Section (2) setreuid
setreuid, setregid — set real and/or effective user or group ID
#include <sys/types.h> #include <unistd.h>
setreuid() sets real and
effective user IDs of the calling process.
Supplying a value of −1 for either the real or effective user ID forces the system to leave that ID unchanged.
Unprivileged processes may only set the effective user ID to the real user ID, the effective user ID, or the saved set-user-ID.
Unprivileged users may only set the real user ID to the real user ID or the effective user ID.
If the real user ID is set (i.e.,
ruid is not −1) or the
effective user ID is set to a value not equal to the previous
real user ID, the saved set-user-ID will be set to the new
effective user ID.
setregid() sets real and effective group
ID_zsingle_quotesz_s of the calling process, and all of the above holds with
group instead of user.
On success, zero is returned. On error, −1 is
errno is set
there are cases where
The call would change the caller_zsingle_quotesz_s real UID (i.e.,
ruiddoes not match the caller_zsingle_quotesz_s real UID), but there was a temporary failure allocating the necessary kernel data structures.
ruiddoes not match the caller_zsingle_quotesz_s real UID and this call would bring the number of processes belonging to the real user ID
ruidover the caller_zsingle_quotesz_s
RLIMIT_NPROCresource limit. Since Linux 3.1, this error case no longer occurs (but robust applications should check for this error); see the description of EAGAIN in execve(2).
One or more of the target user or group IDs is not valid in this user namespace.
The calling process is not privileged (on Linux, does not have the necessary capability in its user namespace:
CAP_SETUIDin the case of
CAP_SETGIDin the case of
setregid()) and a change other than (i) swapping the effective user (group) ID with the real user (group) ID, or (ii) setting one to the value of the other or (iii) setting the effective user (group) ID to the value of the saved set-user-ID (saved set-group-ID) was specified.
POSIX.1-2001, POSIX.1-2008, 4.3BSD (
setregid() first appeared in 4.2BSD).
Setting the effective user (group) ID to the saved set-user-ID (saved set-group-ID) is possible since Linux 1.1.37 (1.1.38).
POSIX.1 does not specify all of the UID changes that Linux
permits for an unprivileged process. For
setreuid(), the effective user ID can be
made the same as the real user ID or the saved set-user-ID,
and it is unspecified whether unprivileged processes may set
the real user ID to the real user ID, the effective user ID,
or the saved set-user-ID. For
setregid(), the real group ID can be
changed to the value of the saved set-group-ID, and the
effective group ID can be changed to the value of the real
group ID or the saved set-group-ID. The precise details of
what ID changes are permitted vary across
POSIX.1 makes no specification about the effect of these calls on the saved set-user-ID and saved set-group-ID.
The original Linux
setregid() system calls supported only
16-bit user and group IDs. Subsequently, Linux 2.4 added
setregid32(), supporting 32-bit IDs. The
setregid() wrapper functions
transparently deal with the variations across kernel
C library/kernel differences
At the kernel level, user IDs and group IDs are a
per-thread attribute. However, POSIX requires that all
threads in a process share the same credentials. The NPTL
threading implementation handles the POSIX requirements by
providing wrapper functions for the various system calls
that change process UIDs and GIDs. These wrapper functions
(including those for
setregid()) employ a signal-based
technique to ensure that when one thread changes
credentials, all of the other threads in the process also
change their credentials. For details, see nptl(7).
This page is part of release 4.16 of the Linux
man-pages project. A
description of the project, information about reporting bugs,
and the latest version of this page, can be found at
Copyright (c) 1983, 1991 The Regents of the University of California.
and Copyright (C) 2009, 2010, 2014, 2015, Michael Kerrisk <mtk.manpagesgmail.com>
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software
must display the following acknowledgement:
This product includes software developed by the University of
California, Berkeley and its contributors.
4. Neither the name of the University nor the names of its contributors
may be used to endorse or promote products derived from this software
without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS_zsingle_quotesz__zsingle_quotesz_ AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
(#)setregid.2 6.4 (Berkeley) 3/10/91
Modified Sat Jul 24 09:08:49 1993 by Rik Faith <faithcs.unc.edu>
Portions extracted from linux/kernel/sys.c:
Copyright (C) 1991, 1992 Linus Torvalds
May be distributed under the GNU General Public License
Changes: 1994-07-29 by Wilf <G.Wilfordee.surrey.ac.uk>
1994-08-02 by Wilf due to change in kernel.
2004-07-04 by aeb
2004-05-27 by Michael Kerrisk