1.\" Copyright (c) 1983, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. Neither the name of the University nor the names of its contributors 13.\" may be used to endorse or promote products derived from this software 14.\" without specific prior written permission. 15.\" 16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\" 28.\" @(#)setuid.2 8.1 (Berkeley) 6/4/93 29.\" $FreeBSD$ 30.\" 31.Dd December 15, 2015 32.Dt SETUID 2 33.Os 34.Sh NAME 35.Nm setuid , 36.Nm seteuid , 37.Nm setgid , 38.Nm setegid 39.Nd set user and group ID 40.Sh LIBRARY 41.Lb libc 42.Sh SYNOPSIS 43.In unistd.h 44.Ft int 45.Fn setuid "uid_t uid" 46.Ft int 47.Fn seteuid "uid_t euid" 48.Ft int 49.Fn setgid "gid_t gid" 50.Ft int 51.Fn setegid "gid_t egid" 52.Sh DESCRIPTION 53The 54.Fn setuid 55system call 56sets the real and effective 57user IDs and the saved set-user-ID of the current process 58to the specified value. 59.\" Comment out next block for !_POSIX_SAVED_IDS 60.\" The real user ID and the saved set-user-ID are changed only if the 61.\" effective user ID is that of the super user. 62.\" I.e. 63.\" .Fn setuid 64.\" system call is equal to 65.\" .Fn seteuid 66.\" system call if the effective user ID is not that of the super user. 67.\" End of block 68The 69.Fn setuid 70system call is permitted if the specified ID is equal to the real user ID 71.\" Comment out next line for !_POSIX_SAVED_IDS 72.\" or the saved set-user-ID 73.\" Next line is for Appendix B.4.2.2 case. 74or the effective user ID 75of the process, or if the effective user ID is that of the super user. 76.Pp 77The 78.Fn setgid 79system call 80sets the real and effective 81group IDs and the saved set-group-ID of the current process 82to the specified value. 83.\" Comment out next block for !_POSIX_SAVED_IDS 84.\" The real group ID and the saved set-group-ID are changed only if the 85.\" effective user ID is that of the super user. 86.\" I.e. 87.\" .Fn setgid 88.\" system call is equal to 89.\" .Fn setegid 90.\" system call if the effective user ID is not that of the super user. 91.\" End of block 92The 93.Fn setgid 94system call is permitted if the specified ID is equal to the real group ID 95.\" Comment out next line for !_POSIX_SAVED_IDS 96.\" or the saved set-group-ID 97.\" Next line is for Appendix B.4.2.2 case. 98or the effective group ID 99of the process, or if the effective user ID is that of the super user. 100.Pp 101The 102.Fn seteuid 103system call 104.Pq Fn setegid 105sets the effective user ID (group ID) of the 106current process. 107The effective user ID may be set to the value 108of the real user ID or the saved set-user-ID (see 109.Xr intro 2 110and 111.Xr execve 2 ) ; 112in this way, the effective user ID of a set-user-ID executable 113may be toggled by switching to the real user ID, then re-enabled 114by reverting to the set-user-ID value. 115Similarly, the effective group ID may be set to the value 116of the real group ID or the saved set-group-ID. 117.Sh RETURN VALUES 118.Rv -std 119.Sh ERRORS 120The system calls will fail if: 121.Bl -tag -width Er 122.It Bq Er EPERM 123The user is not the super user and the ID 124specified is not the real, effective ID, or saved ID. 125.El 126.Sh SEE ALSO 127.Xr getgid 2 , 128.Xr getuid 2 , 129.Xr issetugid 2 , 130.Xr setregid 2 , 131.Xr setreuid 2 132.Sh STANDARDS 133The 134.Fn setuid 135and 136.Fn setgid 137system calls are compliant with the 138.St -p1003.1-90 139specification with 140.Li _POSIX_SAVED_IDS 141.\" Uncomment next line for !_POSIX_SAVED_IDS 142not 143defined with the permitted extensions from Appendix B.4.2.2. 144The 145.Fn seteuid 146and 147.Fn setegid 148system calls are extensions based on the 149.Tn POSIX 150concept of 151.Li _POSIX_SAVED_IDS , 152and have been proposed for a future revision of the standard. 153.Sh HISTORY 154The 155.Fn setuid 156function appeared in 157.At v1 . 158The 159.Fn setgid 160function appeared in 161.At v4 . 162.Sh SECURITY CONSIDERATIONS 163Read and write permissions to files are determined upon a call to 164.Xr open 2 . 165Once a file descriptor is open, dropping privilege does not affect 166the process's read/write permissions, even if the user ID specified 167has no read or write permissions to the file. 168These files normally remain open in any new process executed, 169resulting in a user being able to read or modify 170potentially sensitive data. 171.Pp 172To prevent these files from remaining open after an 173.Xr exec 3 174call, be sure to set the close-on-exec flag: 175.Bd -literal 176void 177pseudocode(void) 178{ 179 int fd; 180 /* ... */ 181 182 fd = open("/path/to/sensitive/data", O_RDWR | O_CLOEXEC); 183 if (fd == -1) 184 err(1, "open"); 185 186 /* ... */ 187 execve(path, argv, environ); 188} 189.Ed 190