointers to null-terminated strings. 236The last member of this array must be a null pointer. 237These strings constitute the argument list available to the new process image. 238The value in 239.Fa argv[0] 240should point to a filename that is associated with the process being started by 241one of the 242.Nm 243functions. 244.Pp 245The 246.Fa envp 247argument is an array of character pointers to null-terminated strings. 248These strings constitute the environment for the new process image. 249The 250.Fa envp 251array is terminated by a null pointer. 252For 253.Fn execl , 254.Fn execv , 255.Fn execvp , 256and 257.Fn execlp , 258the C-language run-time start-off routine places a pointer to the environment 259of the calling process in the global object 260.Va extern char **environ , 261and it is used to pass the environment of the calling process to the new 262process image. 263.Pp 264The number of bytes available for the new process's combined argument and 265environment lists is 266.Dv ARG_MAX . 267It is implementation-dependent whether null terminators, pointers, and/or any 268alignment bytes are included in this total. 269.Pp 270File descriptors open in the calling process image remain open in the new 271process image, except for those whose close-on-exec flag 272.Dv FD_CLOEXEC 273is set; see 274.Xr fcntl 2 . 275For those file descriptors that remain open, all attributes of the open file 276description, including file locks, remain unchanged. 277.Pp 278The preferred hardware address translation size 279.Po 280see 281.Xr memcntl 2 282.Pc 283for the stack and heap of the new process image are set to the default system 284page size. 285.Pp 286Directory streams open in the calling process image are closed in the new 287process image. 288.Pp 289The state of conversion descriptors and message catalogue descriptors in the 290new process image is undefined. 291For the new process, the equivalent of: 292.Pp 293.Dl setlocale(LC_ALL, \&"C"); 294.Pp 295is executed at startup. 296.Pp 297Signals set to the default action 298.Po 299.Dv SIG_DFL 300.Pc 301in the calling process image are set to the default action in the new process 302image 303.Po 304see 305.Xr signal 3C 306.Pc . 307Signals set to be ignored 308.Po 309.Dv SIG_IGN 310.Pc 311by the calling process image are set to be ignored by the new process image. 312Signals set to be caught by the calling process image are set to the default 313action in the new process image 314.Po 315see 316.Xr signal.h 3HEAD 317.Pc . 318After a successful call to any of the 319.Nm 320functions, alternate signal stacks are not preserved and the 321.Dv SA_ONSTACK 322flag is cleared for all signals. 323.Pp 324After a successful call to any of the 325.Nm 326functions, any functions previously registered by 327.Xr atexit 3C 328are no longer registered. 329.Pp 330The saved resource limits in the new process image are set to be a copy of the 331process's corresponding hard and soft resource limits. 332.Pp 333If the 334.Dv ST_NOSUID 335bit is set for the file system containing the new process image file, then the 336effective user ID and effective group ID are unchanged in the new process 337image. 338If the set-user-ID mode bit of the new process image file is set 339.Po 340see 341.Xr chmod 2 342.Pc , 343the effective user ID of the new process image is set to the owner ID of the 344new process image file. 345Similarly, if the set-group-ID mode bit of the new process image file is set, 346the effective group ID of the new process image is set to the group ID of the 347new process image file. 348The real user ID and real group ID of the new process image remain the same as 349those of the calling process image. 350The effective user ID and effective group ID of the new process image are saved 351.Pq as the saved set-user-ID and the saved set-group-ID 352for use by 353.Xr setuid 2 . 354.Pp 355The privilege sets are changed according to the following rules: 356.Bl -enum -offset indent 357.It 358The inheritable set, I, is intersected with the limit set, L. 359This mechanism enforces the limit set for processes. 360.It 361The effective set, E, and the permitted set, P, are made equal to the new 362inheritable set. 363.El 364.Pp 365The system attempts to set the privilege-aware state to non-PA both before 366performing any modifications to the process IDs and privilege sets as well as 367after completing the transition to new UIDs and privilege sets, following the 368rules outlined in 369.Xr privileges 7 . 370.Pp 371If the 372.Brq Dv PRIV_PROC_OWNER 373privilege is asserted in the effective set, the set-user-ID and set-group-ID 374bits will be honored when the process is being controlled by 375.Xr ptrace 3C . 376Additional restrictions can apply when the traced process has an effective UID 377of 0. 378See 379.Xr privileges 7 . 380.Pp 381Any shared memory segments attached to the calling process image will not be 382attached to the new process image 383.Po 384see 385.Xr shmop 2 386.Pc . 387Any mappings established through 388.Fn mmap 389are not preserved across an 390.Nm . 391Memory mappings created in the process are unmapped before the address space is 392rebuilt for the new process image. 393See 394.Xr mmap 2 . 395.Pp 396Memory locks established by the calling process via calls to 397.Xr mlockall 3C 398or 399.Xr mlock 3C 400are removed. 401If locked pages in the address space of the calling process are also mapped 402into the address spaces the locks established by the other processes will be 403unaffected by the call by this process to the 404.Nm 405function. 406If the 407.Nm 408function fails, the effect on memory locks is unspecified. 409.Pp 410If 411.Dv _XOPEN_REALTIME 412is defined and has a value other than \-1, any named semaphores open in the 413calling process are closed as if by appropriate calls to 414.Xr sem_close 3C . 415.Pp 416Profiling is disabled for the new process; see 417.Xr profil 2 . 418.Pp 419Timers created by the calling process with 420.Xr timer_create 3C 421are deleted before replacing the current process image with the new process 422image. 423.Pp 424For the 425.Dv SCHED_FIFO 426and 427.Dv SCHED_RR 428scheduling policies, the policy and priority settings are not changed by a call 429to an 430.Nm 431function. 432.Pp 433All open message queue descriptors in the calling process are closed, as 434described in 435.Xr mq_close 3C . 436.Pp 437Any outstanding asynchronous I/O operations may be cancelled. 438Those asynchronous I/O operations that are not canceled will complete as if the 439.Nm 440function had not yet occurred, but any associated signal notifications are 441suppressed. 442It is unspecified whether the 443.Nm 444function itself blocks awaiting such I/O completion. 445In no event, however, will the new process image created by the 446.Nm 447function be affected by the presence of outstanding asynchronous I/O operations 448at the time the 449.Nm 450function is called. 451.Pp 452All active contract templates are cleared 453.Po 454see 455.Xr contract 5 456.Pc . 457.Pp 458The new process also inherits the following attributes from the calling process: 459.Bl -bullet -offset Ds 460.It 461controlling terminal 462.It 463current working directory 464.It 465file-locks 466.Po 467see 468.Xr fcntl 2 469and 470.Xr lockf 3C 471.Pc 472.It 473file mode creation mask 474.Po 475see 476.Xr umask 2 477.Pc 478.It 479file size limit 480.Po 481see 482.Xr ulimit 2 483.Pc 484.It 485limit privilege set 486.It 487nice value 488.Po 489see 490.Xr nice 2 491.Pc 492.It 493parent process ID 494.It 495pending signals 496.Po 497see 498.Xr sigpending 2 499.Pc 500.It 501privilege debugging flag 502.Po 503see 504.Xr privileges 7 505and 506.Xr getpflags 2 507.Pc 508.It 509process ID 510.It 511process contract 512.Po 513see 514.Xr contract 5 515and 516.Xr process 5 517.Pc 518.It 519process group ID 520.It 521process signal mask 522.Po 523see 524.Xr sigprocmask 2 525.Pc 526.It 527processor bindings 528.Po 529see 530.Xr processor_bind 2 531.Pc 532.It 533processor set bindings 534.Po 535see 536.Xr pset_bind 2 537.Pc 538.It 539project ID 540.It 541real group ID 542.It 543real user ID 544.It 545resource limits 546.Po 547see 548.Xr getrlimit 2 549.Pc 550.It 551root directory 552.It 553scheduler class and priority 554.Po 555see 556.Xr priocntl 2 557.Pc 558.It 559semadj values 560.Po 561see 562.Xr semop 2 563.Pc 564.It 565session membership 566.Po 567see 568.Xr exit 2 569and 570.Xr signal 3C 571.Pc 572.It 573supplementary group IDs 574.It 575task ID 576.It 577time left until an alarm clock signal 578.Po 579see 580.Xr alarm 2 581.Pc 582.It 583.Fa tms_utime , 584.Fa tms_stime , 585.Fa tms_cutime , 586and 587.Fa tms_cstime 588.Po 589see 590.Xr times 2 591.Pc 592.It 593trace flag 594.Po 595see 596.Xr ptrace 3C 597request 0 598.Pc 599.El 600.Pp 601A call to any 602.Nm 603function from a process with more than one thread results in all threads being 604terminated and the new executable image being loaded and executed. 605No destructor functions will be called. 606.Pp 607Upon successful completion, each of the functions in the 608.Nm 609family marks for update the 610.Fa st_atime 611field of the file. 612If an 613.Nm 614function failed but was able to locate the process image file, whether the 615.Fa st_atime 616field is marked for update is unspecified. 617Should the function succeed, the process image file is considered to have been 618opened with 619.Xr open 2 . 620The corresponding 621.Xr close 2 622is considered to occur at a time after this open, but before process 623termination or successful completion of a subsequent call to one of the 624.Nm 625functions. 626The 627.Fa argv[] 628and 629.Fa envp[] 630arrays of pointers and the strings to which those arrays point will not be 631modified by a call to one of the 632.Nm 633functions, except as a consequence of replacing the process image. 634.Pp 635The saved resource limits in the new process image are set to be a copy of the 636process's corresponding hard and soft limits. 637.Sh RETURN VALUES 638If a function in the 639.Nm 640family returns to the calling process image, an error has occurred; the return 641value is \-1 and 642.Va errno 643is set to indicate the error. 644.Sh ERRORS 645The 646.Nm 647functions will fail if: 648.Bl -tag -width Er 649.It Er E2BIG 650The number of bytes in the new process's argument list is greater than the 651system-imposed limit of 652.Dv ARG_MAX 653bytes. 654The argument list limit is sum of the size of the argument list plus the size 655of the environment's exported shell variables. 656.It Er EACCES 657Search permission is denied for a directory listed in the new process file's 658path prefix. 659.Pp 660The new process file is not an ordinary file. 661.Pp 662The new process file mode denies execute permission. 663.Pp 664The 665.Brq Dv FILE_DAC_SEARCH 666privilege overrides the restriction on directory searches. 667.Pp 668The 669.Brq Dv FILE_DAC_EXECUTE 670privilege overrides the lack of execute permission. 671.It Er EAGAIN 672Total amount of system memory available when reading using raw I/O is 673temporarily insufficient. 674.It Er EFAULT 675An argument points to an illegal address. 676.It Er EINVAL 677The new process image file has the appropriate permission and has a recognized 678executable binary format, but the system does not support execution of a file 679with this format. 680.It Er EINTR 681A signal was caught during the execution of one of the functions in the 682.Nm 683family. 684.It Er ELOOP 685Too many symbolic links were encountered in translating 686.Fa path 687or 688.Fa file , 689or too many nested interpreter files. 690.It Er ENAMETOOLONG 691The length of the 692.Fa file 693or 694.Fa path 695argument exceeds 696.Dv PATH_MAX , 697or the length of a 698.Fa file 699or 700.Fa path 701component exceeds 702.Dv NAME_MAX 703while 704.Dv _POSIX_NO_TRUNC 705is in effect. 706.It Er ENOENT 707One or more components of the new process path name of the file do not exist or 708is a null pathname. 709.It Er ENOLINK 710The 711.Fa path 712argument points to a remote machine and the link to that machine is no longer 713active. 714.It Er ENOTDIR 715A component of the new process path of the file prefix is not a directory. 716.El 717.Pp 718The 719.Nm 720functions, except for 721.Fn execlp 722and 723.Fn execvp , 724will fail if: 725.Bl -tag -width Ds 726.It Er ENOEXEC 727The new process image file has the appropriate access permission but is not in 728the proper format. 729.El 730.Pp 731The 732.Nm 733functions may fail if: 734.Bl -tag -width Ds 735.It Er ENAMETOOLONG 736Pathname resolution of a symbolic link produced an intermediate result whose 737length exceeds 738.Dv PATH_MAX . 739.It Er ENOMEM 740The new process image requires more memory than is allowed by the hardware or 741system-imposed by memory management constraints. 742See 743.Xr brk 2 . 744.It Er ETXTBSY 745The new process image file is a pure procedure 746.Pq shared text 747file that is currently open for writing by some process. 748.El 749.Sh USAGE 750As the state of conversion descriptors and message catalogue descriptors in the 751new process image is undefined, portable applications should not rely on their 752use and should close them prior to calling one of the 753.Nm 754functions. 755.Pp 756Applications that require other than the default POSIX locale should call 757.Xr setlocale 3C 758with the appropriate parameters to establish the locale of the new process. 759.Pp 760The 761.Fa environ 762array should not be accessed directly by the application. 763.Sh INTERFACE STABILITY 764.Sy Committed 765.Sh MT-LEVEL 766The 767.Fn execle 768and 769.Fn execve 770functions are 771.Sy Aysnc-Signal-Safe 772.Sh SEE ALSO 773.Xr ksh 1 , 774.Xr ps 1 , 775.Xr sh 1 , 776.Xr alarm 2 , 777.Xr brk 2 , 778.Xr chmod 2 , 779.Xr close 2 , 780.Xr exit 2 , 781.Xr fcntl 2 , 782.Xr fork 2 , 783.Xr getpflags 2 , 784.Xr getrlimit 2 , 785.Xr memcntl 2 , 786.Xr mmap 2 , 787.Xr nice 2 , 788.Xr open 2 , 789.Xr priocntl 2 , 790.Xr processor_bind 2 , 791.Xr profil 2 , 792.Xr pset_bind 2 , 793.Xr semop 2 , 794.Xr setuid 2 , 795.Xr shmop 2 , 796.Xr sigpending 2 , 797.Xr sigprocmask 2 , 798.Xr times 2 , 799.Xr ulimit 2 , 800.Xr umask 2 , 801.Xr atexit 3C , 802.Xr lockf 3C , 803.Xr mlock 3C , 804.Xr mlockall 3C , 805.Xr mq_close 3C , 806.Xr ptrace 3C , 807.Xr sem_close 3C , 808.Xr setlocale 3C , 809.Xr signal 3C , 810.Xr system 3C , 811.Xr timer_create 3C , 812.Xr signal.h 3HEAD , 813.Xr a.out 5 , 814.Xr contract 5 , 815.Xr process 5 , 816.Xr attributes 7 , 817.Xr environ 7 , 818.Xr privileges 7 , 819.Xr standards 7 820.Sh WARNINGS 821If a program is setuid to a user ID other than the superuser, and the program 822is executed when the real user ID is super-user, then the program has some of 823the powers of a super-user as well. 824