setgid(2) - Man pages

dwww Home | Manual pages | Find package
setgid(2)                     System Calls Manual                     setgid(2)

NAME
       setgid - set group identity

LIBRARY
       Standard C library (libc, -lc)

SYNOPSIS
       #include <unistd.h>

       int setgid(gid_t gid);

DESCRIPTION
       setgid()  sets  the  effective  group ID of the calling process.  If the
       calling process is privileged (more precisely: has the CAP_SETGID  capa-
       bility  in  its user namespace), the real GID and saved set-group-ID are
       also set.

       Under Linux, setgid() is implemented like the  POSIX  version  with  the
       _POSIX_SAVED_IDS  feature.   This  allows a set-group-ID program that is
       not set-user-ID-root to drop all of its group privileges,  do  some  un-
       privileged  work, and then reengage the original effective group ID in a
       secure manner.

RETURN VALUE
       On success, zero is returned.  On error, -1 is returned,  and  errno  is
       set to indicate the error.

ERRORS
       EINVAL The  group  ID  specified  in gid is not valid in this user name-
              space.

       EPERM  The calling process is not privileged (does not have the CAP_SET-
              GID capability in its user namespace), and gid does not match the
              real group ID or saved set-group-ID of the calling process.

VERSIONS
   C library/kernel differences
       At the kernel level, user IDs and group IDs are a per-thread  attribute.
       However,  POSIX  requires  that  all threads in a process share the same
       credentials.  The NPTL threading implementation handles  the  POSIX  re-
       quirements  by  providing wrapper functions for the various system calls
       that change process UIDs and GIDs.  These wrapper  functions  (including
       the  one  for  setgid())  employ a signal-based technique to ensure that
       when one thread changes credentials, all of the  other  threads  in  the
       process also change their credentials.  For details, see nptl(7).

STANDARDS
       POSIX.1-2008.

HISTORY
       POSIX.1-2001, SVr4.

       The original Linux setgid() system call supported only 16-bit group IDs.
       Subsequently,  Linux  2.4  added  setgid32() supporting 32-bit IDs.  The
       glibc setgid() wrapper function transparently deals with  the  variation
       across kernel versions.

SEE ALSO
       getgid(2),  setegid(2),  setregid(2),  capabilities(7),  credentials(7),
       user_namespaces(7)

Linux man-pages 6.9.1              2024-05-02                         setgid(2)
Generated by dwww version 1.16 on Tue Dec 16 04:01:31 CET 2025.