HTML rendering created 2025-09-06 byMichael Kerrisk, author ofThe Linux Programming Interface. For details of in-depthLinux/UNIX system programming training courses that I teach, lookhere. Hosting byjambit GmbH. |  |
NAME |LIBRARY |SYNOPSIS |DESCRIPTION |RETURN VALUE |ERRORS |VERSIONS |STANDARDS |HISTORY |SEE ALSO |COLOPHON | |
seteuid(2) System Calls Manualseteuid(2)seteuid, setegid - set effective user or group ID
Standard C library (libc,-lc)
#include <unistd.h>int seteuid(uid_teuid);int setegid(gid_tegid); Feature Test Macro Requirements for glibc (seefeature_test_macros(7)):seteuid(),setegid(): _POSIX_C_SOURCE >= 200112L || /* glibc <= 2.19: */ _BSD_SOURCE
seteuid() sets the effective user ID of the calling process. Unprivileged processes may only set the effective user ID to the real user ID, the effective user ID or the saved set-user-ID. Precisely the same holds forsetegid() with "group" instead of "user".
On success, zero is returned. On error, -1 is returned, anderrno is set to indicate the error.Note: there are cases whereseteuid() can fail even when the caller is UID 0; it is a grave security error to omit checking for a failure return fromseteuid().
EINVALThe target user or group ID is not valid in this user namespace.EPERMIn the case ofseteuid(): the calling process is not privileged (does not have theCAP_SETUIDcapability in its user namespace) andeuid does not match the current real user ID, current effective user ID, or current saved set- user-ID. In the case ofsetegid(): the calling process is not privileged (does not have theCAP_SETGIDcapability in its user namespace) andegid does not match the current real group ID, current effective group ID, or current saved set- group-ID.
Setting the effective user (group) ID to the saved set-user-ID (saved set-group-ID) is possible since Linux 1.1.37 (1.1.38). On an arbitrary system one should check_POSIX_SAVED_IDS. Under glibc 2.0,seteuid(euid)is equivalent tosetreuid(-1,euid) and hence may change the saved set-user-ID. Under glibc 2.1 and later, it is equivalent tosetresuid(-1,euid, -1)and hence does not change the saved set-user-ID. Analogous remarks hold forsetegid(), with the difference that the change in implementation fromsetregid(-1,egid)tosetresgid(-1,egid, -1)occurred in glibc 2.2 or 2.3 (depending on the hardware architecture). According to POSIX.1,seteuid() (setegid()) need not permiteuid (egid) to be the same value as the current effective user (group) ID, and some implementations do not permit this.C library/kernel differences On Linux,seteuid() andsetegid() are implemented as library functions that call, respectively,setresuid(2) andsetresgid(2).
POSIX.1-2008.
POSIX.1-2001, 4.3BSD.
geteuid(2),setresuid(2),setreuid(2),setuid(2),capabilities(7),credentials(7),user_namespaces(7)
This page is part of theman-pages (Linux kernel and C library user-space interface documentation) project. Information about the project can be found at ⟨https://www.kernel.org/doc/man-pages/⟩. If you have a bug report for this manual page, see ⟨https://git.kernel.org/pub/scm/docs/man-pages/man-pages.git/tree/CONTRIBUTING⟩. This page was obtained from the tarball man-pages-6.15.tar.gz fetched from ⟨https://mirrors.edge.kernel.org/pub/linux/docs/man-pages/⟩ on 2025-08-11. If you discover any rendering problems in this HTML version of the page, or you believe there is a better or more up- to-date source for the page, or you have corrections or improvements to the information in this COLOPHON (which isnot part of the original manual page), send a mail to man-pages@man7.orgLinux man-pages 6.15 2025-05-17seteuid(2)Pages that refer to this page:pmdaproc(1), setgid(2), setreuid(2), setuid(2), proc_sys_fs(5), credentials(7), nptl(7), pthreads(7)
HTML rendering created 2025-09-06 byMichael Kerrisk, author ofThe Linux Programming Interface. For details of in-depthLinux/UNIX system programming training courses that I teach, lookhere. Hosting byjambit GmbH. | |