SETEUID(2)                (2017-09-15)                 SETEUID(2)

          seteuid, setegid - set effective user or group ID

          #include <sys/types.h>
          #include <unistd.h>

          int seteuid(uid_t euid);
          int setegid(gid_t egid);

     Feature Test Macro Requirements for glibc (see

          seteuid(), setegid():
              _POSIX_C_SOURCE >= 200112L
                  || /* Glibc versions <= 2.19: */ _BSD_SOURCE

          seteuid() sets the effective user ID of the calling process.
          Unprivileged processes may only set the effective user ID to
          the real user ID, the effective user ID or  the  saved  set-

          Precisely the same holds for setegid() with "group"  instead
          of "user".

          On success, zero is returned.  On error, -1 is returned, and
          errno is set appropriately.

          Note: there are cases where seteuid() can fail even when the
          caller is UID 0; it is a grave security error to omit check-
          ing for a failure return from seteuid().

               The target user or group ID is not valid in  this  user

               In the case of seteuid(): the calling  process  is  not
               privileged  (does not have the CAP_SETUID capability in
               its user namespace) and euid does not match the current
               real  user  ID,  current  effective user ID, or current
               saved set-user-ID.

               In the case of setegid(): the calling  process  is  not
               privileged  (does not have the CAP_SETGID capability in
               its user namespace) and egid does not match the current
               real  group  ID, current effective group ID, or current

     Page 1                        Linux             (printed 5/24/22)

     SETEUID(2)                (2017-09-15)                 SETEUID(2)

               saved set-group-ID.

          POSIX.1-2001, POSIX.1-2008, 4.3BSD.

          Setting the effective user (group)  ID  to  the  saved  set-
          user-ID  (saved set-group-ID) is possible since Linux 1.1.37
          (1.1.38).   On  an  arbitrary  system   one   should   check

          Under glibc 2.0, seteuid(euid) is equivalent to setreuid(-1,
          euid)  and  hence  may  change the saved set-user-ID.  Under
          glibc 2.1 and later, it is equivalent to setresuid(-1, euid,
          -1) and hence does not change the saved set-user-ID.  Analo-
          gous remarks hold for setegid(), with  the  difference  that
          the  change  in  implementation  from  setregid(-1, egid) to
          setresgid(-1,  egid,  -1)  occurred  in  glibc  2.2  or  2.3
          (depending on the hardware architecture).

          According to POSIX.1, seteuid() (setegid()) need not  permit
          euid  (egid)  to  be the same value as the current effective
          user (group) ID, and  some  implementations  do  not  permit

        C library/kernel differences
          On Linux, seteuid() and setegid() are implemented as library
          functions   that   call,   respectively,   setreuid(2)   and

          geteuid(2),    setresuid(2),     setreuid(2),     setuid(2),
          capabilities(7), credentials(7), user_namespaces(7)

          This page is part of release 5.10  of  the  Linux  man-pages
          project.   A  description  of the project, information about
          reporting bugs, and the latest version of this page, can  be
          found at

     Page 2                        Linux             (printed 5/24/22)