Provided by: manpages-dev_5.05-1_all bug

NAME

       setgid - set group identity

SYNOPSIS

       #include <sys/types.h>
       #include <unistd.h>

       int setgid(gid_t gid);

DESCRIPTION

       setgid()  sets  the  effective group ID of the calling process.  If the calling process is
       privileged (more precisely: has the CAP_SETGID capability in its user namespace), the real
       GID and saved set-group-ID are also set.

       Under  Linux,  setgid()  is  implemented  like the POSIX version with the _POSIX_SAVED_IDS
       feature.  This allows a set-group-ID program that is not set-user-ID-root to drop  all  of
       its group privileges, do some un-privileged work, and then reengage the original effective
       group ID in a secure manner.

RETURN VALUE

       On success, zero is returned.  On error, -1 is returned, and errno is set appropriately.

ERRORS

       EINVAL The group ID specified in gid is not valid in this user namespace.

       EPERM  The calling process is not privileged (does not have the CAP_SETGID  capability  in
              its user namespace), and gid does not match the real group ID or saved set-group-ID
              of the calling process.

CONFORMING TO

       POSIX.1-2001, POSIX.1-2008, SVr4.

NOTES

       The original Linux setgid() system call supported only 16-bit  group  IDs.   Subsequently,
       Linux  2.4  added  setgid32()  supporting 32-bit IDs.  The glibc setgid() wrapper function
       transparently deals with the variation across kernel versions.

   C library/kernel differences
       At the kernel level, user IDs and group IDs are a per-thread  attribute.   However,  POSIX
       requires  that  all  threads  in a process share the same credentials.  The NPTL threading
       implementation handles the POSIX requirements  by  providing  wrapper  functions  for  the
       various  system  calls  that  change  process  UIDs  and  GIDs.   These  wrapper functions
       (including the one for setgid()) employ a signal-based technique to ensure that  when  one
       thread  changes  credentials,  all  of  the other threads in the process also change their
       credentials.  For details, see nptl(7).

SEE ALSO

       getgid(2), setegid(2), setregid(2), capabilities(7), credentials(7), user_namespaces(7)

COLOPHON

       This page is part of release 5.05 of the Linux man-pages project.  A  description  of  the
       project,  information  about  reporting  bugs, and the latest version of this page, can be
       found at https://www.kernel.org/doc/man-pages/.