Next: Setting the Group IDs, Previous: Reading the Persona of a Process, Up: Users and Groups [Contents][Index]
This section describes the functions for altering the user ID (real and/or effective) of a process. To use these facilities, you must include the header files sys/types.h and unistd.h.
Preliminary: | MT-Safe | AS-Unsafe lock | AC-Unsafe lock | See POSIX Safety Concepts.
This function sets the effective user ID of a process to neweuid, provided that the process is allowed to change its effective user ID. A privileged process (effective user ID zero) can change its effective user ID to any legal value. An unprivileged process with a file user ID can change its effective user ID to its real user ID or to its file user ID. Otherwise, a process may not change its effective user ID at all.
The seteuid
function returns a value of 0
to indicate
successful completion, and a value of -1
to indicate an error.
The following errno
error conditions are defined for this
function:
EINVAL
The value of the neweuid argument is invalid.
EPERM
The process may not change to the specified ID.
Older systems (those without the _POSIX_SAVED_IDS
feature) do not
have this function.
Preliminary: | MT-Safe | AS-Unsafe lock | AC-Unsafe lock | See POSIX Safety Concepts.
If the calling process is privileged, this function sets both the real and effective user ID of the process to newuid. It also deletes the file user ID of the process, if any. newuid may be any legal value. (Once this has been done, there is no way to recover the old effective user ID.)
If the process is not privileged, and the system supports the
_POSIX_SAVED_IDS
feature, then this function behaves like
seteuid
.
The return values and error conditions are the same as for seteuid
.
Preliminary: | MT-Safe | AS-Unsafe lock | AC-Unsafe lock | See POSIX Safety Concepts.
This function sets the real user ID of the process to ruid and the
effective user ID to euid. If ruid is -1
, it means
not to change the real user ID; likewise if euid is -1
, it
means not to change the effective user ID.
The setreuid
function exists for compatibility with 4.3 BSD Unix,
which does not support file IDs. You can use this function to swap the
effective and real user IDs of the process. (Privileged processes are
not limited to this particular usage.) If file IDs are supported, you
should use that feature instead of this function. See Enabling and Disabling Setuid Access.
The return value is 0
on success and -1
on failure.
The following errno
error conditions are defined for this
function:
EPERM
The process does not have the appropriate privileges; you do not have permission to change to the specified ID.
Next: Setting the Group IDs, Previous: Reading the Persona of a Process, Up: Users and Groups [Contents][Index]