Standards / Extensions | C or C++ | Dependencies |
---|---|---|
POSIX.1 |
both |
#define _POSIX_SOURCE
#include <unistd.h>
int setuid(uid_t uid);
Sets the real, effective, or saved set user IDs (UIDs) for the current process to uid.
If uid is the same as the real UID or the saved set-user-ID of the process, setuid() always succeeds and sets the effective UID. the real user ID and saved set-user-ID will remain unchanged.
The setuid() function will not affect the supplementary group list in any way.
If uid is not the same as the real UID of the process, setuid() succeeds only if the process has appropriate privileges. If the process has such privileges, setuid() sets the real group ID (UID), effective UID, and saved set UID to uid.
The setuid() function is not supported from an address space running multiple processes, since it would cause all processes in the address space to have their security environment changed unexpectedly.
setuid() can be used by daemon processes to change the identity of a process in order for the process to be used to run work on behalf of a user. In z/OS® UNIX, changing the identify of a process is done by changing the real and effective UIDs and the auxiliary groups. In order to change the identity of the process on MVS™ completely, it is necessary to also change the MVS security environment. The identity change will only occur if the EUID value is specified, changing just the real UID will have no effect on the MVS environment.
When the MVS identity is changed, the daemon must make a call to initgroups() to set the auxiliary list of groups to the list of groups for the new user ID.
If the setuid() function is issued from multiple tasks within one address space, use synchronization to ensure that the setuid() functions are not performed concurrently. The execution of setuid() function concurrently within one address space can yield unpredictable results.
If successful, setuid() returns 0.
⁄* CELEBS11
This example changes the effective UID.
*⁄
#define _POSIX_SOURCE
#include <sys⁄types.h>
#include <stdio.h>
#include <unistd.h>
main() {
printf("prior to setuid(), uid=%d, effective uid=%d\n",
(int) getuid(), (int) geteuid());
if (setuid(25) != 0)
perror("setuid() error");
else
printf("after setuid(), uid=%d, effective uid=%d\n",
(int) getuid(), (int) geteuid());
}
before setuid(), uid=0, effective uid=0
after setuid(), uid=25, effective uid=25