1994-05-27 05:00:24 +00:00
|
|
|
.\" Copyright (c) 1983, 1991, 1993, 1994
|
|
|
|
|
.\" The Regents of the University of California. All rights reserved.
|
|
|
|
|
.\"
|
|
|
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
|
|
|
.\" modification, are permitted provided that the following conditions
|
|
|
|
|
.\" are met:
|
|
|
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
|
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
|
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
|
|
|
.\" documentation and/or other materials provided with the distribution.
|
2017-02-28 23:42:47 +00:00
|
|
|
.\" 3. Neither the name of the University nor the names of its contributors
|
1994-05-27 05:00:24 +00:00
|
|
|
.\" may be used to endorse or promote products derived from this software
|
|
|
|
|
.\" without specific prior written permission.
|
|
|
|
|
.\"
|
|
|
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
|
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
|
.\" SUCH DAMAGE.
|
|
|
|
|
.\"
|
2018-01-24 22:36:21 +00:00
|
|
|
.Dd January 19, 2018
|
1994-05-27 05:00:24 +00:00
|
|
|
.Dt SETGROUPS 2
|
2001-07-10 13:41:46 +00:00
|
|
|
.Os
|
1994-05-27 05:00:24 +00:00
|
|
|
.Sh NAME
|
|
|
|
|
.Nm setgroups
|
|
|
|
|
.Nd set group access list
|
2000-04-21 09:42:15 +00:00
|
|
|
.Sh LIBRARY
|
|
|
|
|
.Lb libc
|
1994-05-27 05:00:24 +00:00
|
|
|
.Sh SYNOPSIS
|
2001-10-01 16:09:29 +00:00
|
|
|
.In sys/param.h
|
|
|
|
|
.In unistd.h
|
1994-05-27 05:00:24 +00:00
|
|
|
.Ft int
|
|
|
|
|
.Fn setgroups "int ngroups" "const gid_t *gidset"
|
|
|
|
|
.Sh DESCRIPTION
|
2002-12-18 09:22:32 +00:00
|
|
|
The
|
|
|
|
|
.Fn setgroups
|
|
|
|
|
system call
|
1994-05-27 05:00:24 +00:00
|
|
|
sets the group access list of the current user process
|
|
|
|
|
according to the array
|
|
|
|
|
.Fa gidset .
|
2002-12-19 09:40:28 +00:00
|
|
|
The
|
1994-05-27 05:00:24 +00:00
|
|
|
.Fa ngroups
|
2002-12-19 09:40:28 +00:00
|
|
|
argument
|
1994-05-27 05:00:24 +00:00
|
|
|
indicates the number of entries in the array and must be no
|
|
|
|
|
more than
|
2009-06-19 15:58:24 +00:00
|
|
|
.Dv {NGROUPS_MAX}+1 .
|
1994-05-27 05:00:24 +00:00
|
|
|
.Pp
|
2008-06-16 14:50:21 +00:00
|
|
|
Only the super-user may set a new group list.
|
In the C library, the setting up of the group array by various
utilities is done by calling gr_addgid() for each group to be
added (usually found by traversing /etc/group) then calling the
setgroups() system call after the group set has been created.
The gr_addgid() function (helpfully?) deduplicates the addition
of group members. So, if you call it to add a group member that
already exists, it is just dropped. Because group[0] is the
effective group-ID and is over-written when a setgid program
is run, The value in group[0] is usually duplicated so that
group value is not lost when a setgid program is run.
Historically this happened because the group value indicated
in the password file also appears in /etc/group (e.g., if you
are group staff in the password file, you will also appear in
the staff line in /etc/group). But, with the addition of the
deduplication, the attempt to add group staff was lost because
it already appeared in group[0]. So, the fix is to deduplicate
starting from group[1] which allows a duplicate of the entry in
group[0], but not in later entries.
There is some confusion about the setgroups system call because in
BSD it has (always) set the entire group including the egid group
(in group[0]). However, in Linux, it skips over group[0] and starts
setting from group[1]. See this comment from linux_setgroups:
/*
* cr_groups[0] holds egid. Setting the whole set from
* the supplied set will cause egid to be changed too.
* Keep cr_groups[0] unchanged to prevent that.
*/
To make it clear what the BSD setgroups system call does, I
added the following paragraph to the setgroups(2) manual page:
The first entry of the group array (gidset[0]) is used as the effective
group-ID for the process. This entry is over-written when a setgid
program is run. To avoid losing access to the privileges of the
gidset[0] entry, it should be duplicated later in the group array.
By convention, this happens because the group value indicated in the
password file also appears in /etc/group. The group value in the
password file is placed in gidset[0] and that value then gets added a
second time when the /etc/group file is scanned to create the group set.
Reported by: Paul McMath paulm at tetrardus.net
Reviewed by: kib
MFC after: 2 weeks
2018-01-23 22:18:45 +00:00
|
|
|
.Pp
|
|
|
|
|
The first entry of the group array
|
|
|
|
|
.Pq Va gidset[0]
|
|
|
|
|
is used as the effective group-ID for the process.
|
|
|
|
|
This entry is over-written when a setgid program is run.
|
|
|
|
|
To avoid losing access to the privileges of the
|
|
|
|
|
.Va gidset[0]
|
|
|
|
|
entry, it should be duplicated later in the group array.
|
|
|
|
|
By convention,
|
|
|
|
|
this happens because the group value indicated
|
|
|
|
|
in the password file also appears in
|
|
|
|
|
.Pa /etc/group .
|
|
|
|
|
The group value in the password file is placed in
|
|
|
|
|
.Va gidset[0]
|
|
|
|
|
and that value then gets added a second time when the
|
|
|
|
|
.Pa /etc/group
|
|
|
|
|
file is scanned to create the group set.
|
1994-05-27 05:00:24 +00:00
|
|
|
.Sh RETURN VALUES
|
2001-08-09 13:32:13 +00:00
|
|
|
.Rv -std setgroups
|
1994-05-27 05:00:24 +00:00
|
|
|
.Sh ERRORS
|
|
|
|
|
The
|
|
|
|
|
.Fn setgroups
|
2002-12-18 09:22:32 +00:00
|
|
|
system call will fail if:
|
1994-05-27 05:00:24 +00:00
|
|
|
.Bl -tag -width Er
|
|
|
|
|
.It Bq Er EPERM
|
|
|
|
|
The caller is not the super-user.
|
2003-11-19 13:05:50 +00:00
|
|
|
.It Bq Er EINVAL
|
|
|
|
|
The number specified in the
|
|
|
|
|
.Fa ngroups
|
|
|
|
|
argument is larger than the
|
2009-06-19 15:58:24 +00:00
|
|
|
.Dv {NGROUPS_MAX}+1
|
2003-11-19 13:05:50 +00:00
|
|
|
limit.
|
1994-05-27 05:00:24 +00:00
|
|
|
.It Bq Er EFAULT
|
|
|
|
|
The address specified for
|
|
|
|
|
.Fa gidset
|
|
|
|
|
is outside the process
|
|
|
|
|
address space.
|
|
|
|
|
.El
|
|
|
|
|
.Sh SEE ALSO
|
|
|
|
|
.Xr getgroups 2 ,
|
|
|
|
|
.Xr initgroups 3
|
|
|
|
|
.Sh HISTORY
|
|
|
|
|
The
|
1996-08-22 23:31:07 +00:00
|
|
|
.Fn setgroups
|
2002-12-18 09:22:32 +00:00
|
|
|
system call appeared in
|
1994-05-27 05:00:24 +00:00
|
|
|
.Bx 4.2 .
|