setluid(S-osr5)

setluid -- set login user ID

Syntax

cc . . . -lprot

#include  <sys/types.h>
#include  <sys/security.h>
#include  <sys/audit.h>
#include  <prot.h>

int setluid (uid)
unsigned short uid;

Description

The setluid routine is used to set the login user ID of the calling process. The login user ID, or LUID, should be set at login time. Only the super user can set the LUID. Once set, the LUID cannot be reset, even by the super user.

Until the LUID is set, the setuid(S-osr5) and setgid(S-osr5) routines fail. This ensures that the LUID is set before any identity changes in the other (effective and real) user IDs.

The setluid routine is invoked by the login(M) program just prior to the identity changes caused by setuid(S-osr5) and setgid(S-osr5) calls. It is also used by at(C) and crontab(C) job entries before starting a non-interactive session for a user.

The LUID is an accurate representation of the user who logged into the system and cannot be altered during the session. The LUID is needed because both the effective and real user IDs can be altered by use of setuid(S-osr5) or the setuid bits on an executable file, and consequently, at times during a session, do not accurately reflect the login user.

The LUID is inherited by all children of the process. If the LUID was not set before a fork(S-osr5), the child would also contain an unset LUID.

Return value

Upon successful completion, the setluid routine returns a value of 0. Otherwise, a value of -1 is returned and errno is set to indicate the appropriate error.

Diagnostics

If one of the following conditions occurs, the setluid routine fails and errno is set to the corresponding value:

[EINVAL]: user ID is out of range.
[EPERM]: The LUID has already been set for this process or some ancestor of this process.

Standards conformance