1CAPNG_CHANGE_ID(3)               Libcap-ng API              CAPNG_CHANGE_ID(3)
2
3
4

NAME

6       capng_change_id - change the credentials retaining capabilities
7

SYNOPSIS

9       #include <cap-ng.h>
10
11       int capng_change_id(int uid, int gid, capng_flags_t flag);
12
13

DESCRIPTION

15       This function will change uid and gid to the ones given while retaining
16       the capabilities previously specified in capng_update. It is not neces‐
17       sary  and  perhaps  better  if capng_apply has not been called prior to
18       this function so that all necessary privileges are  still  intact.  The
19       caller  is  required to have CAP_SETPCAP capability still active before
20       calling this function.
21
22       This function also takes a flag parameter  that  helps  to  tailor  the
23       exact  actions performed by the function to secure the environment. The
24       option may be or'ed together. The legal values are:
25
26
27              CAPNG_NO_FLAG
28                     Simply change uid and retain specified  capabilities  and
29                     that's all.
30
31              CAPNG_DROP_SUPP_GRP
32                     After  changing id, remove any supplement groups that may
33                     still be in effect from the old uid.
34
35              CAPNG_INIT_SUPP_GRP
36                     After changing id, initialize any supplement groups  that
37                     may   come   with   the   new   account.  If  given  with
38                     CAPNG_DROP_SUPP_GRP it will have no effect.
39
40              CAPNG_CLEAR_BOUNDING
41                     After changing the uid and gid, clear  the  bounding  set
42                     regardless to the internal representation already setup.
43
44

RETURN VALUE

46       This  returns  0  on success and a negative number on failure. -1 means
47       capng has not been initted properly, -2 means a failure  requesting  to
48       keep  capabilities  across  the  uid change, -3 means that applying the
49       intermediate capabilities failed, -4  means  changing  gid  failed,  -5
50       means  dropping  supplemental  groups failed, -6 means changing the uid
51       failed, -7 means dropping the ability  to  retain  caps  across  a  uid
52       change  failed,  -8  means  clearing  the bounding set failed, -9 means
53       dropping CAP_SETPCAP failed, -10 means initializing supplemental groups
54       failed.
55
56       Note:  the  only  safe action to do upon failure of this function is to
57       probably exit. This is because you are likely in a situation with  par‐
58       tial permissions and not what you intended.
59
60

SEE ALSO

62       capng_update(3), capng_apply(3), prctl(2), capabilities(7)
63
64

AUTHOR

66       Steve Grubb
67
68
69
70Red Hat                            Feb 2013                 CAPNG_CHANGE_ID(3)
Impressum