1SETGID(2)                  Linux Programmer's Manual                 SETGID(2)
2
3
4

NAME

6       setgid - set group identity
7

SYNOPSIS

9       #include <unistd.h>
10
11       int setgid(gid_t gid);
12

DESCRIPTION

14       setgid()  sets  the  effective group ID of the calling process.  If the
15       calling process is privileged (more precisely: has the CAP_SETGID capa‐
16       bility  in its user namespace), the real GID and saved set-group-ID are
17       also set.
18
19       Under Linux, setgid() is implemented like the POSIX  version  with  the
20       _POSIX_SAVED_IDS  feature.   This allows a set-group-ID program that is
21       not set-user-ID-root to drop all of its group privileges, do  some  un-
22       privileged work, and then reengage the original effective group ID in a
23       secure manner.
24

RETURN VALUE

26       On success, zero is returned.  On error, -1 is returned, and  errno  is
27       set to indicate the error.
28

ERRORS

30       EINVAL The  group  ID  specified in gid is not valid in this user name‐
31              space.
32
33       EPERM  The calling  process  is  not  privileged  (does  not  have  the
34              CAP_SETGID  capability  in its user namespace), and gid does not
35              match the real group ID or saved  set-group-ID  of  the  calling
36              process.
37

CONFORMING TO

39       POSIX.1-2001, POSIX.1-2008, SVr4.
40

NOTES

42       The  original  Linux  setgid()  system call supported only 16-bit group
43       IDs.  Subsequently, Linux 2.4 added setgid32() supporting  32-bit  IDs.
44       The glibc setgid() wrapper function transparently deals with the varia‐
45       tion across kernel versions.
46
47   C library/kernel differences
48       At the kernel level, user IDs and group IDs are a per-thread attribute.
49       However,  POSIX  requires  that all threads in a process share the same
50       credentials.  The NPTL threading implementation handles the  POSIX  re‐
51       quirements  by providing wrapper functions for the various system calls
52       that change process UIDs and GIDs.  These wrapper functions  (including
53       the  one  for  setgid()) employ a signal-based technique to ensure that
54       when one thread changes credentials, all of the other  threads  in  the
55       process also change their credentials.  For details, see nptl(7).
56

SEE ALSO

58       getgid(2),  setegid(2),  setregid(2),  capabilities(7), credentials(7),
59       user_namespaces(7)
60

COLOPHON

62       This page is part of release 5.12 of the Linux  man-pages  project.   A
63       description  of  the project, information about reporting bugs, and the
64       latest    version    of    this    page,    can     be     found     at
65       https://www.kernel.org/doc/man-pages/.
66
67
68
69Linux                             2021-03-22                         SETGID(2)
Impressum