NAME
setgid - set group identity
SYNOPSIS
#include <unistd.h>
int setgid(gid_t gid))
DESCRIPTION
setgid sets the effective group ID of the current process.
If the caller is the superuser, the real and saved group
ID's are also set.
Under Linux, setgid is implemented like the POSIX version
with the _POSIX_SAVED_IDS feature. This allows a setgid
(other than root) program to drop all of its group
privileges, do some un-privileged work, and then re-engage
the original effective group ID in a secure manner.
If the user is root or the program is setgid root, special
care must be taken. The setgid function checks the effective
gid of the caller and if it is the superuser, all process
related group ID's are set to gid. After this has occurred,
it is impossible for the program to regain root privileges.
Thus, a setgid-root program wishing to temporarily drop root
privileges, assume the identity of a non-root group, and
then regain root privileges afterwards cannot use setgid.
You can accomplish this with the (non-POSIX, BSD) call
setegid.
RETURN VALUE
On success, zero is returned. On error, -1 is returned, and
errno is set appropriately.
ERRORS
EPERM The user is not the super-user, and gid does not
match the effective or saved group ID of the calling
process.
CONFORMING TO
SVr4, SVID.
SEE ALSO
getgid(2), setregid(2), setegid(2)