关于setuid的分析（6）

IEEE Std 1003.1™, 2004 Edition
Standard for Information Technology —
Portable Operating System Interface (POSIX)
System Interfaces   中对setuid()的论述。。。
NAME
    setuid—set user ID
SYNOPSIS
    #include
    int setuid(uid_t uid);
DESCRIPTION
    If the process has appropriate privileges, setuid( ) shall set the real user ID,
    effective user ID, and the saved set-user-ID of the calling process to uid.
    If the process does not have appropriate privileges, but uid is equal to the real user
    ID or the saved set-user-ID, setuid( ) shall set the effective user ID to uid; the real
    user ID and saved set-user-ID shall remain unchanged.
    The setuid( ) function shall not affect the supplementary group list in any way.
RETURN VALUE
    Upon successful completion, 0 shall be returned. Otherwise, ?1 shall be returned and
    errno set to indicate the error.
ERRORS
    The setuid( ) function shall fail, return ?1, and set errno to the corresponding value
    if one or more of the following are true:
    [EINVAL]    The value of the uid argument is invalid and not supported by the
                implementation.
    [EPERM]     The process does not have appropriate privileges and uid does not match the
                real user ID or the saved set-user-ID.
EXAMPLES
    None.
APPLICATION USAGE
    None.
RATIONALE
    The various behaviors of the setuid( ) and setgid( ) functions when called by
    non-privileged processes reflect the behavior of different historical implementations.
    For portability, it is recommended that new non-privileged applications use the
    seteuid( ) and setegid( ) functions instead.
    The saved set-user-ID capability allows a program to regain the effective user ID
    established at the last exec call. Similarly, the saved set-group-ID capability allows
    a program to regain the effective group ID established at the last exec call.
    These capabilities are derived from System V. Without them, a program might have to run
    as superuser in order to perform the same functions, because superuser can write on the
    user’s files. This is a problem because such a program can write on any user’s files,
    and so must be carefully written to emulate the permissions of the calling process
    properly. In System V, these capabilities have traditionally been implemented only via

标签：

版权申明：本站文章部分自网络，如有侵权，请联系：west999com@outlook.com
特别注意：本站所有转载文章言论不代表本站观点，本站所提供的摄影照片，插画，设计作品，如需使用，请与原作者联系，版权归原作者所有