1.\" Copyright (c) 1983, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. Neither the name of the University nor the names of its contributors 13.\" may be used to endorse or promote products derived from this software 14.\" without specific prior written permission. 15.\" 16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\" 28.\" @(#)setuid.2 8.1 (Berkeley) 6/4/93 29.\" 30.Dd December 15, 2015 31.Dt SETUID 2 32.Os 33.Sh NAME 34.Nm setuid , 35.Nm seteuid , 36.Nm setgid , 37.Nm setegid 38.Nd set user and group ID 39.Sh LIBRARY 40.Lb libc 41.Sh SYNOPSIS 42.In unistd.h 43.Ft int 44.Fn setuid "uid_t uid" 45.Ft int 46.Fn seteuid "uid_t euid" 47.Ft int 48.Fn setgid "gid_t gid" 49.Ft int 50.Fn setegid "gid_t egid" 51.Sh DESCRIPTION 52The 53.Fn setuid 54system call 55sets the real and effective 56user IDs and the saved set-user-ID of the current process 57to the specified value. 58.\" Comment out next block for !_POSIX_SAVED_IDS 59.\" The real user ID and the saved set-user-ID are changed only if the 60.\" effective user ID is that of the super user. 61.\" I.e. 62.\" .Fn setuid 63.\" system call is equal to 64.\" .Fn seteuid 65.\" system call if the effective user ID is not that of the super user. 66.\" End of block 67The 68.Fn setuid 69system call is permitted if the specified ID is equal to the real user ID 70.\" Comment out next line for !_POSIX_SAVED_IDS 71.\" or the saved set-user-ID 72.\" Next line is for Appendix B.4.2.2 case. 73or the effective user ID 74of the process, or if the effective user ID is that of the super user. 75.Pp 76The 77.Fn setgid 78system call 79sets the real and effective 80group IDs and the saved set-group-ID of the current process 81to the specified value. 82.\" Comment out next block for !_POSIX_SAVED_IDS 83.\" The real group ID and the saved set-group-ID are changed only if the 84.\" effective user ID is that of the super user. 85.\" I.e. 86.\" .Fn setgid 87.\" system call is equal to 88.\" .Fn setegid 89.\" system call if the effective user ID is not that of the super user. 90.\" End of block 91The 92.Fn setgid 93system call is permitted if the specified ID is equal to the real group ID 94.\" Comment out next line for !_POSIX_SAVED_IDS 95.\" or the saved set-group-ID 96.\" Next line is for Appendix B.4.2.2 case. 97or the effective group ID 98of the process, or if the effective user ID is that of the super user. 99.Pp 100The 101.Fn seteuid 102system call 103.Pq Fn setegid 104sets the effective user ID (group ID) of the 105current process. 106The effective user ID may be set to the value 107of the real user ID or the saved set-user-ID (see 108.Xr intro 2 109and 110.Xr execve 2 ) ; 111in this way, the effective user ID of a set-user-ID executable 112may be toggled by switching to the real user ID, then re-enabled 113by reverting to the set-user-ID value. 114Similarly, the effective group ID may be set to the value 115of the real group ID or the saved set-group-ID. 116.Sh RETURN VALUES 117.Rv -std 118.Sh ERRORS 119The system calls will fail if: 120.Bl -tag -width Er 121.It Bq Er EPERM 122The user is not the super user and the ID 123specified is not the real, effective ID, or saved ID. 124.El 125.Sh SEE ALSO 126.Xr getgid 2 , 127.Xr getuid 2 , 128.Xr issetugid 2 , 129.Xr setregid 2 , 130.Xr setreuid 2 131.Sh STANDARDS 132The 133.Fn setuid 134and 135.Fn setgid 136system calls are compliant with the 137.St -p1003.1-90 138specification with 139.Li _POSIX_SAVED_IDS 140.\" Uncomment next line for !_POSIX_SAVED_IDS 141not 142defined with the permitted extensions from Appendix B.4.2.2. 143The 144.Fn seteuid 145and 146.Fn setegid 147system calls are extensions based on the 148.Tn POSIX 149concept of 150.Li _POSIX_SAVED_IDS , 151and have been proposed for a future revision of the standard. 152.Sh HISTORY 153The 154.Fn setuid 155function appeared in 156.At v1 . 157The 158.Fn setgid 159function appeared in 160.At v4 . 161.Sh SECURITY CONSIDERATIONS 162Read and write permissions to files are determined upon a call to 163.Xr open 2 . 164Once a file descriptor is open, dropping privilege does not affect 165the process's read/write permissions, even if the user ID specified 166has no read or write permissions to the file. 167These files normally remain open in any new process executed, 168resulting in a user being able to read or modify 169potentially sensitive data. 170.Pp 171To prevent these files from remaining open after an 172.Xr exec 3 173call, be sure to set the close-on-exec flag: 174.Bd -literal 175void 176pseudocode(void) 177{ 178 int fd; 179 /* ... */ 180 181 fd = open("/path/to/sensitive/data", O_RDWR | O_CLOEXEC); 182 if (fd == -1) 183 err(1, "open"); 184 185 /* ... */ 186 execve(path, argv, environ); 187} 188.Ed 189