posix_spawnattr_setcred()

Set the user and group ID attributes in a spawn attributes object

Synopsis:

#include <spawn.h>

int posix_spawnattr_setcred(
       posix_spawnattr_t *attrp,
       uid_t uid, 
       gid_t gid);

Since:

BlackBerry 10.0.0

Arguments:

attrp
A pointer to the spawn attributes object that you want to modify.
uid
The user ID that you want to use for spawned processes.
gid
The group ID that you want to use for spawned processes.

Library:

libc

Use the -l c option to qcc to link against this library. This library is usually included automatically.

Description:

The posix_spawnattr_setcred() function sets the values of the credential attributes (user and group IDs) in the spawn attribute object pointed to by attrp. You must have already initialized the spawn attributes object by calling posix_spawnattr_init().

These attributes are used as the user and group IDs of the child process created by a spawn operation if POSIX_SPAWN_SETCRED is set in the spawn flags; to set this flag, call posix_spawnattr_setxflags(). By default, a process spawned with posix_spawn() or posix_spawnp() inherits the credentials from the parent process.

You must provide both a user ID (uid) and group ID (gid), but you can effectively leave one of them unchanged by passing the results of getuid() or getgid(), respectively.

In order for the uid/gid to take effect:

  • You must pass the posix_spawnattr_t attributes object as a parameter to posix_spawn().
  • You must have set POSIX_SPAWN_SETCRED in the spawn flags by calling posix_spawnattr_setxflags().
  • The calling process must have the PROCMGR_AID_SPAWN_SETUID or PROCMGR_AID_SPAWN_SETGID ability (or both) set; see procmgr_ability().

If these criteria are met, the real and effective user and group IDs of the spawned process are set to the specified credentials; however, the setuid/setgid mode of the spawned image takes precedence over the effective uid/gid of the spawned process in the same way as described for POSIX_SPAWN_RESETIDS. That is, the setuid/setgid mode causes the spawned process to inherit the uid/gid of the image as its effective uid/gid, respectively. The real uid and gid are as specified in the credentials.

The credentials of the spawned process take effect before the process actually runs, and therefore determine its access to specific resources. This may result in a failure in the spawned process, asynchronous to a successful posix_spawn() or posix_spawnp() call.

If you set both POSIX_SPAWN_SETCRED and POSIX_SPAWN_RESETIDS, POSIX_SPAWN_SETCRED takes precedence.

To get the value of these attributes, call posix_spawnattr_getcred().

For more information about spawn attributes, see the entry for posix_spawn().

Returns:

EOK
Success.
EINVAL
An argument was invalid.

Classification:

QNX Neutrino

Safety:  
Cancellation point No
Interrupt handler Yes
Signal handler Yes
Thread Yes

Last modified: 2014-06-24



Got questions about leaving a comment? Get answers from our Disqus FAQ.

comments powered by Disqus