1CAPNG_CHANGE_ID(3) Libcap-ng API CAPNG_CHANGE_ID(3)
2
6 capng_change_id - change the credentials retaining capabilities
7
9 #include <cap-ng.h>
10 int capng_change_id(int uid, int gid, capng_flags_t flag);
12
15 This function will change uid and gid to the ones given while retaining
16 the capabilities previously specified in capng_update. It is not neces‐
17 sary and perhaps better if capng_apply has not been called prior to
18 this function so that all necessary privileges are still intact. The
19 caller is required to have CAP_SETPCAP capability still active before
20 calling this function.
21 This function also takes a flag parameter that helps to tailor the
23 exact actions performed by the function to secure the environment. The
24 option may be or'ed together. The legal values are:
25 CAPNG_NO_FLAG
28 Simply change uid and retain specified capabilities and
29 that's all.
30 CAPNG_DROP_SUPP_GRP
32 After changing id, remove and supplement groups that may
33 come with the account.
34 CAPNG_CLEAR_BOUNDING
36 After changing the uid and gid, clear the bounding set
37 regardless to the internal representation already setup.
38
41 This returns 0 on success and a negative number on failure. -1 means
42 capng has not been initted properly, -2 means a failure requesting to
43 keep capabilities across the uid change, -3 means that applying the
44 intermediate capabilities failed, -4 means changing gid failed, -5
45 means dropping supplemental groups failed, -6 means changing the uid
46 failed, -7 means dropping the ability to retain caps across a uid
47 change failed, -8 means clearing the bounding set failed, -9 means
48 dropping CAP_SETPCAP failed.
49 Note: the only safe action to do upon failure of this function is to
51 probably exit. This is because you are likely in a situation with par‐
52 tial permissions and not what you intended.
53
56 capng_update(3), capng_apply(3), prctl(2), capabilities(7)
57
60 Steve Grubb
61Red Hat June 2009 CAPNG_CHANGE_ID(3)