TOPIC   #  NAME           DESCRIPTION
-----  --- ------------   ------------------------------------------------
access  50 getegid        - get group identity
access  49 geteuid        - get user identity
access  47 getgid         - get group identity
access  80 getgroups      - get list of supplementary group IDs
access 132 getpgid        - set/get process group
access  65 getpgrp        - set/get process group
access  20 getpid         - process identification
access  64 getppid        - get process identification
access 171 getresgid      - get real/effective/saved group ID
access 165 getresuid      - get real, effective and saved user or group ID
access 147 getsid         - get session ID
access  24 getuid         - get user identity 
access 139 setfsgid       - set group identity used for file system checks
access 138 setfsuid       - set user identity used for file system checks
access  46 setgid         - set group identity
access  81 setgroups      - set list of supplementary group IDs
access  57 setpgid        - set process group 
access  71 setregid       - set real and / or effective group ID
access 170 setresgid      - set real,effective,saved group ID
access 164 setresuid      - set real user ID
access  70 setreuid       - set real and/or effective user ID
access  66 setsid         - creates a session and sets the process group ID
access  23 setuid         - set user identity

----------------------------------------------------------------------------
 50 getegid        - get group identity
----------------------------------------------------------------------------
  mov  eax,50
  int  80h

       getegid returns the effective group ID of the current process.
       The  real  ID corresponds to the ID of the calling process.  The effec-
       tive ID corresponds to the set ID bit on the file being executed.

ERRORS
       This function is always successful.

SEE ALSO
       setregid(2), setgid(2)

----------------------------------------------------------------------------
 49 geteuid        - get user identity
----------------------------------------------------------------------------
  mov eax,049
  int 80h

       geteuid returns the effective user ID of the current process.
       The  real  ID corresponds to the ID of the calling process.  The effec-
       tive ID corresponds to the set ID bit on the file being executed.

ERRORS
       This function is always successful.

SEE ALSO
       setreuid(2), setuid(2)



----------------------------------------------------------------------------
 47 getgid         - get group identity
----------------------------------------------------------------------------
  mov  eax,047
  int  80h

       getgid returns the real group ID of the current process.
       The  real  ID corresponds to the ID of the calling process.  The effec-
       tive ID corresponds to the set ID bit on the file being executed.

ERRORS
       These functions are always successful.

SEE ALSO
       setregid(2), setgid(2)

----------------------------------------------------------------------------
 80 getgroups      - get list of supplementary group IDs
----------------------------------------------------------------------------
  mov eax,080
  mov ebx,size
  mov ecx,list
  int 80h

      Up  to size supplementary group IDs are returned in list.  It is
      unspecified whether  the  effective  group  ID  of  the  calling
      process  is included in the returned list. (Thus, an application
      should also call getegid(2) and  add  or  remove  the  resulting
      value.)   If  size  is zero, list is not modified, but the total
      number of supplementary group IDs for the process is returned.

RETURN VALUE
      On  success,  the number of supplementary group IDs is returned.
      On error, -1 is returned, and errno is set appropriately.

ERRORS
       EINVAL size is less than the number of supple-
              mentary group IDs, but is not zero.

NOTES
       A  process  can have up to at least NGROUPS_MAX supplementary group IDs
       in addition to the effective group ID. The set of  supplementary  group
       IDs  is inherited from the parent process and may be changed using set-
       groups.  The maximum number of supplementary group  IDs  can  be  found
       using sysconf(3):
           long ngroups_max;
           ngroups_max = sysconf(_SC_NGROUPS_MAX);
       The  maximal  return  value of getgroups cannot be larger than one more
       than the value obtained this way.

SEE ALSO
       initgroups(3), getgid(2), setgid(2)



----------------------------------------------------------------------------
132 getpgid        - set/get process group
----------------------------------------------------------------------------
  mov  eax,132
  mov  ebx,pid
  int  80h

       getpgid returns the process group ID of the process specified  by  pid.
       If pid is zero, the process ID of the current process is used.

       Process  groups  are used for distribution of signals, and by terminals
       to arbitrate requests for their input: Processes  that  have  the  same
       process group as the terminal are foreground and may read, while others
       will block with a signal if they attempt to read.  These calls are thus
       used  by programs such as csh(1) to create process groups in implement-
       ing job control.   The  TIOCGPGRP  and  TIOCSPGRP  calls  described  in
       termios(3)  are used to get/set the process group of the control termi-
       nal.

       If a session has a controlling terminal, CLOCAL is not set and a hangup
       occurs,  then  the  session  leader  is  sent a SIGHUP.  If the session
       leader exits, the SIGHUP signal will be sent to  each  process  in  the
       foreground process group of the controlling terminal.

       If  the  exit of the process causes a process group to become orphaned,
       and if any member of the newly-orphaned process group is stopped,  then
       a  SIGHUP  signal  followed  by  a  SIGCONT signal will be sent to each
       process in the newly-orphaned process group.


RETURN VALUE
       getpgid  returns a process group on success.  On error, -1 is returned,
       and errno is set appropriately.

ERRORS

       ESRCH  For getpgid: pid does not match any process.

NOTES
       POSIX  took  setpgid  from  the  BSD function setpgrp.  Also SysV has a
       function with the same name, but it is identical to setsid(2).

SEE ALSO
       getuid(2), setsid(2), tcgetpgrp(3), tcsetpgrp(3), termios(3)


----------------------------------------------------------------------------
 65 getpgrp        - set/get process group
----------------------------------------------------------------------------
  mov  eax,065
  int  80h

       getpgrp()  is equivalent to getpgid(0).  Each process group
       is a member of a session and each process is a member of the session of
       which its process group is a member.

       Process  groups  are used for distribution of signals, and by terminals
       to arbitrate requests for their input: Processes  that  have  the  same
       process group as the terminal are foreground and may read, while others
       will block with a signal if they attempt to read.  These calls are thus
       used  by programs such as csh(1) to create process groups in implement-
       ing job control.   The  TIOCGPGRP  and  TIOCSPGRP  calls  described  in
       termios(3)  are used to get/set the process group of the control termi-
       nal.

       If a session has a controlling terminal, CLOCAL is not set and a hangup
       occurs,  then  the  session  leader  is  sent a SIGHUP.  If the session
       leader exits, the SIGHUP signal will be sent to  each  process  in  the
       foreground process group of the controlling terminal.

       If  the  exit of the process causes a process group to become orphaned,
       and if any member of the newly-orphaned process group is stopped,  then
       a  SIGHUP  signal  followed  by  a  SIGCONT signal will be sent to each
       process in the newly-orphaned process group.

RETURN VALUE
       getpgrp always returns the current process group.

----------------------------------------------------------------------------
 20 getpid         - process identification
----------------------------------------------------------------------------
  mov  eax,020
  int  80h

      getpid  returns   the process ID of the current process.  (This is often
      used by routines that generate unique temporary file names.)

SEE ALSO
       exec(3), fork(2),  kill(2),  mkstemp(3),  tmpnam(3),  tempnam(3),  tmp-
       file(3)

----------------------------------------------------------------------------
 64 getppid        - get process identification
----------------------------------------------------------------------------
  mov  eax,064
  int  80h

      getppid returns the process ID of the parent of the current process.


SEE ALSO
       exec(3), fork(2),  kill(2),  mkstemp(3),  tmpnam(3),  tempnam(3),  tmp-
       file(3)

----------------------------------------------------------------------------
171 getresgid      - get real/effective/saved group ID
----------------------------------------------------------------------------
  rgid dword
  egid dword
  sgid dword

  mov  eax,171
  mov  ebx,rgid
  mov  ecx,egid
  mov  edx,sgid
  int  80h

       getresgid get the real, effective and saved  group  ID's
       of  the  current process.

RETURN VALUE
       On  success,  zero is returned.  On error, -1 is returned, and errno is
       set appropriately.

ERRORS
       EFAULT One of the arguments specified an address  outside  the  calling
              program's address space.

SEE ALSO
       getuid(2), setuid(2), setreuid(2), setresuid(2)


----------------------------------------------------------------------------
165 getresuid      - get real, effective and saved user or group ID
----------------------------------------------------------------------------
  rgid dword
  egid dword
  sgid dword

  mov  eax,165
  mov  ebx,ruid
  mov  ecx,euid
  mov  edx,suid
  int  80h

       getresuid gets the real, effective and saved  user  ID's of
       the  current process.


RETURN VALUE
       On  success,  zero is returned.  On error, -1 is returned, and errno is
       set appropriately.

ERRORS
       EFAULT One of the arguments specified an address  outside  the  calling
              program's address space.

SEE ALSO
       getuid(2), setuid(2), setreuid(2), setresuid(2)


----------------------------------------------------------------------------
147 getsid         - get session ID
----------------------------------------------------------------------------
  mov  eax,147
  mov  ebx,pid
  int  80h

       getsid(0)  returns  the  session  ID of the calling process.  getsid(p)
       returns the session ID of the process with process ID p.  (The  session
       ID  of  a  process  is the process group ID of the session leader.)  On
       error, (pid_t) -1 will be returned, and errno is set appropriately.

ERRORS
       ESRCH  No process with process ID p was found.

SEE ALSO
       getpgid(2), setsid(2)

----------------------------------------------------------------------------
 24 getuid         - get user identity 
----------------------------------------------------------------------------
  mov  eax,024
  int  80h
       getuid returns the real user ID of the current process.

       The  real  ID corresponds to the ID of the calling process.  The effec-
       tive ID corresponds to the set ID bit on the file being executed.
ERRORS
       These functions are always successful.

SEE ALSO
       setreuid(2), setuid(2)


----------------------------------------------------------------------------
139 setfsgid       - set group identity used for file system checks
----------------------------------------------------------------------------
  mov  eax,139
  mov  ebx,fsgid
  int  80h

       The  system  call setfsgid sets the group ID that the Linux kernel uses
       to check for all accesses to the file system. Normally,  the  value  of
       fsgid  will  shadow the value of the effective group ID. In fact, when-
       ever the effective group ID is changed, fsgid will also be  changed  to
       the new value of the effective group ID.

       Explicit  calls  to setfsuid and setfsgid are usually only used by pro-
       grams such as the Linux NFS server that need to change  what  user  and
       group  ID is used for file access without a corresponding change in the
       real and effective user and group IDs.  A change in the normal user IDs
       for a program such as the NFS server is a security hole that can expose
       it to unwanted signals. (But see below.)

       setfsgid will only succeed if the caller is the superuser or  if  fsgid
       matches  either the real group ID, effective group ID, saved set-group-
       ID, or the current value of fsgid.

RETURN VALUE
       On success, the previous value of fsgid is  returned.   On  error,  the
       current value of fsgid is returned.

CONFORMING TO
       setfsgid  is Linux specific and should not be used in programs intended
       to be portable.  It is present since Linux 1.1.44  and  in  libc  since
       libc 4.7.6.

BUGS
       No  error  messages of any kind are returned to the caller. At the very
       least, EPERM should be returned when the call fails.

NOTES
       Note  that at the time this system call was introduced, a process could
       send a signal to a process with the same effective user ID.  Today sig-
       nal permission handling is slightly different.

SEE ALSO
       kill(2), setfsuid(2)


----------------------------------------------------------------------------
138 setfsuid       - set user identity used for file system checks
----------------------------------------------------------------------------
  mov eax,138
  mov ebx,fsuid
  int 80h

       The system call setfsuid sets the user ID that the Linux kernel uses to
       check for all accesses to the file system. Normally, the value of fsuid
       will  shadow  the value of the effective user ID. In fact, whenever the
       effective user ID is changed, fsuid will also be  changed  to  the  new
       value of the effective user ID.

       Explicit  calls  to setfsuid and setfsgid are usually only used by pro-
       grams such as the Linux NFS server that need to change  what  user  and
       group  ID is used for file access without a corresponding change in the
       real and effective user and group IDs.  A change in the normal user IDs
       for a program such as the NFS server is a security hole that can expose
       it to unwanted signals. (But see below.)

       setfsuid will only succeed if the caller is the superuser or  if  fsuid
       matches  either the real user ID, effective user ID, saved set-user-ID,
       or the current value of fsuid.

RETURN VALUE
       On success, the previous value of fsuid is  returned.   On  error,  the
       current value of fsuid is returned.

CONFORMING TO
       setfsuid  is Linux specific and should not be used in programs intended
       to be portable.  It is present since Linux 1.1.44  and  in  libc  since
       libc 4.7.6.

BUGS
       No  error  messages of any kind are returned to the caller. At the very
       least, EPERM should be returned when the call fails.

NOTES
       Note  that at the time this system call was introduced, a process could
       send a signal to a process with the same effective user ID.  Today sig-
       nal permission handling is slightly different.

SEE ALSO
       kill(2), setfsgid(2)


----------------------------------------------------------------------------
 46 setgid         - set group identity
----------------------------------------------------------------------------
  mov  eax,046
  mov  ebx,gid
  int  80h

       setgid  sets  the  effective  group  ID  of the current process. If the
       caller is the superuser, the real and saved group ID's are also set.

       Under Linux, setgid is implemented like  the  POSIX  version  with  the
       _POSIX_SAVED_IDS  feature.   This  allows  a setgid program that is not
       suid root to drop all of its group privileges,  do  some  un-privileged
       work,  and  then  re-engage the original effective group ID in a secure
       manner.

RETURN VALUE
       On success, zero is returned.  On error, -1 is returned, and  errno  is
       set appropriately.

ERRORS
       EPERM  The  user  is  not  the super-user (does not have the CAP_SETGID
              capability), and gid does not match the effective  group  ID  or
              saved set-group-ID of the calling process.

SEE ALSO
       getgid(2), setregid(2), setegid(2)


----------------------------------------------------------------------------
 81 setgroups      - set list of supplementary group IDs
----------------------------------------------------------------------------
  mov eax,081
  mov ebx,size
  mov ecx,list
  int 80h

      Sets the supplementary group IDs  for  the  process.   Only  the
      super-user may use this function.

RETURN VALUE
      On success, zero is returned.  On error,  -1  is  returned,  and
      errno is set appropriately.

ERRORS
       EFAULT list has an invalid address.

       EPERM  For setgroups, the user is not the super-user.

       EINVAL For  setgroups,  size  is  greater  than  NGROUPS  (32 for Linux
              2.0.32).  For getgroups, size is less than the number of supple-
              mentary group IDs, but is not zero.

NOTES
       A  process  can have up to at least NGROUPS_MAX supplementary group IDs
       in addition to the effective group ID. The set of  supplementary  group
       IDs  is inherited from the parent process and may be changed using set-
       groups.  The maximum number of supplementary group  IDs  can  be  found
       using sysconf(3):
           long ngroups_max;
           ngroups_max = sysconf(_SC_NGROUPS_MAX);
       The  maximal  return  value of getgroups cannot be larger than one more
       than the value obtained this way.

SEE ALSO
       initgroups(3), getgid(2), setgid(2)


----------------------------------------------------------------------------
 57 setpgid        - set process group 
----------------------------------------------------------------------------
  mov  eax,132
  mov  ebx,pid
  int  80h

       setpgid  sets  the  process group ID of the process specified by pid to
       pgid.  If pid is zero, the process ID of the current process  is  used.
       If  pgid  is  zero,  the  process ID of the process specified by pid is
       used.  If setpgid is used to move a process from one process  group  to
       another  (as  is  done  by  some  shells when creating pipelines), both
       process groups must be part of the same session.   In  this  case,  the
       pgid  specifies  an existing process group to be joined and the session
       ID of that group must match the session ID of the joining process.

RETURN VALUE
       On success, setpgid return zero.  On error, -1 is returned,
       and errno is set appropriately.
ERRORS
       EINVAL pgid is less than 0 (setpgid, setpgrp).

       EACCES An attempt was made to change the process group ID of one of the
              children  of  the calling process and the child had already per-
              formed an execve (setpgid, setpgrp).

       EPERM  An attempt was made to move a process into a process group in  a
              different  session,  or to change the process group ID of one of
              the children of the calling process and the child was in a  dif-
              ferent  session,  or to change the process group ID of a session
              leader (setpgid, setpgrp).

       ESRCH  pid is not the current process and not a child of the current
              process.

SEE ALSO
       getuid(2), setsid(2), tcgetpgrp(3), tcsetpgrp(3), termios(3)


----------------------------------------------------------------------------
 71 setregid       - set real and / or effective group ID
----------------------------------------------------------------------------
  mov  eax,71
  mov  ebx,rgid
  mov  ecx,egid
  int  80h

      setregid sets real and effective group ID's of
      the current process,

       Unprivileged users may only set the real group ID to the real group ID or
       the  effective  group  ID, and may only set the effective group ID to the
       real group ID, the effective group ID or the saved group ID.

       Supplying a value of -1 for either the real or effective group ID forces
       the system to leave that ID unchanged.

       If  the  real group ID is set or the effective group ID is set to a value
       not equal to the previous real group ID, the saved group ID will  be  set
       to the new effective group ID.


RETURN VALUE
       On  success,  zero is returned.  On error, -1 is returned, and errno is
       set appropriately.

ERRORS
       EPERM  The current process is not the super-user and changes other than
              (i)  swapping  the  effective user (group) ID with the real user
              (group) ID, or (ii) setting one to the value  of  the  other  or
              (iii)  setting the effective user (group) ID to the value of the
              saved user (group) ID was specified.

SEE ALSO
       getuid(2), getgid(2), setuid(2), setgid(2), seteuid(2), setresuid(2)

----------------------------------------------------------------------------
170 setresgid      - set real,effective,saved group ID
----------------------------------------------------------------------------
  mov  eax,170
  mov  ebx,rgid
  mov  ecx,egid
  mov  edx,sgid
  int  80h

       setresgid  sets  the real group ID, the effective group ID, and the saved
       (effective) group ID of the current process.

       Unprivileged group processes (i.e., processes with each of real, effec-
       tive  and  saved  group  ID  nonzero) may change the real, effective and
       saved group ID, each to one of: the current uid, the  current  effective
       uid or the current saved uid.

       The  super-user  may set real, effective and saved group ID to arbitrary
       values.

       If one of the parameters equals -1,  the  corresponding  value  is  not
       changed.

RETURN VALUE
       On  success,  zero is returned.  On error, -1 is returned, and errno is
       set appropriately.

ERRORS
       EPERM  The current  process  was  not  privileged  (did  not  have  the
              CAP_SETUID  capability)  and  tried  to  change the IDs is a not
              allowed way.

       EAGAIN uid does not match the current uid and  this  call  would  bring
              that userID over its NPROC rlimit.

SEE ALSO
       getuid(2), setuid(2), setreuid(2), getresuid(2)



----------------------------------------------------------------------------
164 setresuid      - set real user ID
----------------------------------------------------------------------------
  mov  eax,164
  mov  ebx,ruid
  mov  ecx,euid
  mov  edx,suid
  int  80h

       setresuid  sets  the real user ID, the effective user ID, and the saved
       (effective) user ID of the current process.

       Unprivileged user processes (i.e., processes with each of real,  effec-
       tive  and  saved  user  ID  nonzero) may change the real, effective and
       saved user ID, each to one of: the current uid, the  current  effective
       uid or the current saved uid.

       The  super-user  may set real, effective and saved user ID to arbitrary
       values.

       If one of the parameters equals -1,  the  corresponding  value  is  not
       changed.

RETURN VALUE
       On  success,  zero is returned.  On error, -1 is returned, and errno is
       set appropriately.

ERRORS
       EPERM  The current  process  was  not  privileged  (did  not  have  the
              CAP_SETUID  capability)  and  tried  to  change the IDs is a not
              allowed way.

       EAGAIN uid does not match the current uid and  this  call  would  bring
              that userID over its NPROC rlimit.

SEE ALSO
       getuid(2), setuid(2), setreuid(2), getresuid(2)


----------------------------------------------------------------------------
 70 setreuid       - set real and/or effective user ID
----------------------------------------------------------------------------
  mov  eax,70 
  mov  ebx,ruid
  mov  ecx,euid
  int  80h

       setreuid  sets  real  and  effective  user  IDs of the current process.
       Unprivileged users may only set the real user ID to the real user ID or
       the  effective  user  ID, and may only set the effective user ID to the
       real user ID, the effective user ID or the saved user ID.

       Supplying a value of -1 for either the real or effective user ID forces
       the system to leave that ID unchanged.

       If  the  real user ID is set or the effective user ID is set to a value
       not equal to the previous real user ID, the saved user ID will  be  set
       to the new effective user ID.

RETURN VALUE
       On  success,  zero is returned.  On error, -1 is returned, and errno is
       set appropriately.

ERRORS
       EPERM  The current process is not the super-user and changes other than
              (i)  swapping  the  effective user (group) ID with the real user
              (group) ID, or (ii) setting one to the value  of  the  other  or
              (iii)  setting the effective user (group) ID to the value of the
              saved user (group) ID was specified.

SEE ALSO
       getuid(2), getgid(2), setuid(2), setgid(2), seteuid(2), setresuid(2)



----------------------------------------------------------------------------
 66 setsid         - creates a session and sets the process group ID
----------------------------------------------------------------------------
  mov  eax,066
  int  80h

       setsid()  creates a new session if the calling process is not a process
       group leader.  The calling process is the leader of  the  new  session,
       the  process group leader of the new process group, and has no control-
       ling tty.  The process group ID and session ID of the  calling  process
       are set to the PID of the calling process.  The calling process will be
       the only process in this new process group and in this new session.

RETURN VALUE
       The session ID of the calling process.

ERRORS
       On error, -1 will be returned.  The only  error  which  can  happen  is
       EPERM.  It  is returned when the process group ID of any process equals
       the PID of the calling process. Thus, in particular,  setsid  fails  if
       the calling process is already a process group leader.

NOTES
       A  process group leader is a process with process group ID equal to its
       PID. In order to be sure that setsid will succeed, fork and  exit,  and
       have the child do setsid().

SEE ALSO
       setpgid(2), setpgrp(2)

----------------------------------------------------------------------------
 23 setuid         - set user identity
----------------------------------------------------------------------------
  mov  eax,023
  mov  ebx,uid
  int  80h

       setuid  sets  the  effective  user  ID  of the current process.  If the
       effective userid of the caller is root, the real and  saved  user  ID's
       are also set.

       Under  Linux,  setuid  is  implemented  like the POSIX version with the
       _POSIX_SAVED_IDS feature.  This allows a setuid (other than root)  pro-
       gram  to  drop  all of its user privileges, do some un-privileged work,
       and then re-engage the original effective user ID in a secure manner.

       If the user is root or the program is setuid root, special care must be
       taken.  The  setuid function checks the effective uid of the caller and
       if it is the superuser, all process related user ID's are set  to  uid.
       After  this  has  occurred,  it is impossible for the program to regain
       root privileges.

       Thus, a setuid-root program wishing to  temporarily  drop  root  privi-
       leges,  assume  the  identity  of a non-root user, and then regain root
       privileges afterwards cannot use setuid.  You can accomplish this  with
       the (non-POSIX, BSD) call seteuid.

RETURN VALUE
       On  success,  zero is returned.  On error, -1 is returned, and errno is
       set appropriately.

ERRORS
       EPERM  The user is not the super-user, and uid does not match the  real
              or saved user ID of the calling process.

       EAGAIN The  uid  does  not match the current uid and uid brings process
              over it's NPROC rlimit.

LINUX-SPECIFIC REMARKS
       Linux has the concept of filesystem user  ID,  normally  equal  to  the
       effective user ID.  The setuid call also sets the filesystem user ID of
       the current process.  See setfsuid(2).

       If uid is different from the old effective uid,  the  process  will  be
       forbidden from leaving core dumps.

SEE ALSO
       getuid(2), setreuid(2), seteuid(2), setfsuid(2)

