logo

oasis-root

Compiled tree of Oasis Linux based on own branch at <https://hacktivis.me/git/oasis/> git clone https://anongit.hacktivis.me/git/oasis-root.git

setregid.3p (4480B)


  1. '\" et
  2. .TH SETREGID "3P" 2017 "IEEE/The Open Group" "POSIX Programmer's Manual"
  3. .\"
  4. .SH PROLOG
  5. This manual page is part of the POSIX Programmer's Manual.
  6. The Linux implementation of this interface may differ (consult
  7. the corresponding Linux manual page for details of Linux behavior),
  8. or the interface may not be implemented on Linux.
  9. .\"
  10. .SH NAME
  11. setregid
  12. \(em set real and effective group IDs
  13. .SH SYNOPSIS
  14. .LP
  15. .nf
  16. #include <unistd.h>
  17. .P
  18. int setregid(gid_t \fIrgid\fP, gid_t \fIegid\fP);
  19. .fi
  20. .SH DESCRIPTION
  21. The
  22. \fIsetregid\fR()
  23. function shall set the real and effective group IDs of the calling
  24. process.
  25. .P
  26. If
  27. .IR rgid
  28. is \-1, the real group ID shall not be changed; if
  29. .IR egid
  30. is \-1, the effective group ID shall not be changed.
  31. .P
  32. The real and effective group IDs may be set to different values in the
  33. same call.
  34. .P
  35. Only a process with appropriate privileges can set the real group ID
  36. and the effective group ID to any valid value.
  37. .P
  38. A non-privileged process can set either the real group ID to the saved
  39. set-group-ID from one of the
  40. .IR exec
  41. family of functions, or the effective group ID to the saved
  42. set-group-ID or the real group ID.
  43. .P
  44. If the real group ID is being set (\c
  45. .IR rgid
  46. is not \-1), or the effective group ID is being set to a value not
  47. equal to the real group ID, then the saved set-group-ID of the current
  48. process shall be set equal to the new effective group ID.
  49. .P
  50. Any supplementary group IDs of the calling process remain unchanged.
  51. .SH "RETURN VALUE"
  52. Upon successful completion, 0 shall be returned. Otherwise, \-1
  53. shall be returned and
  54. .IR errno
  55. set to indicate the error, and neither of the group IDs are changed.
  56. .SH ERRORS
  57. The
  58. \fIsetregid\fR()
  59. function shall fail if:
  60. .TP
  61. .BR EINVAL
  62. The value of the
  63. .IR rgid
  64. or
  65. .IR egid
  66. argument is invalid or out-of-range.
  67. .TP
  68. .BR EPERM
  69. The process does not have appropriate privileges and a change other
  70. than changing the real group ID to the saved set-group-ID, or changing
  71. the effective group ID to the real group ID or the saved set-group-ID,
  72. was requested.
  73. .LP
  74. .IR "The following sections are informative."
  75. .SH EXAMPLES
  76. None.
  77. .SH "APPLICATION USAGE"
  78. If a non-privileged set-group-ID process sets its effective group ID to
  79. its real group ID, it can only set its effective group ID back to the
  80. previous value if
  81. .IR rgid
  82. was \-1 in the
  83. \fIsetregid\fR()
  84. call, since the saved-group-ID is not changed in that case. If
  85. .IR rgid
  86. was equal to the real group ID in the
  87. \fIsetregid\fR()
  88. call, then the saved set-group-ID will also have been changed to the
  89. real user ID.
  90. .SH RATIONALE
  91. Earlier versions of this standard did not specify whether the saved
  92. set-group-ID was affected by
  93. \fIsetregid\fR()
  94. calls. This version specifies common existing practice that constitutes an
  95. important security feature. The ability to set both the effective group
  96. ID and saved set-group-ID to be the same as the real group ID means that
  97. any security weakness in code that is executed after that point cannot
  98. result in malicious code being executed with the previous effective
  99. group ID. Privileged applications could already do this using just
  100. \fIsetgid\fR(),
  101. but for non-privileged applications the only standard method available
  102. is to use this feature of
  103. \fIsetregid\fR().
  104. .SH "FUTURE DIRECTIONS"
  105. None.
  106. .SH "SEE ALSO"
  107. .IR "\fIexec\fR\^",
  108. .IR "\fIgetegid\fR\^(\|)",
  109. .IR "\fIgeteuid\fR\^(\|)",
  110. .IR "\fIgetgid\fR\^(\|)",
  111. .IR "\fIgetuid\fR\^(\|)",
  112. .IR "\fIsetegid\fR\^(\|)",
  113. .IR "\fIseteuid\fR\^(\|)",
  114. .IR "\fIsetgid\fR\^(\|)",
  115. .IR "\fIsetreuid\fR\^(\|)",
  116. .IR "\fIsetuid\fR\^(\|)"
  117. .P
  118. The Base Definitions volume of POSIX.1\(hy2017,
  119. .IR "\fB<unistd.h>\fP"
  120. .\"
  121. .SH COPYRIGHT
  122. Portions of this text are reprinted and reproduced in electronic form
  123. from IEEE Std 1003.1-2017, Standard for Information Technology
  124. -- Portable Operating System Interface (POSIX), The Open Group Base
  125. Specifications Issue 7, 2018 Edition,
  126. Copyright (C) 2018 by the Institute of
  127. Electrical and Electronics Engineers, Inc and The Open Group.
  128. In the event of any discrepancy between this version and the original IEEE and
  129. The Open Group Standard, the original IEEE and The Open Group Standard
  130. is the referee document. The original Standard can be obtained online at
  131. http://www.opengroup.org/unix/online.html .
  132. .PP
  133. Any typographical or formatting errors that appear
  134. in this page are most likely
  135. to have been introduced during the conversion of the source files to
  136. man page format. To report such errors, see
  137. https://www.kernel.org/doc/man-pages/reporting_bugs.html .