1SETGID(2)                  Linux Programmer's Manual                 SETGID(2)
2
3
4

NAME

6       setgid - set group identity
7

SYNOPSIS

9       #include <sys/types.h>
10       #include <unistd.h>
11
12       int setgid(gid_t gid);
13

DESCRIPTION

15       setgid()  sets  the  effective group ID of the calling process.  If the
16       calling process is privileged (more precisely: has the CAP_SETGID capa‐
17       bility  in its user namespace), the real GID and saved set-group-ID are
18       also set.
19
20       Under Linux, setgid() is implemented like the POSIX  version  with  the
21       _POSIX_SAVED_IDS  feature.   This allows a set-group-ID program that is
22       not set-user-ID-root to drop all of its group privileges, do  some  un-
23       privileged work, and then reengage the original effective group ID in a
24       secure manner.
25

RETURN VALUE

27       On success, zero is returned.  On error, -1 is returned, and  errno  is
28       set appropriately.
29

ERRORS

31       EINVAL The  group  ID specified in gid is not valid in this user names‐
32              pace.
33
34       EPERM  The calling  process  is  not  privileged  (does  not  have  the
35              CAP_SETGID capability), and gid does not match the real group ID
36              or saved set-group-ID of the calling process.
37

CONFORMING TO

39       POSIX.1-2001, POSIX.1-2008, SVr4.
40

NOTES

42       The original Linux setgid() system call  supported  only  16-bit  group
43       IDs.   Subsequently,  Linux 2.4 added setgid32() supporting 32-bit IDs.
44       The glibc setgid() wrapper function transparently deals with the varia‐
45       tion across kernel versions.
46
47   C library/kernel differences
48       At the kernel level, user IDs and group IDs are a per-thread attribute.
49       However, POSIX requires that all threads in a process  share  the  same
50       credentials.   The  NPTL  threading  implementation  handles  the POSIX
51       requirements by providing wrapper  functions  for  the  various  system
52       calls  that  change  process  UIDs  and  GIDs.  These wrapper functions
53       (including the one for setgid()) employ  a  signal-based  technique  to
54       ensure  that  when  one  thread  changes  credentials, all of the other
55       threads in the process also change their credentials.  For details, see
56       nptl(7).
57

SEE ALSO

59       getgid(2),  setegid(2),  setregid(2),  capabilities(7), credentials(7),
60       user_namespaces(7)
61

COLOPHON

63       This page is part of release 4.16 of the Linux  man-pages  project.   A
64       description  of  the project, information about reporting bugs, and the
65       latest    version    of    this    page,    can     be     found     at
66       https://www.kernel.org/doc/man-pages/.
67
68
69
70Linux                             2017-09-15                         SETGID(2)
Impressum