setpcred Subroutine

Purpose

Sets the current process credentials.

Library

Security Library (libc.a)

Syntax

#include <usersec.h>

int setpcred ( User,  Credentials)
char **Credentials;
char *User;

Description

The setpcred subroutine sets a process' credentials according to the Credentials parameter. If the User parameter is specified, the credentials defined for the user in the user database are used. If the Credentials parameter is specified, the credentials in this string are used. If both the User and Credentials parameters are specified, both the user's and the supplied credentials are used. However, the supplied credentials of the Credentials parameter will override those of the user. At least one parameter must be specified.

The setpcred subroutine requires the setpenv subroutine to follow it.

Note: If the auditwrite subroutine is to be called from a program invoked from the inittab file, the setpcred subroutine should be called first to establish the process' credentials.
Item Description
User Specifies the user for whom credentials are being established.
Credentials Defines specific credentials to be established. This parameter points to an array of null-terminated character strings that may contain the following values. The last character string must be null.
LOGIN_USER=%s
Login user name
REAL_USER=%s
Real user name
REAL_GROUP=%s
Real group name
GROUPS=%s
Supplementary group ID
AUDIT_CLASSES=%s
Audit classes
RLIMIT_CPU=%d
Process soft CPU limit
RLIMIT_FSIZE=%d
Process soft file size
RLIMIT_DATA=%d
Process soft data segment size
RLIMIT_STACK=%d
Process soft stack segment size
RLIMIT_CORE=%d
Process soft core file size
RLIMIT_RSS=%d
Process soft resident set size
RLIMIT_CORE_HARD=%d
Process hard core file size
RLIMIT_CPU_HARD=%d
Process hard CPU limit
 
RLIMIT_DATA_HARD=%d
Process hard data segment size
RLIMIT_FSIZE_HARD=%d
Process hard file size
RLIMIT_RSS_HARD=%d
Process hard resident set size
RLIMIT_STACK_HARD=%d
Process hard stack segment size
UMASK=%o
Process umask (file creation mask)
ROLES=%s
Role names
DOMAINS=%s
Domain names

A process must have root user authority to set all credentials except the UMASK credential.

Resource       Hard          Soft

RLIMIT_CORE    unlimited     %d
RLIMIT_CPU     %d            %d
RLIMIT_DATA    unlimited     %d
RLIMIT_FSIZE   %d            %d
RLIMIT_RSS     unlimited     %d
RLIMIT_STACK   unlimited     %d

The soft limit credentials will override the equivalent hard limit credentials that may proceed them. To set the hard limits, the hard limit credentials should follow the soft limit credentials.

Return Values

Upon successful return, the setpcred subroutine returns a value of 0. If setpcred fails, a value of -1 is returned and the errno global variable is set to indicate the error.

Error Codes

The setpcred subroutine fails if one or more of the following are true:

Item Description
EINVAL The Credentials parameter contains invalid credentials specifications.
EINVAL The User parameter is null and the Credentials parameter is either null or points to an empty string.
EPERM The process does not have the proper authority to set the requested credentials.

Other errors may be set by subroutines invoked by the setpcred subroutine.