Provided by: manpages_3.54-1ubuntu1_all bug

NAME

       credentials - process identifiers

DESCRIPTION

   Process ID (PID)
       Each  process  has  a  unique nonnegative integer identifier that is assigned when the process is created
       using fork(2).  A process can obtain its PID using getpid(2).  A PID is represented using the type  pid_t
       (defined in <sys/types.h>).

       PIDs  are  used  in  a  range  of system calls to identify the process affected by the call, for example:
       kill(2), ptrace(2), setpriority(2) setpgid(2), setsid(2), sigqueue(3), and waitpid(2).

       A process's PID is preserved across an execve(2).

   Parent process ID (PPID)
       A process's parent process ID identifies the process that created this process using fork(2).  A  process
       can obtain its PPID using getppid(2).  A PPID is represented using the type pid_t.

       A process's PPID is preserved across an execve(2).

   Process group ID and session ID
       Each  process  has a session ID and a process group ID, both represented using the type pid_t.  A process
       can obtain its session ID using getsid(2), and its process group ID using getpgrp(2).

       A child created by fork(2) inherits its parent's session ID and process group ID.  A process's session ID
       and process group ID are preserved across an execve(2).

       Sessions  and  process  groups  are  abstractions  devised to support shell job control.  A process group
       (sometimes called a "job") is a collection of processes that share the same process group ID;  the  shell
       creates a new process group for the process(es) used to execute single command or pipeline (e.g., the two
       processes created to execute the command "ls | wc" are placed in the same process  group).   A  process's
       group  membership  can  be set using setpgid(2).  The process whose process ID is the same as its process
       group ID is the process group leader for that group.

       A session is a collection of processes that share the same session ID.  All of the members of  a  process
       group  also  have  the  same session ID (i.e., all of the members of a process group always belong to the
       same session, so that sessions and process groups form a strict two-level hierarchy of processes.)  A new
       session  is  created  when a process calls setsid(2), which creates a new session whose session ID is the
       same as the PID of the process that called setsid(2).  The creator of the session is called  the  session
       leader.

   User and group identifiers
       Each  process  has  various  associated  user  and  groups  IDs.   These  IDs  are integers, respectively
       represented using the types uid_t and gid_t (defined in <sys/types.h>).

       On Linux, each process has the following user and group identifiers:

       *  Real user ID and real group ID.  These IDs determine who owns the process.  A process can  obtain  its
          real user (group) ID using getuid(2) (getgid(2)).

       *  Effective  user  ID  and  effective  group  ID.   These  IDs  are  used by the kernel to determine the
          permissions that the process will have when accessing shared resources such as message queues,  shared
          memory, and semaphores.  On most UNIX systems, these IDs also determine the permissions when accessing
          files.  However, Linux uses the filesystem IDs described below for this task.  A  process  can  obtain
          its effective user (group) ID using geteuid(2) (getegid(2)).

       *  Saved set-user-ID and saved set-group-ID.  These IDs are used in set-user-ID and set-group-ID programs
          to save a copy of the corresponding effective IDs that were set when the  program  was  executed  (see
          execve(2)).   A  set-user-ID program can assume and drop privileges by switching its effective user ID
          back and forth between the values in its real user ID and saved set-user-ID.  This switching  is  done
          via  calls to seteuid(2), setreuid(2), or setresuid(2).  A set-group-ID program performs the analogous
          tasks using setegid(2), setregid(2), or setresgid(2).  A process  can  obtain  its  saved  set-user-ID
          (set-group-ID) using getresuid(2) (getresgid(2)).

       *  Filesystem  user  ID  and  filesystem  group  ID (Linux-specific).  These IDs, in conjunction with the
          supplementary group IDs described below, are used to determine permissions for  accessing  files;  see
          path_resolution(7) for details.  Whenever a process's effective user (group) ID is changed, the kernel
          also automatically changes the filesystem user (group)  ID  to  the  same  value.   Consequently,  the
          filesystem  IDs normally have the same values as the corresponding effective ID, and the semantics for
          file-permission checks are thus the same on Linux as on other UNIX systems.  The filesystem IDs can be
          made to differ from the effective IDs by calling setfsuid(2) and setfsgid(2).

       *  Supplementary  group  IDs.   This is a set of additional group IDs that are used for permission checks
          when accessing files and other shared resources.  On Linux kernels before 2.6.4, a process  can  be  a
          member  of up to 32 supplementary groups; since kernel 2.6.4, a process can be a member of up to 65536
          supplementary groups.  The call sysconf(_SC_NGROUPS_MAX) can  be  used  to  determine  the  number  of
          supplementary  groups  of  which  a  process  may  be  a  member.   A  process  can  obtain its set of
          supplementary group IDs using getgroups(2), and can modify the set using setgroups(2).

       A child process created by fork(2) inherits copies of its  parent's  user  and  groups  IDs.   During  an
       execve(2),  a  process's  real user and group ID and supplementary group IDs are preserved; the effective
       and saved set IDs may be changed, as described in execve(2).

       Aside from the purposes noted above, a process's user  IDs  are  also  employed  in  a  number  of  other
       contexts:

       *  when determining the permissions for sending signals—see kill(2);

       *  when  determining  the  permissions  for  setting process-scheduling parameters (nice value, real time
          scheduling   policy   and   priority,   CPU   affinity,   I/O    priority)    using    setpriority(2),
          sched_setaffinity(2), sched_setscheduler(2), sched_setparam(2), and ioprio_set(2);

       *  when checking resource limits; see getrlimit(2);

       *  when  checking  the  limit  on  the  number  of  inotify  instances  that  the process may create; see
          inotify(7).

CONFORMING TO

       Process IDs, parent process IDs, process group IDs, and session IDs are specified in  POSIX.1-2001.   The
       real,  effective,  and  saved  set user and groups IDs, and the supplementary group IDs, are specified in
       POSIX.1-2001.  The filesystem user and group IDs are a Linux extension.

NOTES

       The POSIX threads specification requires that credentials are shared by all of the threads in a  process.
       However,  at  the kernel level, Linux maintains separate user and group credentials for each thread.  The
       NPTL threading implementation does some work to ensure that any  change  to  user  or  group  credentials
       (e.g., calls to setuid(2), setresuid(2)) is carried through to all of the POSIX threads in a process.

SEE ALSO

       bash(1),  csh(1),  ps(1), access(2), execve(2), faccessat(2), fork(2), getpgrp(2), getpid(2), getppid(2),
       getsid(2), kill(2), killpg(2), setegid(2), seteuid(2), setfsgid(2), setfsuid(2), setgid(2), setgroups(2),
       setresgid(2),   setresuid(2),   setuid(2),   waitpid(2),   euidaccess(3),   initgroups(3),  tcgetpgrp(3),
       tcsetpgrp(3), capabilities(7), path_resolution(7), unix(7)

COLOPHON

       This page is part of release 3.54 of the Linux man-pages project.  A  description  of  the  project,  and
       information about reporting bugs, can be found at http://www.kernel.org/doc/man-pages/.