HTML rendering created 2025-09-06 byMichael Kerrisk, author ofThe Linux Programming Interface. For details of in-depthLinux/UNIX system programming training courses that I teach, lookhere. Hosting byjambit GmbH. |  |
NAME |SYNOPSIS |DESCRIPTION |RETURN VALUE |NOTES |HISTORY |SEE ALSO |NOTES |COLOPHON | |
SD_BUS_CREDS_GET_PID(3) sd_bus_creds_get_pidSD_BUS_CREDS_GET_PID(3)sd_bus_creds_get_pid, sd_bus_creds_get_pidfd_dup, sd_bus_creds_get_ppid, sd_bus_creds_get_tid, sd_bus_creds_get_uid, sd_bus_creds_get_euid, sd_bus_creds_get_suid, sd_bus_creds_get_fsuid, sd_bus_creds_get_gid, sd_bus_creds_get_egid, sd_bus_creds_get_sgid, sd_bus_creds_get_fsgid, sd_bus_creds_get_supplementary_gids, sd_bus_creds_get_comm, sd_bus_creds_get_tid_comm, sd_bus_creds_get_exe, sd_bus_creds_get_cmdline, sd_bus_creds_get_cgroup, sd_bus_creds_get_unit, sd_bus_creds_get_slice, sd_bus_creds_get_user_unit, sd_bus_creds_get_user_slice, sd_bus_creds_get_session, sd_bus_creds_get_owner_uid, sd_bus_creds_has_effective_cap, sd_bus_creds_has_permitted_cap, sd_bus_creds_has_inheritable_cap, sd_bus_creds_has_bounding_cap, sd_bus_creds_get_selinux_context, sd_bus_creds_get_audit_session_id, sd_bus_creds_get_audit_login_uid, sd_bus_creds_get_tty, sd_bus_creds_get_unique_name, sd_bus_creds_get_well_known_names, sd_bus_creds_get_description - Retrieve fields from a credentials object
#include <systemd/sd-bus.h>int sd_bus_creds_get_pid(sd_bus_creds *c, pid_t *pid);int sd_bus_creds_get_pidfd_dup(sd_bus_creds *c, int *ret_fd);int sd_bus_creds_get_ppid(sd_bus_creds *c, pid_t *ppid);int sd_bus_creds_get_tid(sd_bus_creds *c, pid_t *tid);int sd_bus_creds_get_uid(sd_bus_creds *c, uid_t *uid);int sd_bus_creds_get_euid(sd_bus_creds *c, uid_t *uid);int sd_bus_creds_get_suid(sd_bus_creds *c, uid_t *uid);int sd_bus_creds_get_fsuid(sd_bus_creds *c, uid_t *uid);int sd_bus_creds_get_gid(sd_bus_creds *c, gid_t *gid);int sd_bus_creds_get_egid(sd_bus_creds *c, gid_t *gid);int sd_bus_creds_get_sgid(sd_bus_creds *c, gid_t *gid);int sd_bus_creds_get_fsgid(sd_bus_creds *c, gid_t *gid);int sd_bus_creds_get_supplementary_gids(sd_bus_creds *c,const gid_t **gids);int sd_bus_creds_get_comm(sd_bus_creds *c, const char **comm);int sd_bus_creds_get_tid_comm(sd_bus_creds *c, const char **comm);int sd_bus_creds_get_exe(sd_bus_creds *c, const char **exe);int sd_bus_creds_get_cmdline(sd_bus_creds *c, char ***cmdline);int sd_bus_creds_get_cgroup(sd_bus_creds *c, const char **cgroup);int sd_bus_creds_get_unit(sd_bus_creds *c, const char **unit);int sd_bus_creds_get_slice(sd_bus_creds *c, const char **slice);int sd_bus_creds_get_user_unit(sd_bus_creds *c,const char **unit);int sd_bus_creds_get_user_slice(sd_bus_creds *c,const char **slice);int sd_bus_creds_get_session(sd_bus_creds *c, const char **slice);int sd_bus_creds_get_owner_uid(sd_bus_creds *c, uid_t *uid);int sd_bus_creds_has_effective_cap(sd_bus_creds *c,intcapability);int sd_bus_creds_has_permitted_cap(sd_bus_creds *c,intcapability);int sd_bus_creds_has_inheritable_cap(sd_bus_creds *c,intcapability);int sd_bus_creds_has_bounding_cap(sd_bus_creds *c,intcapability);int sd_bus_creds_get_selinux_context(sd_bus_creds *c,const char **context);int sd_bus_creds_get_audit_session_id(sd_bus_creds *c,uint32_t *sessionid);int sd_bus_creds_get_audit_login_uid(sd_bus_creds *c,uid_t *loginuid);int sd_bus_creds_get_tty(sd_bus_creds *c, const char **tty);int sd_bus_creds_get_unique_name(sd_bus_creds *c,const char **name);int sd_bus_creds_get_well_known_names(sd_bus_creds *c,char ***name);int sd_bus_creds_get_description(sd_bus_creds *c,const char **name);
These functions return credential information from ansd_bus_creds object. Credential objects may be created withsd_bus_creds_new_from_pid(3), in which case they describe the credentials of the process identified by the specified PID, withsd_bus_get_name_creds(3), in which case they describe the credentials of a bus peer identified by the specified bus name, withsd_bus_get_owner_creds(3), in which case they describe the credentials of the creator of a bus, or withsd_bus_message_get_creds(3), in which case they describe the credentials of the sender of the message. Not all credential fields are part of every "sd_bus_creds" object. Usesd_bus_creds_get_mask(3) to determine the mask of fields available.sd_bus_creds_get_pid()will retrieve the PID (process identifier). Similarly,sd_bus_creds_get_ppid()will retrieve the parent PID. Note that PID 1 has no parent process, in which case -ENXIO is returned.sd_bus_creds_get_pidfd_dup()will retrieve the PID file descriptor (pidfd), seepidfd_open(2) for details. The file descriptor is duplicated and thus must be closed by the caller.sd_bus_creds_get_tid()will retrieve the TID (thread identifier).sd_bus_creds_get_uid()will retrieve the numeric UID (user identifier). Similarly,sd_bus_creds_get_euid()returns the effective UID,sd_bus_creds_get_suid()the saved UID andsd_bus_creds_get_fsuid()the file system UID.sd_bus_creds_get_gid()will retrieve the numeric GID (group identifier). Similarly,sd_bus_creds_get_egid()returns the effective GID,sd_bus_creds_get_sgid()the saved GID andsd_bus_creds_get_fsgid()the file system GID.sd_bus_creds_get_supplementary_gids()will retrieve the supplementary GIDs list.sd_bus_creds_get_comm()will retrieve the comm field (truncated name of the executable, as stored in /proc/pid/comm).sd_bus_creds_get_tid_comm()will retrieve the comm field of the thread (as stored in /proc/pid/task/tid/comm).sd_bus_creds_get_exe()will retrieve the path to the program executable (as stored in the /proc/pid/exe link, but with the " (deleted)" suffix removed). Note that kernel threads do not have an executable path, in which case -ENXIO is returned. Note that this property should not be used for more than explanatory information, in particular it should not be used for security-relevant decisions. That's because the executable might have been replaced or removed by the time the value can be processed. Moreover, the kernel exports this information in an ambiguous way (i.e. a deleted executable cannot be safely distinguished from one whose name suffix is " (deleted)").sd_bus_creds_get_cmdline()will retrieve an array of command line arguments (as stored in /proc/pid/cmdline). Note that kernel threads do not have a command line, in which case -ENXIO is returned.sd_bus_creds_get_cgroup()will retrieve the control group path. SeeControl Groups v2[1].sd_bus_creds_get_unit()will retrieve the systemd unit name (in the system instance of systemd) that the process is a part of. Seesystemd.unit(5). For processes that are not part of a unit, returns -ENXIO.sd_bus_creds_get_user_unit()will retrieve the systemd unit name (in the user instance of systemd) that the process is a part of. Seesystemd.unit(5). For processes that are not part of a user unit, returns -ENXIO.sd_bus_creds_get_slice()will retrieve the systemd slice (a unit in the system instance of systemd) that the process is a part of. Seesystemd.slice(5). Similarly,sd_bus_creds_get_user_slice() retrieves the systemd slice of the process, in the user instance of systemd.sd_bus_creds_get_session()will retrieve the identifier of the login session that the process is a part of. Please note the login session may be limited to a stub process or two. User processes may instead be started from their systemd user manager, e.g. GUI applications started using DBus activation, as well as service processes which are shared between multiple logins of the same user. For processes that are not part of a session, returns -ENXIO.sd_bus_creds_get_owner_uid()will retrieve the numeric UID (user identifier) of the user who owns the user unit or login session that the process is a part of. Seesystemd-logind.service(8). For processes that are not part of a user unit or session, returns -ENXIO.sd_bus_creds_has_effective_cap()will check whether the capability specified bycapability was set in the effective capabilities mask. A positive return value means that it was set, zero means that it was not set, and a negative return value indicates an error. Seecapabilities(7) and theAmbientCapabilities= andCapabilityBoundingSet= settings insystemd.exec(5).sd_bus_creds_has_permitted_cap()is similar tosd_bus_creds_has_effective_cap(), but will check the permitted capabilities mask.sd_bus_creds_has_inheritable_cap()is similar tosd_bus_creds_has_effective_cap(), but will check the inheritable capabilities mask.sd_bus_creds_has_bounding_cap()is similar tosd_bus_creds_has_effective_cap(), but will check the bounding capabilities mask.sd_bus_creds_get_selinux_context()will retrieve the SELinux security context (label) of the process.sd_bus_creds_get_audit_session_id()will retrieve the audit session identifier of the process. Returns -ENXIO for processes that are not part of an audit session.sd_bus_creds_get_audit_login_uid()will retrieve the audit user login identifier (the identifier of the user who is "responsible" for the session). Returns -ENXIO for processes that are not part of an audit session.sd_bus_creds_get_tty()will retrieve the controlling TTY, without the prefixing "/dev/". Returns -ENXIO for processes that have no controlling TTY.sd_bus_creds_get_unique_name()will retrieve the D-Bus unique name. SeeThe D-Bus specification[2].sd_bus_creds_get_well_known_names()will retrieve the set of D-Bus well-known names. SeeThe D-Bus specification[2].sd_bus_creds_get_description()will retrieve a descriptive name of the bus connection of the peer. This name is useful to discern multiple bus connections by the same peer, and may be altered by the peer with thesd_bus_set_description(3) call. All functions that take aconst char** parameter will store the answer there as an address of aNUL-terminated string. It will be valid as long asc remains valid, and should not be freed or modified by the caller. All functions that take achar*** parameter will store the answer there as an address of an array of strings. Each individual string isNUL-terminated, and the array isNULL-terminated as a whole. It will be valid as long asc remains valid, and should not be freed or modified by the caller.
On success, these calls return 0 or a positive integer. On failure, these calls return a negative errno-style error code.Errors Returned errors may indicate the following problems:-ENODATA The given field is not available in the credentials objectc.-ENXIO The given field is not specified for the described process or peer. This will be returned bysd_bus_creds_get_unit(),sd_bus_creds_get_slice(),sd_bus_creds_get_user_unit(),sd_bus_creds_get_user_slice(), andsd_bus_creds_get_session() if the process is not part of a systemd system unit, systemd user unit, systemd slice, or logind session. It will be returned bysd_bus_creds_get_owner_uid()if the process is not part of a systemd user unit or logind session. It will also be returned bysd_bus_creds_get_exe()andsd_bus_creds_get_cmdline()for kernel threads (since these are not started from an executable binary, nor have a command line), and bysd_bus_creds_get_audit_session_id()andsd_bus_creds_get_audit_login_uid()when the process is not part of an audit session, andsd_bus_creds_get_tty()if the process has no controlling TTY.-EINVAL Specified pointer parameter isNULL.-ENOMEM Memory allocation failed.
Functions described here are available as a shared library, which can be compiled against and linked to with thelibsystemd pkg-config(1) file. The code described here usesgetenv(3), which is declared to be not multi-thread-safe. This means that the code calling the functions described here must not callsetenv(3) from a parallel thread. It is recommended to only do calls tosetenv()from an early phase of the program when no other threads have been started.
sd_bus_creds_get_pid(),sd_bus_creds_get_tid(),sd_bus_creds_get_gid(),sd_bus_creds_get_comm(),sd_bus_creds_get_tid_comm(),sd_bus_creds_get_exe(),sd_bus_creds_get_cmdline(),sd_bus_creds_get_cgroup(),sd_bus_creds_get_unit(),sd_bus_creds_get_user_unit(),sd_bus_creds_get_slice(),sd_bus_creds_get_session(),sd_bus_creds_get_owner_uid(),sd_bus_creds_has_effective_cap(),sd_bus_creds_has_permitted_cap(),sd_bus_creds_has_inheritable_cap(),sd_bus_creds_has_bounding_cap(),sd_bus_creds_get_selinux_context(),sd_bus_creds_get_audit_session_id(),sd_bus_creds_get_audit_login_uid(),sd_bus_creds_get_unique_name(),sd_bus_creds_get_well_known_names(),sd_bus_creds_get_ppid(),sd_bus_creds_get_uid(),sd_bus_creds_get_euid(),sd_bus_creds_get_suid(),sd_bus_creds_get_fsuid(),sd_bus_creds_get_egid(),sd_bus_creds_get_sgid(),sd_bus_creds_get_fsgid(),sd_bus_creds_get_supplementary_gids(),sd_bus_creds_get_tty(),sd_bus_creds_get_description(), andsd_bus_creds_get_user_slice()were added in version 221.sd_bus_creds_get_pidfd_dup()was added in version 256.
systemd(1),sd-bus(3),sd_bus_creds_new_from_pid(3),fork(2),execve(2),credentials(7),free(3),proc(5),systemd.journal-fields(7)
1. Control Groups v2https://docs.kernel.org/admin-guide/cgroup-v2.html 2. The D-Bus specificationhttps://dbus.freedesktop.org/doc/dbus-specification.html#message-protocol-names-bus
This page is part of thesystemd (systemd system and service manager) project. Information about the project can be found at ⟨http://www.freedesktop.org/wiki/Software/systemd⟩. If you have a bug report for this manual page, see ⟨http://www.freedesktop.org/wiki/Software/systemd/#bugreports⟩. This page was obtained from the project's upstream Git repository ⟨https://github.com/systemd/systemd.git⟩ on 2025-08-11. (At that time, the date of the most recent commit that was found in the repository was 2025-08-11.) If you discover any rendering problems in this HTML version of the page, or you believe there is a better or more up-to-date source for the page, or you have corrections or improvements to the information in this COLOPHON (which isnot part of the original manual page), send a mail to man-pages@man7.orgsystemd 258~rc2SD_BUS_CREDS_GET_PID(3)Pages that refer to this page:sd-bus(3), sd_bus_creds_new_from_pid(3), systemd.directives(7), systemd.index(7)
HTML rendering created 2025-09-06 byMichael Kerrisk, author ofThe Linux Programming Interface. For details of in-depthLinux/UNIX system programming training courses that I teach, lookhere. Hosting byjambit GmbH. | |