seteuid() — Set the effective user ID

Standards

Standards / Extensions	C or C++	Dependencies
POSIX.1a Single UNIX Specification, Version 3	both

Format

#define _POSIX1_SOURCE 2
#include <unistd.h>

int seteuid(uid_t uid);

General description

Sets the effective user ID (UID) to uid if uid is equal to the real UID or the saved set user ID of the calling process, or if the process has appropriate privileges. The real UID and the saved set UID are not changed.

The seteuid() function is not supported from an address space running multiple processes, since it would cause all processes in the address space to have their security environment changed unexpectedly.

seteuid() can be used by daemon processes to change the identity of a process in order for the process to be used to run work on behalf of a user. In z/OS® UNIX, changing the identify of a process is done by changing the real and effective UIDs and the auxiliary groups. In order to change the identity of the process on MVS™ completely, it is necessary to also change the MVS security environment. The identity change will only occur if the EUID value is specified, changing just the real UID will have no effect on the MVS environment.

The seteuid() function invokes MVS SAF services to change the MVS identity of the address space. The MVS identity that is used is determined as follows:

If an MVS user ID is already known by the kernel from a previous call to a kernel function (for example, getpwnam()) and the UID for this user ID matches the UID specified on the seteuid() call, then this user ID is used.
For nonzero target UIDs, if there is no saved user ID or the UID for the saved user ID does not match the UID requested on the seteuid() call, the seteuid() function queries the security database (for example, using getpwnam) to retrieve a user ID. The retrieved user ID is then used.
If the target UID=0 and a user ID is not known, the seteuid() function always sets the MVS user ID to BPXROOT or the value specified on the SUPERUSER parm in sysparms. BPXROOT is set up during system initialization as a superuser with a UID=0. The BPXROOT user ID is not defined to the BPX.DAEMON FACILITY class profile. This special processing is necessary to prevent a superuser from gaining daemon authority.
A nondaemon superuser that attempts to set a user ID to a daemon superuser UID fails with an EPERM.

When the MVS identity is changed, the auxiliary list of groups is also set to the list of groups for the new user ID.

If the seteuid() function is issued from multiple tasks within one address space, use synchronization to ensure that the seteuid() functions are not performed concurrently. The execution of seteuid() function concurrently within one address space can yield unpredictable results.

Returned value

If successful, seteuid() returns 0.

If unsuccessful, seteuid() returns -1 and sets errno to one of the following values:

Error Code: Description
EINVAL: The value specified for uid is incorrect and is not supported by the implementation.
EPERM: The process does not have appropriate privileges, and uid does not match the real UID or the saved set UID.

Example

CELEBS05

⁄* CELEBS05

   This example changes the effective UID.

 *⁄
#define _POSIX1_SOURCE 2
#include <unistd.h>
#include <stdio.h>

main() {
  printf("your effective user id is %d\n", (int) geteuid());
  if (seteuid(25) != 0)
    perror("seteuid() error");
  else
    printf("your effective user id was changed to %d\n",
           (int) geteuid());
}

Output

your effective user id is 0
your effective user id was changed to 25