Function

setuid invokes the setuid callable service to set the real, effective, and saved set user IDs for the calling process.

Parameters

uid

The numeric UID the process is to assume.

Usage notes

1. A user can switch to superuser authority (with an effective UID of 0) if the user is permitted to the BPX.SUPERUSER FACILITY class profile within RACF®.
2. If uid is the same as the process's real UID or the saved set UID, the setuid service sets the effective UID to be the same as uid.

   If uid is not the same as the real UID of the process, and the calling process has appropriate privileges, then the real, effective, and saved set UIDs are set to uid.

3. The seteuid() function invokes SAF services to change the MVS™ identity of the address space. The MVS identity that is used is determined as follows:
   1. If an MVS user ID is already known by the kernel from a previous call to a kernel function (for example, getpwnam()) and the UID for this user ID matches the UID specified on the seteuid() call, then this user ID is used.
   2. For nonzero target UIDs, if there is no saved user ID or the UID for the saved user ID does not match the UID requested on the seteuid() call, the seteuid() function queries the security database (for example, using getpwnam) to retrieve a user ID. The retrieved user ID is then used.
   3. If the target UID=0 and a user ID is not known, the seteuid() function always sets the MVS user ID to BPXROOT or the value specified on the SUPERUSER parm in sysparms. BPXROOT is set up during system initialization as a superuser with a UID=0. The BPXROOT user ID is not defined to the BPX.DAEMON FACILITY class profile. This special processing is necessary to prevent a superuser from gaining daemon authority.
   4. A nondaemon superuser that attempts to set a user ID to a daemon superuser UID fails with an EPERM. When the MVS identity is changed, the auxiliary list of groups is also set to the list of groups for the new user ID. If the seteuid() function is issued from multiple tasks within one address space, use synchronization to ensure that the seteuid() functions are not performed concurrently. The execution of seteuid() function concurrently within one address space can yield unpredictable results.