>>-seteuid--uid------------------------------------------------><
Function
seteuid invokes
the seteuid callable service to set the effective user ID (UID) of
the calling process.
Parameters
- uid
- The numeric UID that the calling process is to assume.
Usage notes
- A user can switch to superuser authority (with an effective UID
of 0) if the user is permitted to the BPX.SUPERUSER
FACILITY class profile within RACF®.
- If uid is the same as the process's
real or saved set UID, or the user has the appropriate privilege,
the seteuid service sets the effective UID to be the same as uid.
- The seteuid() function invokes SAF services to change
the MVS™ identity of the address
space. The MVS identity that
is used is determined as follows:
- If an MVS user ID is already
known by the kernel from a previous call to a kernel function (for
example, getpwnam()) and the UID for this user ID matches the UID
specified on the seteuid() call, then this user ID is used.
- For nonzero target UIDs, if there is no saved user ID or the UID
for the saved user ID does not match the UID requested on the seteuid()
call, the seteuid() function queries the security database (for example,
using getpwnam) to retrieve a user ID. The retrieved user ID is then
used.
- If the target UID=0 and a user ID is not known, the seteuid()
function always sets the MVS user
ID to BPXROOT or the value specified on the SUPERUSER parm in sysparms.
BPXROOT is set up during system initialization as a superuser with
a UID=0. The BPXROOT user ID is not defined to the BPX.DAEMON FACILITY
class profile. This special processing is necessary to prevent a superuser
from gaining daemon authority.
- A nondaemon superuser that attempts to set a user ID to a daemon
superuser UID fails with an EPERM. When the MVS identity is changed, the auxiliary list of
groups is also set to the list of groups for the new user ID. If
the seteuid() function is issued from multiple tasks within one address
space, use synchronization to ensure that the seteuid() functions
are not performed concurrently. The execution of seteuid() function
concurrently within one address space can yield unpredictable results.
Example
In the following example, assume
that
uid was assigned a value earlier in
the exec:
"seteuid (uid)"