setgid - set group identity


SYNOPSIS

       #include <unistd.h>

       int setgid(gid_t gid)


DESCRIPTION

       setgid sets the effective group ID of the current process.
       If the caller is the superuser, the real and  saved  group
       ID's are also set.

       Under  Linux, setgid is implemented like the POSIX version
       with the _POSIX_SAVED_IDS feature.  This allows  a  setgid
       (other  than root) program to drop all of its group privi­
       leges, do some un-privileged work, and then re-engage  the
       original effective group ID in a secure manner.

       If the user is root or the program is setgid root, special
       care must be taken. The setgid function checks the  effec­
       tive  gid  of  the  caller and if it is the superuser, all
       process related group ID's are set to gid.  After this has
       occurred,  it is impossible for the program to regain root
       privileges.

       Thus, a setgid-root program wishing  to  temporarily  drop
       root  privileges, assume the identity of a non-root group,
       and then regain root privileges afterwards cannot use set­
       gid.   You  can  accomplish this with the (non-POSIX, BSD)
       call setegid.


RETURN VALUE

       On success, zero is returned.  On error, -1  is  returned,
       and errno is set appropriately.


ERRORS

       EPERM  The  user  is  not the super-user, and gid does not
              match the effective group ID or saved  set-group-ID
              of the calling process.


CONFORMING TO

       SVr4, SVID.


SEE ALSO

       getgid(2), setregid(2), setegid(2)