>>-setuid--uid-------------------------------------------------><
Function
setuid invokes
the setuid callable service to set the real, effective, and saved
set user IDs for the calling process.
Parameters
- uid
- The numeric UID the process is to assume.
Usage notes
- A user can switch to superuser authority (with an effective UID
of 0) if the user is permitted to the BPX.SUPERUSER
FACILITY class profile within RACF®.
- If uid is the same as the process's
real UID or the saved set UID, the setuid service sets the effective
UID to be the same as uid.
If uid is
not the same as the real UID of the process, and the calling process
has appropriate privileges, then the real, effective, and saved set
UIDs are set to uid.
- The seteuid() function invokes SAF services to change
the MVS™ identity of the address
space. The MVS identity that
is used is determined as follows:
- If an MVS user ID is already
known by the kernel from a previous call to a kernel function (for
example, getpwnam()) and the UID for this user ID matches the UID
specified on the seteuid() call, then this user ID is used.
- For nonzero target UIDs, if there is no saved user ID or the UID
for the saved user ID does not match the UID requested on the seteuid()
call, the seteuid() function queries the security database (for example,
using getpwnam) to retrieve a user ID. The retrieved user ID is then
used.
- If the target UID=0 and a user ID is not known, the seteuid()
function always sets the MVS user
ID to BPXROOT or the value specified on the SUPERUSER parm in sysparms.
BPXROOT is set up during system initialization as a superuser with
a UID=0. The BPXROOT user ID is not defined to the BPX.DAEMON FACILITY
class profile. This special processing is necessary to prevent a superuser
from gaining daemon authority.
- A nondaemon superuser that attempts to set a user ID to a daemon
superuser UID fails with an EPERM. When the MVS identity is changed, the auxiliary list of
groups is also set to the list of groups for the new user ID. If
the seteuid() function is issued from multiple tasks within one address
space, use synchronization to ensure that the seteuid() functions
are not performed concurrently. The execution of seteuid() function
concurrently within one address space can yield unpredictable results.
Example
In the following example, assume
that
uid was assigned a value earlier in
the exec:
"setuid" uid