seteuid, setegid - set effective user or group ID
Standard C library (libc, -lc)
#include <unistd.h>
int seteuid(uid_t euid);
int setegid(gid_t egid);Feature Test Macro Requirements for glibc (see feature_test_macros(7)):
The target user or group ID is not valid in this user namespace.
In the case of seteuid(): the calling process is not
privileged (does not have the CAP_SETUID capability in
its user namespace) and euid does not match the current real
user ID, current effective user ID, or current saved set-user-ID.
In the case of setegid(): the calling process is not
privileged (does not have the CAP_SETGID capability in
its user namespace) and egid does not match the current real
group ID, current effective group ID, or current saved set-group-ID.
Setting the effective user (group) ID to the saved set-user-ID (saved set-group-ID) is possible since Linux 1.1.37 (1.1.38). On an arbitrary system one should check _POSIX_SAVED_IDS.
Under glibc 2.0,
seteuid(euid) is equivalent
to setreuid(-1, euid) and
hence may change the saved set-user-ID. Under glibc 2.1 and later, it is
equivalent to setresuid(-1, euid,
-1) and hence does not change the saved set-user-ID. Analogous
remarks hold for setegid(), with the difference that
the change in implementation from setregid(-1,
egid) to setresgid(-1,
egid, -1) occurred in glibc 2.2 or 2.3 (depending
on the hardware architecture).
According to POSIX.1, seteuid()
(setegid()) need not permit euid
(egid) to be the same value as the current effective user
(group) ID, and some implementations do not permit this.
On Linux, seteuid() and setegid() are implemented as library functions that call, respectively, setresuid(2) and setresgid(2).
POSIX.1-2008.
POSIX.1-2001, 4.3BSD.
geteuid(2), setresuid(2), setreuid(2), setuid(2), capabilities(7), credentials(7), user_namespaces(7)