установить реальные и эффективные идентификаторы пользователей (set real and effective user IDs)
Пролог (Prolog)
This manual page is part of the POSIX Programmer's Manual. The
Linux implementation of this interface may differ (consult the
corresponding Linux manual page for details of Linux behavior),
or the interface may not be implemented on Linux.
Имя (Name)
setreuid — set real and effective user IDs
Синопсис (Synopsis)
#include <unistd.h>
int setreuid(uid_t ruid, uid_t euid);
Описание (Description)
The setreuid() function shall set the real and effective user IDs
of the current process to the values specified by the ruid and
euid arguments. If ruid or euid is -1, the corresponding
effective or real user ID of the current process shall be left
unchanged.
A process with appropriate privileges can set either ID to any
value. An unprivileged process can only set the effective user
ID if the euid argument is equal to either the real, effective,
or saved user ID of the process.
If the real user ID is being set (ruid is not -1), or the
effective user ID is being set to a value not equal to the real
user ID, then the saved set-user-ID of the current process shall
be set equal to the new effective user ID.
It is unspecified whether a process without appropriate
privileges is permitted to change the real user ID to match the
current effective user ID or saved set-user-ID of the process.
Возвращаемое значение (Return value)
Upon successful completion, 0 shall be returned. Otherwise, -1
shall be returned and errno set to indicate the error.
Ошибки (Error)
The setreuid() function shall fail if:
EINVAL The value of the ruid or euid argument is invalid or out-
of-range.
EPERM The current process does not have appropriate privileges,
and either an attempt was made to change the effective
user ID to a value other than the real user ID or the
saved set-user-ID or an attempt was made to change the
real user ID to a value not permitted by the
implementation.
The following sections are informative.
Примеры (Examples)
Setting the Effective User ID to the Real User ID
The following example sets the effective user ID of the calling
process to the real user ID, so that files created later will be
owned by the current user. It also sets the saved set-user-ID to
the real user ID, so any future attempt to set the effective user
ID back to its previous value will fail.
#include <unistd.h>
#include <sys/types.h>
...
setreuid(getuid(), getuid());
...
Использование в приложениях (Application usage)
None.
Обоснование (Rationale)
Earlier versions of this standard did not specify whether the
saved set-user-ID was affected by setreuid() calls. This version
specifies common existing practice that constitutes an important
security feature. The ability to set both the effective user ID
and saved set-user-ID to be the same as the real user ID means
that any security weakness in code that is executed after that
point cannot result in malicious code being executed with the
previous effective user ID. Privileged applications could already
do this using just setuid(), but for non-privileged applications
the only standard method available is to use this feature of
setreuid().
Будущие направления (Future directions)
None.
Смотри также (See also)
getegid(3p), geteuid(3p), getgid(3p), getuid(3p), setegid(3p),
seteuid(3p), setgid(3p), setregid(3p), setuid(3p)
The Base Definitions volume of POSIX.1‐2017, unistd.h(0p)
