setgid - set group identity
int setgid(gid_t gid)
setgid sets the effective group ID of the current process. If the
caller is the superuser, the real and saved group ID's are also set.
Under Linux, setgid is implemented like the POSIX version with the
_POSIX_SAVED_IDS feature. This allows a setgid (other than root) program
to drop all of its group privileges, do some un-privileged work,
and then re-engage the original effective group ID in a secure manner.
If the user is root or the program is setgid root, special care must be
taken. The setgid function checks the effective gid of the caller and
if it is the superuser, all process related group ID's are set to gid.
After this has occurred, it is impossible for the program to regain
Thus, a setgid-root program wishing to temporarily drop root privileges,
assume the identity of a non-root group, and then regain root
privileges afterwards cannot use setgid. You can accomplish this with
the (non-POSIX, BSD) call setegid.
On success, zero is returned. On error, -1 is returned, and errno is
EPERM The user is not the super-user, and gid does not match the
effective group ID or saved set-group-ID of the calling process.
getgid(2), setregid(2), setegid(2)
Linux 1.1.36 1994-07-29 SETGID(2)
[ Back ]