1SETREGID(3P)               POSIX Programmer's Manual              SETREGID(3P)
2
3
4

PROLOG

6       This  manual  page is part of the POSIX Programmer's Manual.  The Linux
7       implementation of this interface may differ (consult the  corresponding
8       Linux  manual page for details of Linux behavior), or the interface may
9       not be implemented on Linux.
10
11

NAME

13       setregid — set real and effective group IDs
14

SYNOPSIS

16       #include <unistd.h>
17
18       int setregid(gid_t rgid, gid_t egid);
19

DESCRIPTION

21       The setregid() function shall set the real and effective group  IDs  of
22       the calling process.
23
24       If  rgid  is −1, the real group ID shall not be changed; if egid is −1,
25       the effective group ID shall not be changed.
26
27       The real and effective group IDs may be set to different values in  the
28       same call.
29
30       Only  a  process  with appropriate privileges can set the real group ID
31       and the effective group ID to any valid value.
32
33       A non-privileged process can set either the real group ID to the  saved
34       set-group-ID from one of the exec family of functions, or the effective
35       group ID to the saved set-group-ID or the real group ID.
36
37       If the real group ID is being set (rgid is not −1),  or  the  effective
38       group  ID  is being set to a value not equal to the real group ID, then
39       the saved set-group-ID of the current process shall be set equal to the
40       new effective group ID.
41
42       Any supplementary group IDs of the calling process remain unchanged.
43

RETURN VALUE

45       Upon successful completion, 0 shall be returned. Otherwise, −1 shall be
46       returned and errno set to indicate the error, and neither of the  group
47       IDs are changed.
48

ERRORS

50       The setregid() function shall fail if:
51
52       EINVAL The  value  of  the  rgid or egid argument is invalid or out-of-
53              range.
54
55       EPERM  The process does not have appropriate privileges  and  a  change
56              other than changing the real group ID to the saved set-group-ID,
57              or changing the effective group ID to the real group ID  or  the
58              saved set-group-ID, was requested.
59
60       The following sections are informative.
61

EXAMPLES

63       None.
64

APPLICATION USAGE

66       If a non-privileged set-group-ID process sets its effective group ID to
67       its real group ID, it can only set its effective group ID back  to  the
68       previous  value if rgid was −1 in the setregid() call, since the saved-
69       group-ID is not changed in that case. If rgid was  equal  to  the  real
70       group  ID in the setregid() call, then the saved set-group-ID will also
71       have been changed to the real user ID.
72

RATIONALE

74       Earlier versions of this standard did not  specify  whether  the  saved
75       set-group-ID  was  affected by setregid() calls. This version specifies
76       common existing practice that constitutes an  important  security  fea‐
77       ture.  The  ability  to  set both the effective group ID and saved set-
78       group-ID to be the same as the real group ID means  that  any  security
79       weakness  in  code  that  is executed after that point cannot result in
80       malicious code being executed with the  previous  effective  group  ID.
81       Privileged  applications could already do this using just setgid(), but
82       for non-privileged applications the only standard method  available  is
83       to use this feature of setregid().
84

FUTURE DIRECTIONS

86       None.
87

SEE ALSO

89       exec,  getegid(),  geteuid(), getgid(), getuid(), setegid(), seteuid(),
90       setgid(), setreuid(), setuid()
91
92       The Base Definitions volume of POSIX.1‐2008, <unistd.h>
93
95       Portions of this text are reprinted and reproduced in  electronic  form
96       from IEEE Std 1003.1, 2013 Edition, Standard for Information Technology
97       -- Portable Operating System Interface (POSIX),  The  Open  Group  Base
98       Specifications Issue 7, Copyright (C) 2013 by the Institute of Electri‐
99       cal and Electronics Engineers,  Inc  and  The  Open  Group.   (This  is
100       POSIX.1-2008  with  the  2013  Technical Corrigendum 1 applied.) In the
101       event of any discrepancy between this version and the original IEEE and
102       The  Open Group Standard, the original IEEE and The Open Group Standard
103       is the referee document. The original Standard can be  obtained  online
104       at http://www.unix.org/online.html .
105
106       Any  typographical  or  formatting  errors that appear in this page are
107       most likely to have been introduced during the conversion of the source
108       files  to  man page format. To report such errors, see https://www.ker
109       nel.org/doc/man-pages/reporting_bugs.html .
110
111
112
113IEEE/The Open Group                  2013                         SETREGID(3P)
Impressum