Set the user and group ID attributes in a spawn attributes object
#include <spawn.h> int posix_spawnattr_setcred( posix_spawnattr_t *attrp, uid_t uid, gid_t gid);
- A pointer to the spawn attributes object that you want to modify.
- The user ID that you want to use for spawned processes.
- The group ID that you want to use for spawned processes.
Use the -l c option to qcc to link against this library. This library is usually included automatically.
The posix_spawnattr_setcred() function sets the values of the credential attributes (user and group IDs) in the spawn attribute object pointed to by attrp. You must have already initialized the spawn attributes object by calling posix_spawnattr_init().
These attributes are used as the user and group IDs of the child process created by a spawn operation if POSIX_SPAWN_SETCRED is set in the spawn flags; to set this flag, call posix_spawnattr_setxflags(). By default, a process spawned with posix_spawn() or posix_spawnp() inherits the credentials from the parent process.
In order for the uid/gid to take effect:
- You must pass the posix_spawnattr_t attributes object as a parameter to posix_spawn().
- You must have set POSIX_SPAWN_SETCRED in the spawn flags by calling posix_spawnattr_setxflags().
- The calling process must have the PROCMGR_AID_SPAWN_SETUID or PROCMGR_AID_SPAWN_SETGID ability (or both) set; see procmgr_ability().
If these criteria are met, the real and effective user and group IDs of the spawned process are set to the specified credentials; however, the setuid/setgid mode of the spawned image takes precedence over the effective uid/gid of the spawned process in the same way as described for POSIX_SPAWN_RESETIDS. That is, the setuid/setgid mode causes the spawned process to inherit the uid/gid of the image as its effective uid/gid, respectively. The real uid and gid are as specified in the credentials.
The credentials of the spawned process take effect before the process actually runs, and therefore determine its access to specific resources. This may result in a failure in the spawned process, asynchronous to a successful posix_spawn() or posix_spawnp() call.
If you set both POSIX_SPAWN_SETCRED and POSIX_SPAWN_RESETIDS, POSIX_SPAWN_SETCRED takes precedence.
To get the value of these attributes, call posix_spawnattr_getcred().
For more information about spawn attributes, see the entry for posix_spawn().
- An argument was invalid.
Last modified: 2014-06-24