setuidgid — set process UID and GID(s) then chain


setuidgid [--primary-group group] [--supplementary] {account} {next-prog}


setuidgid is a chain-loading utility that sets the process real+effective UID and real+effective GID to the values for account in the system account database and then chain loads to next-prog with the execvp(3) function.

next-prog may contain its own command line options, which setuidgid will ignore.

If the --primary-group option is used, setuidgid will use group instead of the primary GID of account as the GID to set.

If the --supplementary option is used, setuidgid will also set the supplementary GIDs for the groups to which account belongs, as listed in the groups database. Without that option, it only sets the GID that is listed for account in the password database, ignoring the group database, and clears the list of supplementary groups entirely.

In either case, the command will fail if the process is not running under the aegis of the superuser. Non-superusers are not permitted to alter the supplementary groups list.

If it cannot find an account named account in the database, or fails setting the groups or user ID, it does not chain and exits with status code 111.


Jonathan de Boyne Pollard