sys_setregid  [kernel/sys.c]


Sets real and effective group IDs of the current process.

Arguments

eax 71
ebx New real GID. Supplying a value of -1 forces the system to leave that ID unchanged.
ecx New effective GID. Supplying a value of -1 forces the system to leave that ID unchanged.

Return values

If the system call succeeds the return value is 0.
If the system call fails the return value is one of the following errno values:

-EPERM The current process is not privileged (does not have the CAP_SETGID capability) and a change other than (i) swapping the effective group ID with the real group ID, or (ii) setting one to the value of the other or (iii) setting the effective group ID to the value of the saved set-group-ID was specified.

Remarks

Unprivileged users may change the real GID to the effective GID or vice versa.

If you set the real GID at all, or set the effective GID to a value not equal to the real GID, then the saved GID is set to the new effective GID.
This makes it possible for a setgid program to completely drop its privileges, which is often a useful assertion to make when you are doing a security audit over a program.

Compatibility

n/a