seteuid, setegid − set effective user or group ID
int setegid(gid_t egid);
Feature Test Macro Requirements for glibc (see feature_test_macros(7)):
_BSD_SOURCE || _POSIX_C_SOURCE >= 200112L || _XOPEN_SOURCE >= 600
seteuid() sets the effective user ID of the calling process. Unprivileged user processes may only set the effective user ID to the real user ID, the effective user ID or the saved set-user-ID.
Precisely the same holds for setegid() with "group" instead of "user".
On success, zero is returned. On error, −1 is returned, and errno is set appropriately.
Note: there are cases where seteuid() can fail even when the caller is UID 0; it is a grave security error to omit checking for a failure return from seteuid().
The target user or group ID is not valid in this user namespace.
The calling process is not privileged (Linux: does not have the CAP_SETUID capability in the case of seteuid(), or the CAP_SETGID capability in the case of setegid()) and euid (respectively, egid) is not the real user (group) ID, the effective user (group) ID, or the saved set-user-ID (saved set-group-ID).
POSIX.1-2001, POSIX.1-2008, 4.3BSD.
Setting the effective user (group) ID to the saved set-user-ID (saved set-group-ID) is possible since Linux 1.1.37 (1.1.38). On an arbitrary system one should check _POSIX_SAVED_IDS.
Under glibc 2.0 seteuid(euid) is equivalent to setreuid(−1, euid) and hence may change the saved set-user-ID. Under glibc 2.1 and later it is equivalent to setresuid(−1, euid, −1) and hence does not change the saved set-user-ID. Analogous remarks hold for setegid(), with the difference that the change in implementation from setregid(−1, egid) to setresgid(−1, egid, −1) occurred in glibc 2.2 or 2.3 (depending on the hardware architecture).
According to POSIX.1, seteuid() (setegid()) need not permit euid (egid) to be the same value as the current effective user (group) ID, and some implementations do not permit this.
On Linux, seteuid() and setegid() are implemented as library functions that call, respectively, setreuid(2) and setregid(2).
geteuid(2), setresuid(2), setreuid(2), setuid(2), capabilities(7), credentials(7), user_namespaces(7)
This page is part of release 4.04 of the Linux man-pages project. A description of the project, information about reporting bugs, and the latest version of this page, can be found at http://www.kernel.org/doc/man−pages/.