seteuid (BPX1SEU, BPX4SEU) — Set the effective user ID
Function
The seteuid callable service sets the effective user ID (UID) of a process.
Requirements
| Operation | Environment |
|---|---|
| Authorization: | Supervisor state or problem state, any PSW key |
| Dispatchable unit mode: | Task |
| Cross memory mode: | PASN = HASN |
| AMODE (BPX1SEU): | 31-bit |
| AMODE (BPX4SEU): | 64-bit |
| ASC mode: | Primary mode |
| Interrupt status: | Enabled for interrupts |
| Locks: | Unlocked |
| Control parameters: | All parameters must be addressable by the caller and in the primary address space. |
Format
The syntax format is as follows:
|
AMODE 64 callers use BPX4SEU with the same parameters.
Parameters
- User_ID
- Supplied parameter
- Type:
- Integer
- Length:
- Fullword
The name of a fullword that contains the user ID that the process is to assume.
- Return_value
- Returned parameter
- Type:
- Integer
- Length:
- Fullword
The name of a fullword in which the seteuid service returns 0 if the request is successful, or -1 if it is not successful.
- Return_code
- Returned parameter
- Type:
- Integer
- Length:
- Fullword
Return_code Explanation EINVAL The User_ID that was specified is incorrect. EPERM The process does not have the appropriate privileges to set the user ID. Refer to Authorization for information on appropriate privileges. EMVSSAF2ERR The SAF call IRRSEU00 incurred an error. - Reason_code
- Returned parameter
- Type:
- Integer
- Length:
- Fullword
The name of a fullword in which the seteuid service stores the reason code. The seteuid service returns Reason_code only if Return_value is -1. Reason_code further qualifies the Return_code value. For the reason codes, see z/OS UNIX System Services Messages and Codes. The reason code for EMVSSAF2ERR contains the RACF® return and reason codes, respectively, in the two low-order bytes. For a more detailed description of the RACF SETEUID service return and reason code values, see the following table:RACF return code RACF reason code Explanation 8 4 UID is not defined to RACF 8 8 User not authorized to change UID 8 12 Internal error during RACF processing 8 16 Unable to establish recovery
Usage notes for seteuid
If a UNIX set-user-ID privileged program switches
its UID to other than that of the set-user-ID program and it causes
the real, effective and saved UID of the caller to be equal, then
the set-user-ID privilege of the program is given up.
- If User_ID is the same as the real or saved set user ID of the process, or if the user has the appropriate privilege, the seteuid service sets the effective user ID to be the same as User_ID. Refer to Authorization for information on appropriate privileges.
- For information about changing MVS™ identities, and other restrictions, see the usage notes for setuid (BPX1SUI, BPX4SUI) — Set user IDs.
- To attach the security environment of the caller of the setuid service to the security environment of the target UID (which then creates a nested ACEE for the target), use the _BPXK_DAEMON_ATTACH environment variable. The new client can then access RACF delegated resources for which the daemon, but not necessarily the client, has access. (The delegated resources are designated by the APPDATA text of 'RACF-DELEGATED' in the RACF profile protecting the resource.) For more information about nested ACEEs and delegated resources, see z/OS Security Server RACF Security Administrator's Guide.
Related services
Characteristics and restrictions
See the list of restrictions in setuid (BPX1SUI, BPX4SUI) — Set user IDs.
Examples
For an example using this callable service, see BPX1SEU (seteuid) example.