1SETGID(2)                  Linux Programmer's Manual                 SETGID(2)
2
3
4

NAME

6       setgid - set group identity
7

SYNOPSIS

9       #include <sys/types.h>
10       #include <unistd.h>
11
12       int setgid(gid_t gid);
13

DESCRIPTION

15       setgid()  sets  the  effective group ID of the calling process.  If the
16       calling process is privileged (has the  CAP_SETGID  capability  in  its
17       user namespace), the real GID and saved set-group-ID are also set.
18
19       Under  Linux,  setgid()  is implemented like the POSIX version with the
20       _POSIX_SAVED_IDS feature.  This allows a set-group-ID program  that  is
21       not  set-user-ID-root  to drop all of its group privileges, do some un-
22       privileged work, and then reengage the original effective group ID in a
23       secure manner.
24

RETURN VALUE

26       On  success,  zero is returned.  On error, -1 is returned, and errno is
27       set appropriately.
28

ERRORS

30       EINVAL The group ID specified in gid is not valid in this  user  names‐
31              pace.
32
33       EPERM  The  calling  process  is  not  privileged  (does  not  have the
34              CAP_SETGID capability), and gid does not match the real group ID
35              or saved set-group-ID of the calling process.
36

CONFORMING TO

38       POSIX.1-2001, POSIX.1-2008, SVr4.
39

NOTES

41       The  original  Linux  setgid()  system call supported only 16-bit group
42       IDs.  Subsequently, Linux 2.4 added setgid32() supporting  32-bit  IDs.
43       The glibc setgid() wrapper function transparently deals with the varia‐
44       tion across kernel versions.
45
46   C library/kernel differences
47       At the kernel level, user IDs and group IDs are a per-thread attribute.
48       However,  POSIX  requires  that all threads in a process share the same
49       credentials.  The  NPTL  threading  implementation  handles  the  POSIX
50       requirements  by  providing  wrapper  functions  for the various system
51       calls that change process  UIDs  and  GIDs.   These  wrapper  functions
52       (including  the  one  for  setgid()) employ a signal-based technique to
53       ensure that when one thread  changes  credentials,  all  of  the  other
54       threads in the process also change their credentials.  For details, see
55       nptl(7).
56

SEE ALSO

58       getgid(2), setegid(2),  setregid(2),  capabilities(7),  credentials(7),
59       user_namespaces(7)
60

COLOPHON

62       This  page  is  part of release 4.15 of the Linux man-pages project.  A
63       description of the project, information about reporting bugs,  and  the
64       latest     version     of     this    page,    can    be    found    at
65       https://www.kernel.org/doc/man-pages/.
66
67
68
69Linux                             2017-09-15                         SETGID(2)
Impressum