logo

oasis-root

Compiled tree of Oasis Linux based on own branch at <https://hacktivis.me/git/oasis/> git clone https://anongit.hacktivis.me/git/oasis-root.git

setreuid.3p (4516B)


  1. '\" et
  2. .TH SETREUID "3P" 2017 "IEEE/The Open Group" "POSIX Programmer's Manual"
  3. .\"
  4. .SH PROLOG
  5. This manual page is part of the POSIX Programmer's Manual.
  6. The Linux implementation of this interface may differ (consult
  7. the corresponding Linux manual page for details of Linux behavior),
  8. or the interface may not be implemented on Linux.
  9. .\"
  10. .SH NAME
  11. setreuid
  12. \(em set real and effective user IDs
  13. .SH SYNOPSIS
  14. .LP
  15. .nf
  16. #include <unistd.h>
  17. .P
  18. int setreuid(uid_t \fIruid\fP, uid_t \fIeuid\fP);
  19. .fi
  20. .SH DESCRIPTION
  21. The
  22. \fIsetreuid\fR()
  23. function shall set the real and effective user IDs of the current
  24. process to the values specified by the
  25. .IR ruid
  26. and
  27. .IR euid
  28. arguments. If
  29. .IR ruid
  30. or
  31. .IR euid
  32. is \-1, the corresponding effective or real user ID of the current
  33. process shall be left unchanged.
  34. .P
  35. A process with appropriate privileges can set either ID to any value.
  36. An unprivileged process can only set the effective user ID if the
  37. .IR euid
  38. argument is equal to either the real, effective, or saved user ID of
  39. the process.
  40. .P
  41. If the real user ID is being set (\c
  42. .IR ruid
  43. is not \-1), or the effective user ID is being set to a value not
  44. equal to the real user ID, then the saved set-user-ID of the current
  45. process shall be set equal to the new effective user ID.
  46. .P
  47. It is unspecified whether a process without appropriate privileges is
  48. permitted to change the real user ID to match the current effective user
  49. ID or saved set-user-ID of the process.
  50. .SH "RETURN VALUE"
  51. Upon successful completion, 0 shall be returned. Otherwise, \-1
  52. shall be returned and
  53. .IR errno
  54. set to indicate the error.
  55. .SH ERRORS
  56. The
  57. \fIsetreuid\fR()
  58. function shall fail if:
  59. .TP
  60. .BR EINVAL
  61. The value of the
  62. .IR ruid
  63. or
  64. .IR euid
  65. argument is invalid or out-of-range.
  66. .TP
  67. .BR EPERM
  68. The current process does not have appropriate privileges, and either an
  69. attempt was made to change the effective user ID to a value other than
  70. the real user ID or the saved set-user-ID or an attempt was made to
  71. change the real user ID to a value not permitted by the
  72. implementation.
  73. .LP
  74. .IR "The following sections are informative."
  75. .SH EXAMPLES
  76. .SS "Setting the Effective User ID to the Real User ID"
  77. .P
  78. The following example sets the effective user ID of the calling process
  79. to the real user ID, so that files created later will be owned by the
  80. current user. It also sets the saved set-user-ID to the real user ID,
  81. so any future attempt to set the effective user ID back to its previous
  82. value will fail.
  83. .sp
  84. .RS 4
  85. .nf
  86. #include <unistd.h>
  87. #include <sys/types.h>
  88. \&...
  89. setreuid(getuid(), getuid());
  90. \&...
  91. .fi
  92. .P
  93. .RE
  94. .SH "APPLICATION USAGE"
  95. None.
  96. .SH RATIONALE
  97. Earlier versions of this standard did not specify whether the saved
  98. set-user-ID was affected by
  99. \fIsetreuid\fR()
  100. calls. This version specifies common existing practice that constitutes
  101. an important security feature. The ability to set both the effective user
  102. ID and saved set-user-ID to be the same as the real user ID means that
  103. any security weakness in code that is executed after that point cannot
  104. result in malicious code being executed with the previous effective user
  105. ID. Privileged applications could already do this using just
  106. \fIsetuid\fR(),
  107. but for non-privileged applications the only standard method available
  108. is to use this feature of
  109. \fIsetreuid\fR().
  110. .SH "FUTURE DIRECTIONS"
  111. None.
  112. .SH "SEE ALSO"
  113. .IR "\fIgetegid\fR\^(\|)",
  114. .IR "\fIgeteuid\fR\^(\|)",
  115. .IR "\fIgetgid\fR\^(\|)",
  116. .IR "\fIgetuid\fR\^(\|)",
  117. .IR "\fIsetegid\fR\^(\|)",
  118. .IR "\fIseteuid\fR\^(\|)",
  119. .IR "\fIsetgid\fR\^(\|)",
  120. .IR "\fIsetregid\fR\^(\|)",
  121. .IR "\fIsetuid\fR\^(\|)"
  122. .P
  123. The Base Definitions volume of POSIX.1\(hy2017,
  124. .IR "\fB<unistd.h>\fP"
  125. .\"
  126. .SH COPYRIGHT
  127. Portions of this text are reprinted and reproduced in electronic form
  128. from IEEE Std 1003.1-2017, Standard for Information Technology
  129. -- Portable Operating System Interface (POSIX), The Open Group Base
  130. Specifications Issue 7, 2018 Edition,
  131. Copyright (C) 2018 by the Institute of
  132. Electrical and Electronics Engineers, Inc and The Open Group.
  133. In the event of any discrepancy between this version and the original IEEE and
  134. The Open Group Standard, the original IEEE and The Open Group Standard
  135. is the referee document. The original Standard can be obtained online at
  136. http://www.opengroup.org/unix/online.html .
  137. .PP
  138. Any typographical or formatting errors that appear
  139. in this page are most likely
  140. to have been introduced during the conversion of the source files to
  141. man page format. To report such errors, see
  142. https://www.kernel.org/doc/man-pages/reporting_bugs.html .