1.\" $NetBSD: setuid.2,v 1.13 2002/08/17 18:22:21 yamt Exp $ 2.\" 3.\" Copyright (c) 1983, 1991, 1993 4.\" The Regents of the University of California. All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. All advertising materials mentioning features or use of this software 15.\" must display the following acknowledgement: 16.\" This product includes software developed by the University of 17.\" California, Berkeley and its contributors. 18.\" 4. Neither the name of the University nor the names of its contributors 19.\" may be used to endorse or promote products derived from this software 20.\" without specific prior written permission. 21.\" 22.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32.\" SUCH DAMAGE. 33.\" 34.\" @(#)setuid.2 8.1 (Berkeley) 6/4/93 35.\" 36.Dd August 18, 2002 37.Dt SETUID 2 38.Os 39.Sh NAME 40.Nm setuid , 41.Nm seteuid , 42.Nm setgid , 43.Nm setegid 44.Nd set user and group ID 45.Sh LIBRARY 46.Lb libc 47.Sh SYNOPSIS 48.Fd #include \*[Lt]unistd.h\*[Gt] 49.Ft int 50.Fn setuid "uid_t uid" 51.Ft int 52.Fn seteuid "uid_t euid" 53.Ft int 54.Fn setgid "gid_t gid" 55.Ft int 56.Fn setegid "gid_t egid" 57.Sh DESCRIPTION 58The 59.Fn setuid 60function 61sets the real and effective 62user IDs and the saved set-user-ID of the current process 63to the specified value. 64The 65.Fn setuid 66function is permitted if the specified ID is equal to the real user ID 67of the process, or if the effective user ID is that of the super user. 68.Pp 69The 70.Fn setgid 71function 72sets the real and effective 73group IDs and the saved set-group-ID of the current process 74to the specified value. 75The 76.Fn setgid 77function is permitted if the specified ID is equal to the real group ID 78of the process, or if the effective user ID is that of the super user. 79Supplementary group IDs remain unchanged. 80.Pp 81The 82.Fn seteuid 83function 84.Pq Fn setegid 85sets the effective user ID (group ID) of the 86current process. 87The effective user ID may be set to the value 88of the real user ID or the saved set-user-ID (see 89.Xr intro 2 90and 91.Xr execve 2 ) ; 92in this way, the effective user ID of a set-user-ID executable 93may be toggled by switching to the real user ID, then re-enabled 94by reverting to the set-user-ID value. 95Similarly, the effective group ID may be set to the value 96of the real group ID or the saved set-group-ID. 97.Sh RETURN VALUES 98Upon success, these functions return 0; 99otherwise \-1 is returned. 100.Pp 101If the user is not the super user, or the uid 102specified is not the real, effective ID, or saved ID, 103these functions return \-1. 104.Sh SEE ALSO 105.Xr getgid 2 , 106.Xr getuid 2 107.Sh STANDARDS 108The 109.Fn setuid 110and 111.Fn setgid 112functions are compliant with the 113.St -p1003.1-90 114specification with 115.Li _POSIX_SAVED_IDS 116not defined. 117We do not implement the 118.Li _POSIX_SAVED_IDS 119option as specified in the standard 120because this would make it impossible for a set-user-ID executable owned 121by a user other than the super-user to permanently revoke its privileges. 122.Pp 123The 124.Fn seteuid 125and 126.Fn setegid 127functions are extensions based on the 128.Tn POSIX 129concept of 130.Li _POSIX_SAVED_IDS , 131and have been proposed for a future revision of the standard. 132They provide the same feature of toggling effective IDs as 133.Li _POSIX_SAVED_IDS , 134but do so independent of the current effective 135ID, rather than requiring the super-user to permanently revoke its 136privileges. 137