posix_spawnattr_setcred()

Updated: April 19, 2023

Set the user and group ID attributes in a spawn attributes object

Synopsis:

#include <spawn.h>

int posix_spawnattr_setcred(
       posix_spawnattr_t *attrp,
       uid_t uid, 
       gid_t gid);

Arguments:

attrp
A pointer to the spawn attributes object that you want to modify.
uid
The user ID that you want to use for spawned processes.
gid
The group ID that you want to use for spawned processes.

Library:

libc

Use the -l c option to qcc to link against this library. This library is usually included automatically.

Description:

The posix_spawnattr_setcred() function sets the values of the credential attributes (user and group IDs) in the spawn attribute object pointed to by attrp. You must have already initialized the spawn attributes object by calling posix_spawnattr_init().

These attributes are used as the user and group IDs of the child process created by a spawn operation if POSIX_SPAWN_SETCRED is set in the spawn flags; to set this flag, call posix_spawnattr_setxflags(). By default, a process spawned with posix_spawn() or posix_spawnp() inherits the credentials from the parent process.

You must provide both a user ID (uid) and group ID (gid), but you can effectively leave one of them unchanged by passing the results of getuid() or getgid(), respectively.

In order for the uid/gid to take effect:

If these criteria are met, the real, effective, and saved set user and group IDs of the spawned process are set to the specified credentials. Setting the the user and group IDs using posix_spawnattr_setcred() overrides any change that would result from executing a setuid or setgid program.

Note: The credentials of the spawned process take effect before the process actually runs, and therefore determine its access to specific resources. This may result in a failure in the spawned process, asynchronous to a successful posix_spawn() or posix_spawnp() call.

If you set both POSIX_SPAWN_SETCRED and POSIX_SPAWN_RESETIDS, POSIX_SPAWN_SETCRED takes precedence.

To get the value of these attributes, call posix_spawnattr_getcred().

For more information about spawn attributes, see the entry for posix_spawn().

Returns:

EOK
Success.
EINVAL
An argument was invalid.

Classification:

QNX Neutrino

Safety:  
Cancellation point No
Interrupt handler Yes
Signal handler Yes
Thread Yes