setgid - set group identity
int setgid(gid_t gid)
setgid sets the effective group ID of the current process.
If the caller is the superuser, the real and saved group
ID's are also set.
Under Linux, setgid is implemented like the POSIX version
with the _POSIX_SAVED_IDS feature. This allows a setgid
(other than root) program to drop all of its group privi
leges, do some un-privileged work, and then re-engage the
original effective group ID in a secure manner.
If the user is root or the program is setgid root, special
care must be taken. The setgid function checks the effec
tive gid of the caller and if it is the superuser, all
process related group ID's are set to gid. After this has
occurred, it is impossible for the program to regain root
Thus, a setgid-root program wishing to temporarily drop
root privileges, assume the identity of a non-root group,
and then regain root privileges afterwards cannot use set
gid. You can accomplish this with the (non-POSIX, BSD)
On success, zero is returned. On error, -1 is returned,
and errno is set appropriately.
EPERM The user is not the super-user, and gid does not
match the effective group ID or saved set-group-ID
of the calling process.
getgid(2), setregid(2), setegid(2)