Premier IT Outsourcing and Support Services within the UK

User Tools

Site Tools


SETGID(2) Linux Programmer's Manual SETGID(2)


     setgid - set group identity


     #include <sys/types.h>
     #include <unistd.h>
     int setgid(gid_t gid);


     setgid()  sets  the  effective group ID of the calling process.  If the
     calling process is privileged (more precisely: has the CAP_SETGID capa-
     bility  in its user namespace), the real GID and saved set-group-ID are
     also set.
     Under Linux, setgid() is implemented like the POSIX  version  with  the
     _POSIX_SAVED_IDS  feature.   This allows a set-group-ID program that is
     not set-user-ID-root to drop all of its group privileges, do  some  un-
     privileged work, and then reengage the original effective group ID in a
     secure manner.


     On success, zero is returned.  On error, -1 is returned, and  errno  is
     set appropriately.


     EINVAL The  group  ID specified in gid is not valid in this user names-
     EPERM  The calling  process  is  not  privileged  (does  not  have  the
            CAP_SETGID capability), and gid does not match the real group ID
            or saved set-group-ID of the calling process.


     POSIX.1-2001, POSIX.1-2008, SVr4.


     The original Linux setgid() system call  supported  only  16-bit  group
     IDs.   Subsequently,  Linux 2.4 added setgid32() supporting 32-bit IDs.
     The glibc setgid() wrapper function transparently deals with the varia-
     tion across kernel versions.
 C library/kernel differences
     At the kernel level, user IDs and group IDs are a per-thread attribute.
     However, POSIX requires that all threads in a process  share  the  same
     credentials.   The  NPTL  threading  implementation  handles  the POSIX
     requirements by providing wrapper  functions  for  the  various  system
     calls  that  change  process  UIDs  and  GIDs.  These wrapper functions
     (including the one for setgid()) employ  a  signal-based  technique  to
     ensure  that  when  one  thread  changes  credentials, all of the other
     threads in the process also change their credentials.  For details, see


     getgid(2),  setegid(2),  setregid(2),  capabilities(7), credentials(7),


     This page is part of release 4.16 of the Linux  man-pages  project.   A
     description  of  the project, information about reporting bugs, and the
     latest    version    of    this    page,    can     be     found     at

Linux 2017-09-15 SETGID(2)

/data/webs/external/dokuwiki/data/pages/man/setgid.txt · Last modified: 2019/05/17 09:47 by

Was this page helpful?-10+1

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki