1getgroups(2)                  System Calls Manual                 getgroups(2)
2
3
4

NAME

6       getgroups, setgroups - get/set list of supplementary group IDs
7

LIBRARY

9       Standard C library (libc, -lc)
10

SYNOPSIS

12       #include <unistd.h>
13
14       int getgroups(int size, gid_t list[]);
15
16       #include <grp.h>
17
18       int setgroups(size_t size, const gid_t *_Nullable list);
19
20   Feature Test Macro Requirements for glibc (see feature_test_macros(7)):
21
22       setgroups():
23           Since glibc 2.19:
24               _DEFAULT_SOURCE
25           glibc 2.19 and earlier:
26               _BSD_SOURCE
27

DESCRIPTION

29       getgroups()  returns the supplementary group IDs of the calling process
30       in list.  The argument size should be set  to  the  maximum  number  of
31       items  that  can  be  stored  in the buffer pointed to by list.  If the
32       calling process is a member of more  than  size  supplementary  groups,
33       then an error results.
34
35       It is unspecified whether the effective group ID of the calling process
36       is included in the returned list.  (Thus, an  application  should  also
37       call getegid(2) and add or remove the resulting value.)
38
39       If  size is zero, list is not modified, but the total number of supple‐
40       mentary group IDs for the process is returned.  This allows the  caller
41       to  determine  the size of a dynamically allocated list to be used in a
42       further call to getgroups().
43
44       setgroups() sets the supplementary group IDs for the  calling  process.
45       Appropriate  privileges  are required (see the description of the EPERM
46       error, below).  The size argument specifies the number of supplementary
47       group  IDs in the buffer pointed to by list.  A process can drop all of
48       its supplementary groups with the call:
49
50           setgroups(0, NULL);
51

RETURN VALUE

53       On success, getgroups() returns the number of supplementary group  IDs.
54       On error, -1 is returned, and errno is set to indicate the error.
55
56       On success, setgroups() returns 0.  On error, -1 is returned, and errno
57       is set to indicate the error.
58

ERRORS

60       EFAULT list has an invalid address.
61
62       getgroups() can additionally fail with the following error:
63
64       EINVAL size is less than the number of supplementary group IDs, but  is
65              not zero.
66
67       setgroups() can additionally fail with the following errors:
68
69       EINVAL size  is  greater than NGROUPS_MAX (32 before Linux 2.6.4; 65536
70              since Linux 2.6.4).
71
72       ENOMEM Out of memory.
73
74       EPERM  The calling process has insufficient privilege (the caller  does
75              not  have  the  CAP_SETGID  capability  in the user namespace in
76              which it resides).
77
78       EPERM (since Linux 3.19)
79              The use of setgroups() is denied in this  user  namespace.   See
80              the description of /proc/pid/setgroups in user_namespaces(7).
81

VERSIONS

83   C library/kernel differences
84       At the kernel level, user IDs and group IDs are a per-thread attribute.
85       However, POSIX requires that all threads in a process  share  the  same
86       credentials.   The  NPTL threading implementation handles the POSIX re‐
87       quirements by providing wrapper functions for the various system  calls
88       that  change process UIDs and GIDs.  These wrapper functions (including
89       the one for setgroups()) employ a signal-based technique to ensure that
90       when  one  thread  changes credentials, all of the other threads in the
91       process also change their credentials.  For details, see nptl(7).
92

STANDARDS

94       getgroups()
95              POSIX.1-2008.
96
97       setgroups()
98              None.
99

HISTORY

101       getgroups()
102              SVr4, 4.3BSD, POSIX.1-2001.
103
104       setgroups()
105              SVr4, 4.3BSD.  Since setgroups() requires privilege, it  is  not
106              covered by POSIX.1.
107
108       The  original Linux getgroups() system call supported only 16-bit group
109       IDs.  Subsequently, Linux 2.4 added  getgroups32(),  supporting  32-bit
110       IDs.   The  glibc getgroups() wrapper function transparently deals with
111       the variation across kernel versions.
112

NOTES

114       A process can have up to NGROUPS_MAX supplementary group IDs  in  addi‐
115       tion to the effective group ID.  The constant NGROUPS_MAX is defined in
116       <limits.h>.  The set of supplementary group IDs is inherited  from  the
117       parent process, and preserved across an execve(2).
118
119       The  maximum number of supplementary group IDs can be found at run time
120       using sysconf(3):
121
122           long ngroups_max;
123           ngroups_max = sysconf(_SC_NGROUPS_MAX);
124
125       The maximum return value of getgroups() cannot be larger than one  more
126       than  this  value.  Since Linux 2.6.4, the maximum number of supplemen‐
127       tary group IDs is also exposed via the Linux-specific  read-only  file,
128       /proc/sys/kernel/ngroups_max.
129

SEE ALSO

131       getgid(2),  setgid(2), getgrouplist(3), group_member(3), initgroups(3),
132       capabilities(7), credentials(7)
133
134
135
136Linux man-pages 6.04              2023-03-30                      getgroups(2)
Impressum