This manual page is part of the POSIX Programmer's Manual. The Linux
implementation of this interface may differ (consult the
corresponding Linux manual page for details of Linux behavior), or
the interface may not be implemented on Linux.
The setreuid() function shall set the real and effective user IDs of
the current process to the values specified by the ruid and euid
arguments. If ruid or euid is −1, the corresponding effective or real
user ID of the current process shall be left unchanged.
A process with appropriate privileges can set either ID to any value.
An unprivileged process can only set the effective user ID if the
euid argument is equal to either the real, effective, or saved user
ID of the process.
If the real user ID is being set (ruid is not −1), or the effective
user ID is being set to a value not equal to the real user ID, then
the saved set-user-ID of the current process shall be set equal to
the new effective user ID.
It is unspecified whether a process without appropriate privileges is
permitted to change the real user ID to match the current effective
user ID or saved set-user-ID of the process.
The setreuid() function shall fail if:
EINVAL The value of the ruid or euid argument is invalid or out-of-
EPERM The current process does not have appropriate privileges, and
either an attempt was made to change the effective user ID to
a value other than the real user ID or the saved set-user-ID
or an attempt was made to change the real user ID to a value
not permitted by the implementation.
The following sections are informative.
Setting the Effective User ID to the Real User ID
The following example sets the effective user ID of the calling
process to the real user ID, so that files created later will be
owned by the current user. It also sets the saved set-user-ID to the
real user ID, so any future attempt to set the effective user ID back
to its previous value will fail.
#include <unistd.h>#include <sys/types.h>...setreuid(getuid(), getuid());...
Earlier versions of this standard did not specify whether the saved
set-user-ID was affected by setreuid() calls. This version specifies
common existing practice that constitutes an important security
feature. The ability to set both the effective user ID and saved set-
user-ID to be the same as the real user ID means that any security
weakness in code that is executed after that point cannot result in
malicious code being executed with the previous effective user ID.
Privileged applications could already do this using just setuid(),
but for non-privileged applications the only standard method
available is to use this feature of setreuid().
Portions of this text are reprinted and reproduced in electronic form
from IEEE Std 1003.1, 2013 Edition, Standard for Information
Technology -- Portable Operating System Interface (POSIX), The Open
Group Base Specifications Issue 7, Copyright (C) 2013 by the
Institute of Electrical and Electronics Engineers, Inc and The Open
Group. (This is POSIX.1-2008 with the 2013 Technical Corrigendum 1
applied.) In the event of any discrepancy between this version and
the original IEEE and The Open Group Standard, the original IEEE and
The Open Group Standard is the referee document. The original
Standard can be obtained online at http://www.unix.org/online.html .
Any typographical or formatting errors that appear in this page are
most likely to have been introduced during the conversion of the
source files to man page format. To report such errors, see
IEEE/The Open Group 2013 SETREUID(3P)