diff options
| author | Michael Kerrisk <mtk.manpages@gmail.com> | 2016-09-12 15:09:27 +0100 |
|---|---|---|
| committer | Michael Kerrisk <mtk.manpages@gmail.com> | 2016-09-12 16:54:36 +0100 |
| commit | cdbc9e153d0bc86c9be68176b85b7fbaaba01cd9 (patch) | |
| tree | e95f34bacb40f9caf03bd4aecb23c90323d92ee3 | |
| parent | 7127bd53ee989eb098fb74d7aed0203d26d6def2 (diff) | |
| download | man-pages-cdbc9e153d0bc86c9be68176b85b7fbaaba01cd9.tar.gz | |
seteuid.2: Note user namespace requirements for CAP_SETUID and CAP_SETGID
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
| -rw-r--r-- | man2/seteuid.2 | 29 |
1 files changed, 16 insertions, 13 deletions
diff --git a/man2/seteuid.2 b/man2/seteuid.2 index 49596f122f..ec52ae47f8 100644 --- a/man2/seteuid.2 +++ b/man2/seteuid.2 @@ -83,20 +83,23 @@ it is a grave security error to omit checking for a failure return from The target user or group ID is not valid in this user namespace. .TP .B EPERM -The calling process is not privileged (Linux: does not have the -.B CAP_SETUID -capability in the case of -.BR seteuid (), -or the -.B CAP_SETGID -capability in the case of -.BR setegid ()) -and +In the case of +.BR seteuid (): +the calling process is not privileged (does not have the +.BR CAP_SETUID +capability in its user namespace) and .I euid -(respectively, -.IR egid ) -is not the real user (group) ID, the effective user (group) ID, -or the saved set-user-ID (saved set-group-ID). +does not match the current real user ID, current effective user ID, +or current saved set-user-ID. + +In the case of +.BR setegid (): +the calling process is not privileged (does not have the +.BR CAP_SETGID +capability in its user namespace) and +.I egid +does not match the current real group ID, current effective group ID, +or current saved set-group-ID. .SH CONFORMING TO POSIX.1-2001, POSIX.1-2008, 4.3BSD. .SH NOTES |