<html> <head> <title>setgid</title> <META NAME="KEYWORDS" CONTENT="setgid"> </head> <body BGCOLOR="#ffffff" LINK="#0000ff" VLINK="#0000ff" ALINK="#0000ff" TEXT="#000000"> <center> <h1><b>setgid</b></h1></center> <PRE> <STRONG><A HREF="/man2/SETGID">SETGID(2)</A></STRONG> Linux Programmer's Manual <STRONG><A HREF="/man2/SETGID">SETGID(2)</A></STRONG> NAME setgid - set group identity SYNOPSIS #include &lt;sys/types.h&gt; #include &lt;unistd.h&gt; int setgid(gid_t gid); DESCRIPTION setgid() sets the effective group ID of the calling process. If the calling process is privileged (more precisely: has the CAP_SETGID capa- bility in its user namespace), the real GID and saved set-group-ID are also set. Under Linux, setgid() is implemented like the POSIX version with the _POSIX_SAVED_IDS feature. This allows a set-group-ID program that is not set-user-ID-root to drop all of its group privileges, do some un- privileged work, and then reengage the original effective group ID in a secure manner. RETURN VALUE On success, zero is returned. On error, -1 is returned, and errno is set appropriately. ERRORS EINVAL The group ID specified in gid is not valid in this user name- space. EPERM The calling process is not privileged (does not have the CAP_SETGID capability in its user namespace), and gid does not match the real group ID or saved set-group-ID of the calling process. CONFORMING TO POSIX.1-2001, POSIX.1-2008, SVr4. NOTES The original Linux setgid() system call supported only 16-bit group IDs. Subsequently, Linux 2.4 added setgid32() supporting 32-bit IDs. The glibc setgid() wrapper function transparently deals with the varia- tion across kernel versions. C library/kernel differences At the kernel level, user IDs and group IDs are a per-thread attribute. However, POSIX requires that all threads in a process share the same credentials. The NPTL threading implementation handles the POSIX re- quirements by providing wrapper functions for the various system calls that change process UIDs and GIDs. These wrapper functions (including the one for setgid()) employ a signal-based technique to ensure that when one thread changes credentials, all of the other threads in the process also change their credentials. For details, see <STRONG><A HREF="/man7/nptl">nptl(7)</A></STRONG>. SEE ALSO <STRONG><A HREF="/man2/getgid">getgid(2)</A></STRONG>, <STRONG><A HREF="/man2/setegid">setegid(2)</A></STRONG>, <STRONG><A HREF="/man2/setregid">setregid(2)</A></STRONG>, <STRONG><A HREF="/man7/capabilities">capabilities(7)</A></STRONG>, <STRONG><A HREF="/man7/credentials">credentials(7)</A></STRONG>, <STRONG><A HREF="/man7/user_namespaces">user_namespaces(7)</A></STRONG> COLOPHON This page is part of release 5.05 of the Linux man-pages project. A description of the project, information about reporting bugs, and the latest version of this page, can be found at https://www.kernel.org/doc/man-pages/. Linux 2019-03-06 <STRONG><A HREF="/man2/SETGID">SETGID(2)</A></STRONG></PRE> <center> <h6>Man Pages Copyright Respective Owners. Site Copyright (C) 1994 - 2025 <a href="http://www.he.net">Hurricane Electric</a>. All Rights Reserved.</h6></center> </body> </html>