identity(3)identity(3)NAME
starting_luid, starting_ruid, starting_euid, starting_rgid, start‐
ing_egid, is_starting_luid, is_starting_ruid, is_starting_euid,
is_starting_rgid, is_starting_egid, set_auth_parameters,
check_auth_parameters - Get or check user or group IDs (Enhanced Secu‐
rity)
SYNOPSIS
#include <sys/types.h> #include <sys/security.h> #include <prot.h>
uid_t starting_luid(
void ); uid_t starting_ruid(
void ); uid_t starting_euid(
void ); uid_t starting_rgid(
void ); uid_t starting_egid(
void ); int is_starting_luid(
uid_t uid ); int is_starting_ruid(
uid_t uid ); int is_starting_euid(
uid_t uid ); int is_starting_rgid(
uid_t gid ); int is_starting_egid(
uid_t gid ); void set_auth_parameters(
int argc,
char *argv[] ); void check_auth_parameters(
void );
LIBRARY
Enhanced Security Library (libsecurity)
PARAMETERS
Specifies the process's user ID. Specifies the process's group ID.
Specifies the argument count.
DESCRIPTION
The identity functions provide a way to recall the IDs of a process at
the time the program started. They are useful when interrogating the
invoking environment of a program after any setuid() or setgid() calls
have been made so that the original environment can be captured.
The starting_luid() function returns the login UID for the process. The
login UID is the immutable stamp for the process and accurately denotes
the account under which the session is being run, regardless of subse‐
quent setuid() calls.
The starting_ruid() function returns the real UID for the process as it
was set in the beginning of the program. Similarly, starting_euid()
returns the effective UID, starting_rgid() returns the real GID, and
starting_egid() returns the effective GID. These IDs may not be the
same as those returned by getuid(), geteuid(), getgid(), or getegid(),
respectively, because intervening calls to setuid() or setgid() can
change them depending on the process's privileges.
The is_starting_luid() function returns a value of 1 if the argument is
the same as the login UID at the time when set_auth_parameters() was
invoked; otherwise, it returns a value of 0 (zero). Similarly, The
is_starting_ruid() function returns 1 if the argument is the same as
the real UID at the time when set_auth_parameters() was invoked, and 0
otherwise. The is_starting_euid() function returns 1 if the argument is
the same as the effective UID at the time when set_auth_parameters()
was invoked, and 0 otherwise. The is_starting_rgid() function returns 1
if the argument is the same as the real GID at the time when
set_auth_parameters() was invoked, and 0 otherwise. The is_start‐
ing_egid() function returns 1 if the argument is the same as the effec‐
tive GID at the time when set_auth_parameters() was invoked, and 0 oth‐
erwise.
The set_auth_parameters() function is used to retain the IDs for future
lookup. It also tests the kernel to see if the security features have
been loaded. If not, the program exists with an error message. It
should be called first in a program or there is a chance that it will
capture an environment different from the conditions at the program
start. The two arguments are the argument count and vector with which
the program was called. The check_auth_parameters() function verifies
that set_auth_parameters() has been previously invoked. If not, the
program exits.
NOTES
Programs must call set_auth_parameters() before any other action in
main(). The program must always call set_auth_parameters(argc,argv)
before doing anything that changes argc or argv; the other functions in
identity.c depend on this happening. The argc parameter must be at
least 1.
Programs using these functions must be compiled with -lsecurity.
SEE ALSO
Functions: getuid(2), getgid(2), setuid(2), setgid(2)identity(3)
