bionic (3) capng_change_id.3.gz

Provided by: libcap-ng-dev_0.7.7-3.1_amd64 bug

NAME
       capng_change_id - change the credentials retaining capabilities


SYNOPSIS
       #include <cap-ng.h>

       int capng_change_id(int uid, int gid, capng_flags_t flag);


DESCRIPTION
       This  function  will  change  uid  and  gid to the ones given while retaining the capabilities previously
       specified in capng_update. It is not necessary and perhaps better if  capng_apply  has  not  been  called
       prior  to this function so that all necessary privileges are still intact. The caller is required to have
       CAP_SETPCAP capability still active before calling this function.

       This function also takes a flag parameter that helps  to  tailor  the  exact  actions  performed  by  the
       function to secure the environment. The option may be or'ed together. The legal values are:

              CAPNG_NO_FLAG
                     Simply change uid and retain specified capabilities and that's all.

              CAPNG_DROP_SUPP_GRP
                     After  changing  id,  remove any supplement groups that may still be in effect from the old
                     uid.

              CAPNG_INIT_SUPP_GRP
                     After changing id, initialize any supplement groups that may come with the new account.  If
                     given with CAPNG_DROP_SUPP_GRP it will have no effect.

              CAPNG_CLEAR_BOUNDING
                     After  changing  the  uid  and  gid,  clear  the  bounding  set  regardless to the internal
                     representation already setup.


RETURN VALUE
       This returns 0 on success and a negative number on failure. -1 means capng has not been initted properly,
       -2  means  a  failure  requesting  to keep capabilities across the uid change, -3 means that applying the
       intermediate capabilities failed, -4 means changing gid failed, -5  means  dropping  supplemental  groups
       failed,  -6  means  changing  the  uid  failed, -7 means dropping the ability to retain caps across a uid
       change failed, -8 means clearing the bounding set failed, -9 means dropping CAP_SETPCAP failed, -10 means
       initializing supplemental groups failed.

       Note:  the  only safe action to do upon failure of this function is to probably exit. This is because you
       are likely in a situation with partial permissions and not what you intended.


SEE ALSO
       capng_update(3), capng_apply(3), prctl(2), capabilities(7)


AUTHOR
       Steve Grubb