Provided by: manpages-dev_4.04-2_all bug


       setgid - set group identity


       #include <sys/types.h>
       #include <unistd.h>

       int setgid(gid_t gid);


       setgid()  sets  the  effective group ID of the calling process.  If the
       caller is privileged (has the CAP_SETGID capability), the real GID  and
       saved set-group-ID are also set.

       Under  Linux,  setgid()  is implemented like the POSIX version with the
       _POSIX_SAVED_IDS feature.  This allows a set-group-ID program  that  is
       not  set-user-ID-root  to drop all of its group privileges, do some un-
       privileged work, and then reengage the original effective group ID in a
       secure manner.


       On  success,  zero is returned.  On error, -1 is returned, and errno is
       set appropriately.


       EINVAL The group ID  specified  in  gid  is  not  valid  in  this  user

       EPERM  The  calling  process  is  not  privileged  (does  not  have the
              CAP_SETGID capability), and gid does not match the real group ID
              or saved set-group-ID of the calling process.


       POSIX.1-2001, POSIX.1-2008, SVr4.


       The  original  Linux  setgid()  system call supported only 16-bit group
       IDs.  Subsequently, Linux 2.4 added setgid32() supporting  32-bit  IDs.
       The  glibc  setgid()  wrapper  function  transparently  deals  with the
       variation across kernel versions.

   C library/kernel differences
       At the kernel level, user IDs and group IDs are a per-thread attribute.
       However,  POSIX  requires  that all threads in a process share the same
       credentials.  The  NPTL  threading  implementation  handles  the  POSIX
       requirements  by  providing  wrapper  functions  for the various system
       calls that change process  UIDs  and  GIDs.   These  wrapper  functions
       (including  the  one  for  setgid()) employ a signal-based technique to
       ensure that when one thread  changes  credentials,  all  of  the  other
       threads in the process also change their credentials.  For details, see


       getgid(2), setegid(2),  setregid(2),  capabilities(7),  credentials(7),


       This  page  is  part of release 4.04 of the Linux man-pages project.  A
       description of the project, information about reporting bugs,  and  the
       latest     version     of     this    page,    can    be    found    at