1SETGID(2)                  Linux Programmer's Manual                 SETGID(2)
2
3
4

NAME

6       setgid - set group identity
7

SYNOPSIS

9       #include <sys/types.h>
10       #include <unistd.h>
11
12       int setgid(gid_t gid);
13

DESCRIPTION

15       setgid()  sets  the  effective group ID of the calling process.  If the
16       calling process is privileged (more precisely: has the CAP_SETGID capa‐
17       bility  in its user namespace), the real GID and saved set-group-ID are
18       also set.
19
20       Under Linux, setgid() is implemented like the POSIX  version  with  the
21       _POSIX_SAVED_IDS  feature.   This allows a set-group-ID program that is
22       not set-user-ID-root to drop all of its group privileges, do  some  un-
23       privileged work, and then reengage the original effective group ID in a
24       secure manner.
25

RETURN VALUE

27       On success, zero is returned.  On error, -1 is returned, and  errno  is
28       set appropriately.
29

ERRORS

31       EINVAL The  group  ID specified in gid is not valid in this user names‐
32              pace.
33
34       EPERM  The calling  process  is  not  privileged  (does  not  have  the
35              CAP_SETGID  capability  in its user namespace), and gid does not
36              match the real group ID or saved  set-group-ID  of  the  calling
37              process.
38

CONFORMING TO

40       POSIX.1-2001, POSIX.1-2008, SVr4.
41

NOTES

43       The  original  Linux  setgid()  system call supported only 16-bit group
44       IDs.  Subsequently, Linux 2.4 added setgid32() supporting  32-bit  IDs.
45       The glibc setgid() wrapper function transparently deals with the varia‐
46       tion across kernel versions.
47
48   C library/kernel differences
49       At the kernel level, user IDs and group IDs are a per-thread attribute.
50       However,  POSIX  requires  that all threads in a process share the same
51       credentials.  The  NPTL  threading  implementation  handles  the  POSIX
52       requirements  by  providing  wrapper  functions  for the various system
53       calls that change process  UIDs  and  GIDs.   These  wrapper  functions
54       (including  the  one  for  setgid()) employ a signal-based technique to
55       ensure that when one thread  changes  credentials,  all  of  the  other
56       threads in the process also change their credentials.  For details, see
57       nptl(7).
58

SEE ALSO

60       getgid(2), setegid(2),  setregid(2),  capabilities(7),  credentials(7),
61       user_namespaces(7)
62

COLOPHON

64       This  page  is  part of release 5.07 of the Linux man-pages project.  A
65       description of the project, information about reporting bugs,  and  the
66       latest     version     of     this    page,    can    be    found    at
67       https://www.kernel.org/doc/man-pages/.
68
69
70
71Linux                             2019-03-06                         SETGID(2)
Impressum