Seth Woolley's Man Viewer

setuid(2) - setuid, setuid - set user identity - man 2 setuid

([section] manual, -k keyword, -K [section] search, -f whatis)
man plain no title

SETUID(2)                  Linux Programmer's Manual                 SETUID(2)



NAME
       setuid - set(7,n,1 builtins) user identity

SYNOPSIS
       #include <sys/types.h>
       #include <unistd.h>

       int setuid(uid_t uid);

DESCRIPTION
       setuid  sets  the  effective  user  ID  of the current process.  If the
       effective userid of the caller is root, the real and  saved  user  ID's
       are also set.

       Under  Linux,  setuid  is  implemented  like the POSIX version(1,3,5) with the
       _POSIX_SAVED_IDS feature.  This allows a setuid (other than root)  pro-
       gram  to  drop  all of its user privileges, do some un-privileged work,
       and then re-engage the original effective user ID in(1,8) a secure manner.

       If the user is root or the program is setuid root, special care must be
       taken.  The  setuid function checks the effective user ID of the caller
       and if(3,n) it is the superuser, all process related user ID's  are  set(7,n,1 builtins)  to
       uid.   After  this  has  occurred,  it is impossible for the program to
       regain root privileges.

       Thus, a setuid-root program wishing to  temporarily  drop  root  privi-
       leges,  assume  the  identity  of a non-root user, and then regain root
       privileges afterwards cannot use setuid.  You can accomplish this  with
       the (non-POSIX, BSD) call seteuid.

RETURN VALUE
       On  success,  zero is returned.  On error(8,n), -1 is returned, and errno is
       set(7,n,1 builtins) appropriately.

ERRORS
       EAGAIN The uid does not match the current uid and  uid  brings  process
              over it's NPROC rlimit.

       EPERM  The  user is not privileged (Linux: does not have the CAP_SETUID
              capability) and uid does not match the real or saved user ID  of
              the calling process.

CONFORMING TO
       SVr4,  SVID, POSIX.1.  Not quite compatible with the 4.4BSD call, which
       sets all of the real, saved, and effective user IDs.  SVr4 documents an
       additional EINVAL error(8,n) condition.

LINUX-SPECIFIC REMARKS
       Linux  has  the  concept  of  filesystem user ID, normally equal to the
       effective user ID.  The setuid call also sets the filesystem user ID of
       the current process.  See setfsuid(2).

       If  uid  is  different  from the old effective uid, the process will be
       forbidden from leaving core dumps.

SEE ALSO
       getuid(2), seteuid(2), setfsuid(2), setreuid(2), capabilities(7)



Linux 2.6.6                       2004-05-27                         SETUID(2)

References for this manual (incoming links)