setfsgid - set group identity used for file system checks


SYNOPSIS

       #include <unistd.h> /* glibc uses <sys/fsuid.h> */

       int setfsgid(uid_t fsgid);


DESCRIPTION

       setfsgid  sets  the group ID that the Linux kernel uses to
       check for all accesses to the file system.  Normally,  the
       value  of  fsgid  will  shadow  the value of the effective
       group ID. In fact, whenever  the  effective  group  ID  is
       changed, fsgid will also be changed to new value of effec­
       tive group ID.

       An explicit call to setfsgid is usually only used by  pro­
       grams  such  as  the  Linux NFS server that need to change
       what group ID is used for file  access  without  a  corre­
       sponding  change  in  the  real and effective group IDs. A
       change in the normal group IDs for a program such  as  the
       NFS  server  is  a  security  hole  that  can expose it to
       unwanted signals from other group IDs.

       setfsgid will only succeed if the caller is the  superuser
       or  if  fsgid  matches either the real group ID, effective
       group ID, saved set-group-ID,  or  the  current  value  of
       fsgid.


RETURN VALUE

       On  success,  the previous value of fsgid is returned.  On
       error, the current value of fsgid is returned.


CONFORMING TO

       setfsgid is Linux specific and should not be used in  pro­
       grams intended to be portable.


BUGS

       No  error messages of any kind are returned to the caller.
       At the very least, EPERM should be returned when the  call
       fails.


NOTE

       When  glibc  determines  that  the argument is not a valid
       gid, it will return -1 and set  errno  to  EINVAL  without
       attempting the system call.


SEE ALSO

       setfsuid(2)