Updated: April 19, 2023 |
Set the user and group ID attributes in a spawn attributes object
#include <spawn.h> int posix_spawnattr_setcred( posix_spawnattr_t *attrp, uid_t uid, gid_t gid);
libc
Use the -l c option to qcc to link against this library. This library is usually included automatically.
The posix_spawnattr_setcred() function sets the values of the credential attributes (user and group IDs) in the spawn attribute object pointed to by attrp. You must have already initialized the spawn attributes object by calling posix_spawnattr_init().
These attributes are used as the user and group IDs of the child process created by a spawn operation if POSIX_SPAWN_SETCRED is set in the spawn flags; to set this flag, call posix_spawnattr_setxflags(). By default, a process spawned with posix_spawn() or posix_spawnp() inherits the credentials from the parent process.
You must provide both a user ID (uid) and group ID (gid), but you can effectively leave one of them unchanged by passing the results of getuid() or getgid(), respectively.
In order for the uid/gid to take effect:
If these criteria are met, the real, effective, and saved set user and group IDs of the spawned process are set to the specified credentials. Setting the the user and group IDs using posix_spawnattr_setcred() overrides any change that would result from executing a setuid or setgid program.
If you set both POSIX_SPAWN_SETCRED and POSIX_SPAWN_RESETIDS, POSIX_SPAWN_SETCRED takes precedence.
To get the value of these attributes, call posix_spawnattr_getcred().
For more information about spawn attributes, see the entry for posix_spawn().
Safety: | |
---|---|
Cancellation point | No |
Interrupt handler | Yes |
Signal handler | Yes |
Thread | Yes |