1 @node Users and Groups, System Management, Name Service Switch, Top
2 @c %MENU% How users are identified and classified
3 @chapter Users and Groups
5 Every user who can log in on the system is identified by a unique number
6 called the @dfn{user ID}. Each process has an effective user ID which
7 says which user's access permissions it has.
9 Users are classified into @dfn{groups} for access control purposes. Each
10 process has one or more @dfn{group ID values} which say which groups the
11 process can use for access to files.
13 The effective user and group IDs of a process collectively form its
14 @dfn{persona}. This determines which files the process can access.
15 Normally, a process inherits its persona from the parent process, but
16 under special circumstances a process can change its persona and thus
17 change its access permissions.
19 Each file in the system also has a user ID and a group ID. Access
20 control works by comparing the user and group IDs of the file with those
21 of the running process.
23 The system keeps a database of all the registered users, and another
24 database of all the defined groups. There are library functions you
25 can use to examine these databases.
28 * User and Group IDs:: Each user has a unique numeric ID;
30 * Process Persona:: The user IDs and group IDs of a process.
31 * Why Change Persona:: Why a program might need to change
32 its user and/or group IDs.
33 * How Change Persona:: Changing the user and group IDs.
34 * Reading Persona:: How to examine the user and group IDs.
36 * Setting User ID:: Functions for setting the user ID.
37 * Setting Groups:: Functions for setting the group IDs.
39 * Enable/Disable Setuid:: Turning setuid access on and off.
40 * Setuid Program Example:: The pertinent parts of one sample program.
41 * Tips for Setuid:: How to avoid granting unlimited access.
43 * Who Logged In:: Getting the name of the user who logged in,
44 or of the real user ID of the current process.
46 * User Accounting Database:: Keeping information about users and various
49 * User Database:: Functions and data structures for
50 accessing the user database.
51 * Group Database:: Functions and data structures for
52 accessing the group database.
53 * Database Example:: Example program showing the use of database
55 * Netgroup Database:: Functions for accessing the netgroup database.
58 @node User and Group IDs
59 @section User and Group IDs
64 Each user account on a computer system is identified by a @dfn{user
65 name} (or @dfn{login name}) and @dfn{user ID}. Normally, each user name
66 has a unique user ID, but it is possible for several login names to have
67 the same user ID. The user names and corresponding user IDs are stored
68 in a data base which you can access as described in @ref{User Database}.
72 Users are classified in @dfn{groups}. Each user name belongs to one
73 @dfn{default group} and may also belong to any number of
74 @dfn{supplementary groups}. Users who are members of the same group can
75 share resources (such as files) that are not accessible to users who are
76 not a member of that group. Each group has a @dfn{group name} and
77 @dfn{group ID}. @xref{Group Database}, for how to find information
78 about a group ID or group name.
81 @section The Persona of a Process
83 @cindex effective user ID
84 @cindex effective group ID
85 @cindex supplementary group IDs
87 @c When Hurd is more widely used, explain multiple effective user IDs
89 At any time, each process has an @dfn{effective user ID}, a @dfn{effective
90 group ID}, and a set of @dfn{supplementary group IDs}. These IDs
91 determine the privileges of the process. They are collectively
92 called the @dfn{persona} of the process, because they determine ``who it
93 is'' for purposes of access control.
95 Your login shell starts out with a persona which consists of your user
96 ID, your default group ID, and your supplementary group IDs (if you are
97 in more than one group). In normal circumstances, all your other processes
101 @cindex real group ID
102 A process also has a @dfn{real user ID} which identifies the user who
103 created the process, and a @dfn{real group ID} which identifies that
104 user's default group. These values do not play a role in access
105 control, so we do not consider them part of the persona. But they are
108 Both the real and effective user ID can be changed during the lifetime
109 of a process. @xref{Why Change Persona}.
111 For details on how a process's effective user ID and group IDs affect
112 its permission to access files, see @ref{Access Permission}.
114 The effective user ID of a process also controls permissions for sending
115 signals using the @code{kill} function. @xref{Signaling Another
118 Finally, there are many operations which can only be performed by a
119 process whose effective user ID is zero. A process with this user ID is
120 a @dfn{privileged process}. Commonly the user name @code{root} is
121 associated with user ID 0, but there may be other user names with this
123 @c !!! should mention POSIX capabilities here.
125 @node Why Change Persona
126 @section Why Change the Persona of a Process?
128 The most obvious situation where it is necessary for a process to change
129 its user and/or group IDs is the @code{login} program. When
130 @code{login} starts running, its user ID is @code{root}. Its job is to
131 start a shell whose user and group IDs are those of the user who is
132 logging in. (To accomplish this fully, @code{login} must set the real
133 user and group IDs as well as its persona. But this is a special case.)
135 The more common case of changing persona is when an ordinary user
136 program needs access to a resource that wouldn't ordinarily be
137 accessible to the user actually running it.
139 For example, you may have a file that is controlled by your program but
140 that shouldn't be read or modified directly by other users, either
141 because it implements some kind of locking protocol, or because you want
142 to preserve the integrity or privacy of the information it contains.
143 This kind of restricted access can be implemented by having the program
144 change its effective user or group ID to match that of the resource.
146 Thus, imagine a game program that saves scores in a file. The game
147 program itself needs to be able to update this file no matter who is
148 running it, but if users can write the file without going through the
149 game, they can give themselves any scores they like. Some people
150 consider this undesirable, or even reprehensible. It can be prevented
151 by creating a new user ID and login name (say, @code{games}) to own the
152 scores file, and make the file writable only by this user. Then, when
153 the game program wants to update this file, it can change its effective
154 user ID to be that for @code{games}. In effect, the program must
155 adopt the persona of @code{games} so it can write to the scores file.
157 @node How Change Persona
158 @section How an Application Can Change Persona
159 @cindex @code{setuid} programs
160 @cindex saved set-user-ID
161 @cindex saved set-group-ID
162 @cindex @code{_POSIX_SAVED_IDS}
164 The ability to change the persona of a process can be a source of
165 unintentional privacy violations, or even intentional abuse. Because of
166 the potential for problems, changing persona is restricted to special
169 You can't arbitrarily set your user ID or group ID to anything you want;
170 only privileged processes can do that. Instead, the normal way for a
171 program to change its persona is that it has been set up in advance to
172 change to a particular user or group. This is the function of the setuid
173 and setgid bits of a file's access mode. @xref{Permission Bits}.
175 When the setuid bit of an executable file is on, executing that file
176 gives the process a third user ID: the @dfn{file user ID}. This ID is
177 set to the owner ID of the file. The system then changes the effective
178 user ID to the file user ID. The real user ID remains as it was.
179 Likewise, if the setgid bit is on, the process is given a @dfn{file
180 group ID} equal to the group ID of the file, and its effective group ID
181 is changed to the file group ID.
183 If a process has a file ID (user or group), then it can at any time
184 change its effective ID to its real ID and back to its file ID.
185 Programs use this feature to relinquish their special privileges except
186 when they actually need them. This makes it less likely that they can
187 be tricked into doing something inappropriate with their privileges.
189 @strong{Portability Note:} Older systems do not have file IDs.
190 To determine if a system has this feature, you can test the compiler
191 define @code{_POSIX_SAVED_IDS}. (In the POSIX standard, file IDs are
194 @xref{File Attributes}, for a more general discussion of file modes and
197 @node Reading Persona
198 @section Reading the Persona of a Process
200 Here are detailed descriptions of the functions for reading the user and
201 group IDs of a process, both real and effective. To use these
202 facilities, you must include the header files @file{sys/types.h} and
209 @deftp {Data Type} uid_t
210 This is an integer data type used to represent user IDs. In
211 @theglibc{}, this is an alias for @code{unsigned int}.
216 @deftp {Data Type} gid_t
217 This is an integer data type used to represent group IDs. In
218 @theglibc{}, this is an alias for @code{unsigned int}.
223 @deftypefun uid_t getuid (void)
224 @safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}}
225 @c Atomic syscall, except on hurd, where it takes a lock within a hurd
227 The @code{getuid} function returns the real user ID of the process.
232 @deftypefun gid_t getgid (void)
233 @safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}}
234 The @code{getgid} function returns the real group ID of the process.
239 @deftypefun uid_t geteuid (void)
240 @safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}}
241 The @code{geteuid} function returns the effective user ID of the process.
246 @deftypefun gid_t getegid (void)
247 @safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}}
248 The @code{getegid} function returns the effective group ID of the process.
253 @deftypefun int getgroups (int @var{count}, gid_t *@var{groups})
254 @safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}}
255 The @code{getgroups} function is used to inquire about the supplementary
256 group IDs of the process. Up to @var{count} of these group IDs are
257 stored in the array @var{groups}; the return value from the function is
258 the number of group IDs actually stored. If @var{count} is smaller than
259 the total number of supplementary group IDs, then @code{getgroups}
260 returns a value of @code{-1} and @code{errno} is set to @code{EINVAL}.
262 If @var{count} is zero, then @code{getgroups} just returns the total
263 number of supplementary group IDs. On systems that do not support
264 supplementary groups, this will always be zero.
266 Here's how to use @code{getgroups} to read all the supplementary group
272 read_all_groups (void)
274 int ngroups = getgroups (0, NULL);
276 = (gid_t *) xmalloc (ngroups * sizeof (gid_t));
277 int val = getgroups (ngroups, groups);
289 @node Setting User ID
290 @section Setting the User ID
292 This section describes the functions for altering the user ID (real
293 and/or effective) of a process. To use these facilities, you must
294 include the header files @file{sys/types.h} and @file{unistd.h}.
300 @deftypefun int seteuid (uid_t @var{neweuid})
301 @safety{@prelim{}@mtsafe{}@asunsafe{@asulock{}}@acunsafe{@aculock{}}}
302 @c seteuid @asulock @aculock
303 @c INLINE_SETXID_SYSCALL @asulock @aculock
304 @c This may be just a unix syscall, or the ugliness below used by
305 @c nptl to propagate the syscall to all cloned processes used to
306 @c implement threads.
307 @c nptl_setxid @asulock @aculock
308 @c while holding the stack_alloc_lock, mark with SETXID_BITMASK all
309 @c threads that are not exiting, signal them until no thread remains
310 @c marked, clear the marks and run the syscall, then release the lock.
311 @c lll_lock @asulock @aculock
314 @c setxid_mark_thread ok
315 @c if a thread is initializing, wait for it to be cloned.
316 @c mark it with SETXID_BITMASK if it's not exiting
317 @c setxid_signal_thread ok
318 @c if a thread is marked with SETXID_BITMASK,
319 @c send it the SIGSETXID signal
320 @c setxid_unmark_thread ok
321 @c clear SETXID_BITMASK and release the futex if SETXID_BITMASK is
324 @c lll_unlock @aculock
326 @c sighandler_setxid ok
327 @c issue the syscall, clear SETXID_BITMASK, release the futex, and
328 @c wake up the signaller loop if the counter reached zero.
329 This function sets the effective user ID of a process to @var{neweuid},
330 provided that the process is allowed to change its effective user ID. A
331 privileged process (effective user ID zero) can change its effective
332 user ID to any legal value. An unprivileged process with a file user ID
333 can change its effective user ID to its real user ID or to its file user
334 ID. Otherwise, a process may not change its effective user ID at all.
336 The @code{seteuid} function returns a value of @code{0} to indicate
337 successful completion, and a value of @code{-1} to indicate an error.
338 The following @code{errno} error conditions are defined for this
343 The value of the @var{neweuid} argument is invalid.
346 The process may not change to the specified ID.
349 Older systems (those without the @code{_POSIX_SAVED_IDS} feature) do not
355 @deftypefun int setuid (uid_t @var{newuid})
356 @safety{@prelim{}@mtsafe{}@asunsafe{@asulock{}}@acunsafe{@aculock{}}}
357 @c setuid @asulock @aculock
358 @c INLINE_SETXID_SYSCALL dup @asulock @aculock
359 If the calling process is privileged, this function sets both the real
360 and effective user IDs of the process to @var{newuid}. It also deletes
361 the file user ID of the process, if any. @var{newuid} may be any
362 legal value. (Once this has been done, there is no way to recover the
363 old effective user ID.)
365 If the process is not privileged, and the system supports the
366 @code{_POSIX_SAVED_IDS} feature, then this function behaves like
369 The return values and error conditions are the same as for @code{seteuid}.
374 @deftypefun int setreuid (uid_t @var{ruid}, uid_t @var{euid})
375 @safety{@prelim{}@mtsafe{}@asunsafe{@asulock{}}@acunsafe{@aculock{}}}
376 @c setreuid @asulock @aculock
377 @c INLINE_SETXID_SYSCALL dup @asulock @aculock
378 This function sets the real user ID of the process to @var{ruid} and the
379 effective user ID to @var{euid}. If @var{ruid} is @code{-1}, it means
380 not to change the real user ID; likewise if @var{euid} is @code{-1}, it
381 means not to change the effective user ID.
383 The @code{setreuid} function exists for compatibility with 4.3 BSD Unix,
384 which does not support file IDs. You can use this function to swap the
385 effective and real user IDs of the process. (Privileged processes are
386 not limited to this particular usage.) If file IDs are supported, you
387 should use that feature instead of this function. @xref{Enable/Disable
390 The return value is @code{0} on success and @code{-1} on failure.
391 The following @code{errno} error conditions are defined for this
396 The process does not have the appropriate privileges; you do not
397 have permission to change to the specified ID.
402 @section Setting the Group IDs
404 This section describes the functions for altering the group IDs (real
405 and effective) of a process. To use these facilities, you must include
406 the header files @file{sys/types.h} and @file{unistd.h}.
412 @deftypefun int setegid (gid_t @var{newgid})
413 @safety{@prelim{}@mtsafe{}@asunsafe{@asulock{}}@acunsafe{@aculock{}}}
414 @c setegid @asulock @aculock
415 @c INLINE_SETXID_SYSCALL dup @asulock @aculock
416 This function sets the effective group ID of the process to
417 @var{newgid}, provided that the process is allowed to change its group
418 ID. Just as with @code{seteuid}, if the process is privileged it may
419 change its effective group ID to any value; if it isn't, but it has a
420 file group ID, then it may change to its real group ID or file group ID;
421 otherwise it may not change its effective group ID.
423 Note that a process is only privileged if its effective @emph{user} ID
424 is zero. The effective group ID only affects access permissions.
426 The return values and error conditions for @code{setegid} are the same
427 as those for @code{seteuid}.
429 This function is only present if @code{_POSIX_SAVED_IDS} is defined.
434 @deftypefun int setgid (gid_t @var{newgid})
435 @safety{@prelim{}@mtsafe{}@asunsafe{@asulock{}}@acunsafe{@aculock{}}}
436 @c setgid @asulock @aculock
437 @c INLINE_SETXID_SYSCALL dup @asulock @aculock
438 This function sets both the real and effective group ID of the process
439 to @var{newgid}, provided that the process is privileged. It also
440 deletes the file group ID, if any.
442 If the process is not privileged, then @code{setgid} behaves like
445 The return values and error conditions for @code{setgid} are the same
446 as those for @code{seteuid}.
451 @deftypefun int setregid (gid_t @var{rgid}, gid_t @var{egid})
452 @safety{@prelim{}@mtsafe{}@asunsafe{@asulock{}}@acunsafe{@aculock{}}}
453 @c setregid @asulock @aculock
454 @c INLINE_SETXID_SYSCALL dup @asulock @aculock
455 This function sets the real group ID of the process to @var{rgid} and
456 the effective group ID to @var{egid}. If @var{rgid} is @code{-1}, it
457 means not to change the real group ID; likewise if @var{egid} is
458 @code{-1}, it means not to change the effective group ID.
460 The @code{setregid} function is provided for compatibility with 4.3 BSD
461 Unix, which does not support file IDs. You can use this function to
462 swap the effective and real group IDs of the process. (Privileged
463 processes are not limited to this usage.) If file IDs are supported,
464 you should use that feature instead of using this function.
465 @xref{Enable/Disable Setuid}.
467 The return values and error conditions for @code{setregid} are the same
468 as those for @code{setreuid}.
471 @code{setuid} and @code{setgid} behave differently depending on whether
472 the effective user ID at the time is zero. If it is not zero, they
473 behave like @code{seteuid} and @code{setegid}. If it is, they change
474 both effective and real IDs and delete the file ID. To avoid confusion,
475 we recommend you always use @code{seteuid} and @code{setegid} except
476 when you know the effective user ID is zero and your intent is to change
477 the persona permanently. This case is rare---most of the programs that
478 need it, such as @code{login} and @code{su}, have already been written.
480 Note that if your program is setuid to some user other than @code{root},
481 there is no way to drop privileges permanently.
483 The system also lets privileged processes change their supplementary
484 group IDs. To use @code{setgroups} or @code{initgroups}, your programs
485 should include the header file @file{grp.h}.
490 @deftypefun int setgroups (size_t @var{count}, const gid_t *@var{groups})
491 @safety{@prelim{}@mtsafe{}@asunsafe{@asulock{}}@acunsafe{@aculock{}}}
492 @c setgroups @asulock @aculock
493 @c INLINE_SETXID_SYSCALL dup @asulock @aculock
494 This function sets the process's supplementary group IDs. It can only
495 be called from privileged processes. The @var{count} argument specifies
496 the number of group IDs in the array @var{groups}.
498 This function returns @code{0} if successful and @code{-1} on error.
499 The following @code{errno} error conditions are defined for this
504 The calling process is not privileged.
510 @deftypefun int initgroups (const char *@var{user}, gid_t @var{group})
511 @safety{@prelim{}@mtsafe{@mtslocale{}}@asunsafe{@ascudlopen{} @ascuplugin{} @ascuheap{} @asulock{}}@acunsafe{@acucorrupt{} @acsmem{} @acsfd{} @aculock{}}}
512 @c initgroups @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
513 @c sysconf(_SC_NGROUPS_MAX) dup @acsfd
515 @c malloc @ascuheap @acsmem
516 @c internal_getgrouplist @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
517 @c nscd_getgrouplist @ascuheap @acsfd @acsmem
518 @c nscd_get_map_ref dup @ascuheap @acsfd @acsmem
519 @c nscd_cache_search dup ok
520 @c nscd_open_socket dup @acsfd
521 @c realloc dup @ascuheap @acsmem
524 @c close_not_cancel_no_status dup @acsfd
525 @c nscd_drop_map_ref dup @ascuheap @acsmem
526 @c nscd_unmap dup @ascuheap @acsmem
527 @c nss_database_lookup dup @mtslocale @ascuheap @asulock @acucorrupt @acsmem @acsfd @aculock
528 @c nss_lookup_function dup @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
529 @c compat_call @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
530 @c sysconf(_SC_GETGR_R_SIZE_MAX) ok
531 @c nss_lookup_function dup @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
532 @c *getgrent_fct @ascuplugin
533 @c *setgrent_fct @ascuplugin
534 @c *endgrent_fct @ascuplugin
535 @c realloc dup @ascuheap @acsmem
536 @c free dup @ascuheap @acsmem
537 @c *initgroups_dyn_fct @ascuplugin
538 @c nss_next_action dup ok
539 @c setgroups dup @asulock @aculock
540 @c free dup @ascuheap @acsmem
541 The @code{initgroups} function sets the process's supplementary group
542 IDs to be the normal default for the user name @var{user}. The group
543 @var{group} is automatically included.
545 This function works by scanning the group database for all the groups
546 @var{user} belongs to. It then calls @code{setgroups} with the list it
549 The return values and error conditions are the same as for
553 If you are interested in the groups a particular user belongs to, but do
554 not want to change the process's supplementary group IDs, you can use
555 @code{getgrouplist}. To use @code{getgrouplist}, your programs should
556 include the header file @file{grp.h}.
561 @deftypefun int getgrouplist (const char *@var{user}, gid_t @var{group}, gid_t *@var{groups}, int *@var{ngroups})
562 @safety{@prelim{}@mtsafe{@mtslocale{}}@asunsafe{@ascudlopen{} @ascuplugin{} @ascuheap{} @asulock{}}@acunsafe{@acucorrupt{} @acsmem{} @acsfd{} @aculock{}}}
563 @c getgrouplist @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
565 @c malloc dup @ascuheap @acsmem
566 @c internal_getgrouplist dup @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
568 @c free dup @ascuheap @acsmem
569 The @code{getgrouplist} function scans the group database for all the
570 groups @var{user} belongs to. Up to *@var{ngroups} group IDs
571 corresponding to these groups are stored in the array @var{groups}; the
572 return value from the function is the number of group IDs actually
573 stored. If *@var{ngroups} is smaller than the total number of groups
574 found, then @code{getgrouplist} returns a value of @code{-1} and stores
575 the actual number of groups in *@var{ngroups}. The group @var{group} is
576 automatically included in the list of groups returned by
579 Here's how to use @code{getgrouplist} to read all supplementary groups
585 supplementary_groups (char *user)
589 = (gid_t *) xmalloc (ngroups * sizeof (gid_t));
590 struct passwd *pw = getpwnam (user);
595 if (getgrouplist (pw->pw_name, pw->pw_gid, groups, &ngroups) < 0)
597 groups = xrealloc (ngroups * sizeof (gid_t));
598 getgrouplist (pw->pw_name, pw->pw_gid, groups, &ngroups);
606 @node Enable/Disable Setuid
607 @section Enabling and Disabling Setuid Access
609 A typical setuid program does not need its special access all of the
610 time. It's a good idea to turn off this access when it isn't needed,
611 so it can't possibly give unintended access.
613 If the system supports the @code{_POSIX_SAVED_IDS} feature, you can
614 accomplish this with @code{seteuid}. When the game program starts, its
615 real user ID is @code{jdoe}, its effective user ID is @code{games}, and
616 its saved user ID is also @code{games}. The program should record both
617 user ID values once at the beginning, like this:
620 user_user_id = getuid ();
621 game_user_id = geteuid ();
624 Then it can turn off game file access with
627 seteuid (user_user_id);
634 seteuid (game_user_id);
638 Throughout this process, the real user ID remains @code{jdoe} and the
639 file user ID remains @code{games}, so the program can always set its
640 effective user ID to either one.
642 On other systems that don't support file user IDs, you can
643 turn setuid access on and off by using @code{setreuid} to swap the real
644 and effective user IDs of the process, as follows:
647 setreuid (geteuid (), getuid ());
651 This special case is always allowed---it cannot fail.
653 Why does this have the effect of toggling the setuid access? Suppose a
654 game program has just started, and its real user ID is @code{jdoe} while
655 its effective user ID is @code{games}. In this state, the game can
656 write the scores file. If it swaps the two uids, the real becomes
657 @code{games} and the effective becomes @code{jdoe}; now the program has
658 only @code{jdoe} access. Another swap brings @code{games} back to
659 the effective user ID and restores access to the scores file.
661 In order to handle both kinds of systems, test for the saved user ID
662 feature with a preprocessor conditional, like this:
665 #ifdef _POSIX_SAVED_IDS
666 seteuid (user_user_id);
668 setreuid (geteuid (), getuid ());
672 @node Setuid Program Example
673 @section Setuid Program Example
675 Here's an example showing how to set up a program that changes its
678 This is part of a game program called @code{caber-toss} that manipulates
679 a file @file{scores} that should be writable only by the game program
680 itself. The program assumes that its executable file will be installed
681 with the setuid bit set and owned by the same user as the @file{scores}
682 file. Typically, a system administrator will set up an account like
683 @code{games} for this purpose.
685 The executable file is given mode @code{4755}, so that doing an
686 @samp{ls -l} on it produces output like:
689 -rwsr-xr-x 1 games 184422 Jul 30 15:17 caber-toss
693 The setuid bit shows up in the file modes as the @samp{s}.
695 The scores file is given mode @code{644}, and doing an @samp{ls -l} on
699 -rw-r--r-- 1 games 0 Jul 31 15:33 scores
702 Here are the parts of the program that show how to set up the changed
703 user ID. This program is conditionalized so that it makes use of the
704 file IDs feature if it is supported, and otherwise uses @code{setreuid}
705 to swap the effective and real user IDs.
709 #include <sys/types.h>
714 /* @r{Remember the effective and real UIDs.} */
716 static uid_t euid, ruid;
719 /* @r{Restore the effective UID to its original value.} */
726 #ifdef _POSIX_SAVED_IDS
727 status = seteuid (euid);
729 status = setreuid (ruid, euid);
732 fprintf (stderr, "Couldn't set uid.\n");
739 /* @r{Set the effective UID to the real UID.} */
746 #ifdef _POSIX_SAVED_IDS
747 status = seteuid (ruid);
749 status = setreuid (euid, ruid);
752 fprintf (stderr, "Couldn't set uid.\n");
758 /* @r{Main program.} */
763 /* @r{Remember the real and effective user IDs.} */
768 /* @r{Do the game and record the score.} */
773 Notice how the first thing the @code{main} function does is to set the
774 effective user ID back to the real user ID. This is so that any other
775 file accesses that are performed while the user is playing the game use
776 the real user ID for determining permissions. Only when the program
777 needs to open the scores file does it switch back to the file user ID,
781 /* @r{Record the score.} */
784 record_score (int score)
789 /* @r{Open the scores file.} */
791 stream = fopen (SCORES_FILE, "a");
795 /* @r{Write the score to the file.} */
798 myname = cuserid (NULL);
800 fprintf (stream, "%10s: Couldn't lift the caber.\n", myname);
802 fprintf (stream, "%10s: %d feet.\n", myname, score);
812 @node Tips for Setuid
813 @section Tips for Writing Setuid Programs
815 It is easy for setuid programs to give the user access that isn't
816 intended---in fact, if you want to avoid this, you need to be careful.
817 Here are some guidelines for preventing unintended access and
818 minimizing its consequences when it does occur:
822 Don't have @code{setuid} programs with privileged user IDs such as
823 @code{root} unless it is absolutely necessary. If the resource is
824 specific to your particular program, it's better to define a new,
825 nonprivileged user ID or group ID just to manage that resource.
826 It's better if you can write your program to use a special group than a
830 Be cautious about using the @code{exec} functions in combination with
831 changing the effective user ID. Don't let users of your program execute
832 arbitrary programs under a changed user ID. Executing a shell is
833 especially bad news. Less obviously, the @code{execlp} and @code{execvp}
834 functions are a potential risk (since the program they execute depends
835 on the user's @code{PATH} environment variable).
837 If you must @code{exec} another program under a changed ID, specify an
838 absolute file name (@pxref{File Name Resolution}) for the executable,
839 and make sure that the protections on that executable and @emph{all}
840 containing directories are such that ordinary users cannot replace it
841 with some other program.
843 You should also check the arguments passed to the program to make sure
844 they do not have unexpected effects. Likewise, you should examine the
845 environment variables. Decide which arguments and variables are safe,
846 and reject all others.
848 You should never use @code{system} in a privileged program, because it
852 Only use the user ID controlling the resource in the part of the program
853 that actually uses that resource. When you're finished with it, restore
854 the effective user ID back to the actual user's user ID.
855 @xref{Enable/Disable Setuid}.
858 If the @code{setuid} part of your program needs to access other files
859 besides the controlled resource, it should verify that the real user
860 would ordinarily have permission to access those files. You can use the
861 @code{access} function (@pxref{Access Permission}) to check this; it
862 uses the real user and group IDs, rather than the effective IDs.
866 @section Identifying Who Logged In
867 @cindex login name, determining
868 @cindex user ID, determining
870 You can use the functions listed in this section to determine the login
871 name of the user who is running a process, and the name of the user who
872 logged in the current session. See also the function @code{getuid} and
873 friends (@pxref{Reading Persona}). How this information is collected by
874 the system and how to control/add/remove information from the background
875 storage is described in @ref{User Accounting Database}.
877 The @code{getlogin} function is declared in @file{unistd.h}, while
878 @code{cuserid} and @code{L_cuserid} are declared in @file{stdio.h}.
884 @deftypefun {char *} getlogin (void)
885 @safety{@prelim{}@mtunsafe{@mtasurace{:getlogin} @mtasurace{:utent} @mtascusig{:ALRM} @mtascutimer{} @mtslocale{}}@asunsafe{@ascudlopen{} @ascuplugin{} @ascuheap{} @asulock{}}@acunsafe{@acucorrupt{} @aculock{} @acsfd{} @acsmem{}}}
886 @c getlogin (linux) @mtasurace:getlogin @mtasurace:utent @mtascusig:ALRM @mtascutimer @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
887 @c getlogin_r_loginuid dup @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
888 @c getlogin_fd0 (unix) @mtasurace:getlogin @mtasurace:utent @mtascusig:ALRM @mtascutimer @ascuheap @asulock @aculock @acsfd @acsmem
889 @c uses static buffer name => @mtasurace:getlogin
890 @c ttyname_r dup @ascuheap @acsmem @acsfd
892 @c setutent dup @mtasurace:utent @asulock @aculock @acsfd
893 @c getutline_r dup @mtasurace:utent @mtascusig:ALRM @mtascutimer @asulock @aculock @acsfd
894 @c endutent dup @mtasurace:utent @asulock @aculock
895 @c libc_lock_unlock dup ok
899 @c getlogin_r (linux) @mtasurace:utent @mtascusig:ALRM @mtascutimer @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
900 @c getlogin_r_loginuid @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
901 @c open_not_cancel_2 dup @acsfd
902 @c read_not_cancel dup ok
903 @c close_not_cancel_no_status dup @acsfd
904 @c strtoul @mtslocale
905 @c getpwuid_r dup @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
906 @c realloc dup @asulock @aculock @acsfd @acsmem
909 @c free dup @asulock @aculock @acsfd @acsmem
910 @c getlogin_r_fd0 (unix) @mtasurace:utent @mtascusig:ALRM @mtascutimer @ascuheap @asulock @aculock @acsmem @acsfd
911 @c ttyname_r dup @ascuheap @acsmem @acsfd
913 @c libc_lock_lock dup @asulock @aculock
914 @c *libc_utmp_jump_table->setutent dup @mtasurace:utent @acsfd
915 @c *libc_utmp_jump_table->getutline_r dup @mtasurace:utent @mtascusig:ALRM @mtascutimer
916 @c *libc_utmp_jump_table->endutent dup @mtasurace:utent @asulock @aculock
917 @c libc_lock_unlock dup ok
920 The @code{getlogin} function returns a pointer to a string containing the
921 name of the user logged in on the controlling terminal of the process,
922 or a null pointer if this information cannot be determined. The string
923 is statically allocated and might be overwritten on subsequent calls to
924 this function or to @code{cuserid}.
929 @deftypefun {char *} cuserid (char *@var{string})
930 @safety{@prelim{}@mtunsafe{@mtasurace{:cuserid/!string} @mtslocale{}}@asunsafe{@ascudlopen{} @ascuplugin{} @ascuheap{} @asulock{}}@acunsafe{@acucorrupt{} @aculock{} @acsfd{} @acsmem{}}}
931 @c cuserid @mtasurace:cuserid/!string @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
932 @c if string is NULL, cuserid will overwrite and return a static buffer
934 @c getpwuid_r dup @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
936 The @code{cuserid} function returns a pointer to a string containing a
937 user name associated with the effective ID of the process. If
938 @var{string} is not a null pointer, it should be an array that can hold
939 at least @code{L_cuserid} characters; the string is returned in this
940 array. Otherwise, a pointer to a string in a static area is returned.
941 This string is statically allocated and might be overwritten on
942 subsequent calls to this function or to @code{getlogin}.
944 The use of this function is deprecated since it is marked to be
945 withdrawn in XPG4.2 and has already been removed from newer revisions of
951 @deftypevr Macro int L_cuserid
952 An integer constant that indicates how long an array you might need to
956 These functions let your program identify positively the user who is
957 running or the user who logged in this session. (These can differ when
958 setuid programs are involved; see @ref{Process Persona}.) The user cannot
959 do anything to fool these functions.
961 For most purposes, it is more useful to use the environment variable
962 @code{LOGNAME} to find out who the user is. This is more flexible
963 precisely because the user can set @code{LOGNAME} arbitrarily.
964 @xref{Standard Environment}.
967 @node User Accounting Database
968 @section The User Accounting Database
969 @cindex user accounting database
971 Most Unix-like operating systems keep track of logged in users by
972 maintaining a user accounting database. This user accounting database
973 stores for each terminal, who has logged on, at what time, the process
974 ID of the user's login shell, etc., etc., but also stores information
975 about the run level of the system, the time of the last system reboot,
978 The user accounting database typically lives in @file{/etc/utmp},
979 @file{/var/adm/utmp} or @file{/var/run/utmp}. However, these files
980 should @strong{never} be accessed directly. For reading information
981 from and writing information to the user accounting database, the
982 functions described in this section should be used.
986 * Manipulating the Database:: Scanning and modifying the user
988 * XPG Functions:: A standardized way for doing the same thing.
989 * Logging In and Out:: Functions from BSD that modify the user
993 @node Manipulating the Database
994 @subsection Manipulating the User Accounting Database
996 These functions and the corresponding data structures are declared in
997 the header file @file{utmp.h}.
1002 @deftp {Data Type} {struct exit_status}
1003 The @code{exit_status} data structure is used to hold information about
1004 the exit status of processes marked as @code{DEAD_PROCESS} in the user
1005 accounting database.
1008 @item short int e_termination
1009 The exit status of the process.
1011 @item short int e_exit
1012 The exit status of the process.
1016 @deftp {Data Type} {struct utmp}
1017 The @code{utmp} data structure is used to hold information about entries
1018 in the user accounting database. On @gnusystems{} it has the following
1022 @item short int ut_type
1023 Specifies the type of login; one of @code{EMPTY}, @code{RUN_LVL},
1024 @code{BOOT_TIME}, @code{OLD_TIME}, @code{NEW_TIME}, @code{INIT_PROCESS},
1025 @code{LOGIN_PROCESS}, @code{USER_PROCESS}, @code{DEAD_PROCESS} or
1029 The process ID number of the login process.
1031 @item char ut_line[]
1032 The device name of the tty (without @file{/dev/}).
1035 The inittab ID of the process.
1037 @item char ut_user[]
1038 The user's login name.
1040 @item char ut_host[]
1041 The name of the host from which the user logged in.
1043 @item struct exit_status ut_exit
1044 The exit status of a process marked as @code{DEAD_PROCESS}.
1046 @item long ut_session
1047 The Session ID, used for windowing.
1049 @item struct timeval ut_tv
1050 Time the entry was made. For entries of type @code{OLD_TIME} this is
1051 the time when the system clock changed, and for entries of type
1052 @code{NEW_TIME} this is the time the system clock was set to.
1054 @item int32_t ut_addr_v6[4]
1055 The Internet address of a remote host.
1059 The @code{ut_type}, @code{ut_pid}, @code{ut_id}, @code{ut_tv}, and
1060 @code{ut_host} fields are not available on all systems. Portable
1061 applications therefore should be prepared for these situations. To help
1062 do this the @file{utmp.h} header provides macros
1063 @code{_HAVE_UT_TYPE}, @code{_HAVE_UT_PID}, @code{_HAVE_UT_ID},
1064 @code{_HAVE_UT_TV}, and @code{_HAVE_UT_HOST} if the respective field is
1065 available. The programmer can handle the situations by using
1066 @code{#ifdef} in the program code.
1068 The following macros are defined for use as values for the
1069 @code{ut_type} member of the @code{utmp} structure. The values are
1076 This macro is used to indicate that the entry contains no valid user
1077 accounting information.
1082 This macro is used to identify the system's runlevel.
1087 This macro is used to identify the time of system boot.
1092 This macro is used to identify the time when the system clock changed.
1097 This macro is used to identify the time after the system clock changed.
1102 This macro is used to identify a process spawned by the init process.
1107 This macro is used to identify the session leader of a logged in user.
1112 This macro is used to identify a user process.
1117 This macro is used to identify a terminated process.
1125 The size of the @code{ut_line}, @code{ut_id}, @code{ut_user} and
1126 @code{ut_host} arrays can be found using the @code{sizeof} operator.
1128 Many older systems have, instead of an @code{ut_tv} member, an
1129 @code{ut_time} member, usually of type @code{time_t}, for representing
1130 the time associated with the entry. Therefore, for backwards
1131 compatibility only, @file{utmp.h} defines @code{ut_time} as an alias for
1132 @code{ut_tv.tv_sec}.
1136 @deftypefun void setutent (void)
1137 @safety{@prelim{}@mtunsafe{@mtasurace{:utent}}@asunsafe{@asulock{}}@acunsafe{@aculock{} @acsfd{}}}
1138 @c Besides the static variables in utmp_file.c, there's the jump_table.
1139 @c They're both modified while holding a lock, but other threads may
1140 @c cause the variables to be modified between calling this function and
1141 @c others that rely on the internal state it sets up.
1143 @c setutent @mtasurace:utent @asulock @aculock @acsfd
1144 @c libc_lock_lock dup @asulock @aculock
1145 @c *libc_utmp_jump_table->setutent @mtasurace:utent @acsfd
1146 @c setutent_unknown @mtasurace:utent @acsfd
1147 @c *libc_utmp_file_functions.setutent = setutent_file @mtasurace:utent @acsfd
1148 @c open_not_cancel_2 dup @acsfd
1149 @c fcntl_not_cancel dup ok
1150 @c close_not_cancel_no_status dup @acsfd
1152 @c libc_lock_unlock dup ok
1153 This function opens the user accounting database to begin scanning it.
1154 You can then call @code{getutent}, @code{getutid} or @code{getutline} to
1155 read entries and @code{pututline} to write entries.
1157 If the database is already open, it resets the input to the beginning of
1163 @deftypefun {struct utmp *} getutent (void)
1164 @safety{@prelim{}@mtunsafe{@mtuinit{} @mtasurace{:utent} @mtasurace{:utentbuf} @mtascusig{:ALRM} @mtascutimer{}}@asunsafe{@ascuheap{} @asulock{}}@acunsafe{@aculock{} @acsfd{} @acsmem{}}}
1165 @c The static buffer that holds results is allocated with malloc at
1166 @c the first call; the test is not thread-safe, so multiple concurrent
1167 @c calls could malloc multiple buffers.
1169 @c getutent @mtuinit @mtasurace:utent @mtasurace:utentbuf @mtascusig:ALRM @mtascutimer @ascuheap @asulock @aculock @acsfd @acsmem
1170 @c malloc @asulock @aculock @acsfd @acsmem
1171 @c getutent_r dup @mtasurace:utent @mtascusig:ALRM @mtascutimer @asulock @aculock @acsfd
1172 The @code{getutent} function reads the next entry from the user
1173 accounting database. It returns a pointer to the entry, which is
1174 statically allocated and may be overwritten by subsequent calls to
1175 @code{getutent}. You must copy the contents of the structure if you
1176 wish to save the information or you can use the @code{getutent_r}
1177 function which stores the data in a user-provided buffer.
1179 A null pointer is returned in case no further entry is available.
1184 @deftypefun void endutent (void)
1185 @safety{@prelim{}@mtunsafe{@mtasurace{:utent}}@asunsafe{@asulock{}}@acunsafe{@aculock{} @acsfd{}}}
1186 @c endutent @mtasurace:utent @asulock @aculock @acsfd
1187 @c libc_lock_lock dup @asulock @aculock
1188 @c *libc_utmp_jump_table->endutent @mtasurace:utent @acsfd
1189 @c endutent_unknown ok
1190 @c endutent_file @mtasurace:utent @acsfd
1191 @c close_not_cancel_no_status dup @acsfd
1192 @c libc_lock_unlock dup ok
1193 This function closes the user accounting database.
1198 @deftypefun {struct utmp *} getutid (const struct utmp *@var{id})
1199 @safety{@prelim{}@mtunsafe{@mtuinit{} @mtasurace{:utent} @mtascusig{:ALRM} @mtascutimer{}}@asunsafe{@asulock{} @ascuheap{}}@acunsafe{@aculock{} @acsmem{} @acsfd{}}}
1200 @c Same caveats as getutline.
1202 @c getutid @mtuinit @mtasurace:utent @mtascusig:ALRM @mtascutimer @ascuheap @asulock @aculock @acsmem @acsfd
1203 @c uses a static buffer malloced on the first call
1204 @c malloc dup @ascuheap @acsmem
1205 @c getutid_r dup @mtasurace:utent @mtascusig:ALRM @mtascutimer @asulock @aculock @acsfd
1206 This function searches forward from the current point in the database
1207 for an entry that matches @var{id}. If the @code{ut_type} member of the
1208 @var{id} structure is one of @code{RUN_LVL}, @code{BOOT_TIME},
1209 @code{OLD_TIME} or @code{NEW_TIME} the entries match if the
1210 @code{ut_type} members are identical. If the @code{ut_type} member of
1211 the @var{id} structure is @code{INIT_PROCESS}, @code{LOGIN_PROCESS},
1212 @code{USER_PROCESS} or @code{DEAD_PROCESS}, the entries match if the
1213 @code{ut_type} member of the entry read from the database is one of
1214 these four, and the @code{ut_id} members match. However if the
1215 @code{ut_id} member of either the @var{id} structure or the entry read
1216 from the database is empty it checks if the @code{ut_line} members match
1217 instead. If a matching entry is found, @code{getutid} returns a pointer
1218 to the entry, which is statically allocated, and may be overwritten by a
1219 subsequent call to @code{getutent}, @code{getutid} or @code{getutline}.
1220 You must copy the contents of the structure if you wish to save the
1223 A null pointer is returned in case the end of the database is reached
1226 The @code{getutid} function may cache the last read entry. Therefore,
1227 if you are using @code{getutid} to search for multiple occurrences, it
1228 is necessary to zero out the static data after each call. Otherwise
1229 @code{getutid} could just return a pointer to the same entry over and
1235 @deftypefun {struct utmp *} getutline (const struct utmp *@var{line})
1236 @safety{@prelim{}@mtunsafe{@mtuinit{} @mtasurace{:utent} @mtascusig{:ALRM} @mtascutimer{}}@asunsafe{@ascuheap{} @asulock{}}@acunsafe{@aculock{} @acsfd{} @acsmem{}}}
1237 @c The static buffer that holds results is allocated with malloc at
1238 @c the first call; the test is not thread-safe, so multiple concurrent
1239 @c calls could malloc multiple buffers.
1241 @c getutline @mtuinit @mtasurace:utent @mtascusig:ALRM @mtascutimer @ascuheap @asulock @aculock @acsfd @acsmem
1242 @c malloc @asulock @aculock @acsfd @acsmem
1243 @c getutline_r dup @mtasurace:utent @mtascusig:ALRM @mtascutimer @asulock @aculock @acsfd
1244 This function searches forward from the current point in the database
1245 until it finds an entry whose @code{ut_type} value is
1246 @code{LOGIN_PROCESS} or @code{USER_PROCESS}, and whose @code{ut_line}
1247 member matches the @code{ut_line} member of the @var{line} structure.
1248 If it finds such an entry, it returns a pointer to the entry which is
1249 statically allocated, and may be overwritten by a subsequent call to
1250 @code{getutent}, @code{getutid} or @code{getutline}. You must copy the
1251 contents of the structure if you wish to save the information.
1253 A null pointer is returned in case the end of the database is reached
1256 The @code{getutline} function may cache the last read entry. Therefore
1257 if you are using @code{getutline} to search for multiple occurrences, it
1258 is necessary to zero out the static data after each call. Otherwise
1259 @code{getutline} could just return a pointer to the same entry over and
1265 @deftypefun {struct utmp *} pututline (const struct utmp *@var{utmp})
1266 @safety{@prelim{}@mtunsafe{@mtasurace{:utent} @mtascusig{:ALRM} @mtascutimer{}}@asunsafe{@asulock{}}@acunsafe{@aculock{} @acsfd{}}}
1267 @c pututline @mtasurace:utent @mtascusig:ALRM @mtascutimer @asulock @aculock @acsfd
1268 @c libc_lock_lock dup @asulock @aculock
1269 @c *libc_utmp_jump_table->pututline @mtasurace:utent @mtascusig:ALRM @mtascutimer @acsfd
1270 @c pututline_unknown @mtasurace:utent @acsfd
1271 @c setutent_unknown dup @mtasurace:utent @acsfd
1272 @c pututline_file @mtascusig:ALRM @mtascutimer @acsfd
1273 @c TRANSFORM_UTMP_FILE_NAME ok
1276 @c open_not_cancel_2 dup @acsfd
1277 @c fcntl_not_cancel dup ok
1278 @c close_not_cancel_no_status dup @acsfd
1281 @c utmp_equal dup ok
1282 @c internal_getut_r dup @mtascusig:ALRM @mtascutimer
1283 @c LOCK_FILE dup @mtascusig:ALRM @mtasctimer
1284 @c LOCKING_FAILED dup ok
1285 @c ftruncate64 dup ok
1286 @c write_not_cancel dup ok
1287 @c UNLOCK_FILE dup @mtasctimer
1288 @c libc_lock_unlock dup @aculock
1289 The @code{pututline} function inserts the entry @code{*@var{utmp}} at
1290 the appropriate place in the user accounting database. If it finds that
1291 it is not already at the correct place in the database, it uses
1292 @code{getutid} to search for the position to insert the entry, however
1293 this will not modify the static structure returned by @code{getutent},
1294 @code{getutid} and @code{getutline}. If this search fails, the entry
1295 is appended to the database.
1297 The @code{pututline} function returns a pointer to a copy of the entry
1298 inserted in the user accounting database, or a null pointer if the entry
1299 could not be added. The following @code{errno} error conditions are
1300 defined for this function:
1304 The process does not have the appropriate privileges; you cannot modify
1305 the user accounting database.
1309 All the @code{get*} functions mentioned before store the information
1310 they return in a static buffer. This can be a problem in multi-threaded
1311 programs since the data returned for the request is overwritten by the
1312 return value data in another thread. Therefore @theglibc{}
1313 provides as extensions three more functions which return the data in a
1314 user-provided buffer.
1318 @deftypefun int getutent_r (struct utmp *@var{buffer}, struct utmp **@var{result})
1319 @safety{@prelim{}@mtunsafe{@mtasurace{:utent} @mtascusig{:ALRM} @mtascutimer{}}@asunsafe{@asulock{}}@acunsafe{@aculock{} @acsfd{}}}
1320 @c getutent_r @mtasurace:utent @mtascusig:ALRM @mtascutimer @asulock @aculock @acsfd
1321 @c libc_lock_lock dup @asulock @aculock
1322 @c *libc_utmp_jump_table->getutent_r @mtasurace:utent @mtascusig:ALRM @mtascutimer @acsfd
1323 @c getutent_r_unknown @mtasurace:utent @acsfd
1324 @c setutent_unknown dup @mtasurace:utent @acsfd
1325 @c getutent_r_file @mtasurace:utent @mtascusig:ALRM @mtascutimer
1326 @c LOCK_FILE @mtascusig:ALRM @mtascutimer
1327 @c alarm dup @mtascutimer
1328 @c sigemptyset dup ok
1331 @c fcntl_not_cancel dup ok
1332 @c LOCKING_FAILED ok
1333 @c read_not_cancel dup ok
1334 @c UNLOCK_FILE @mtascutimer
1335 @c fcntl_not_cancel dup ok
1336 @c alarm dup @mtascutimer
1339 @c libc_lock_unlock dup ok
1340 The @code{getutent_r} is equivalent to the @code{getutent} function. It
1341 returns the next entry from the database. But instead of storing the
1342 information in a static buffer it stores it in the buffer pointed to by
1343 the parameter @var{buffer}.
1345 If the call was successful, the function returns @code{0} and the
1346 pointer variable pointed to by the parameter @var{result} contains a
1347 pointer to the buffer which contains the result (this is most probably
1348 the same value as @var{buffer}). If something went wrong during the
1349 execution of @code{getutent_r} the function returns @code{-1}.
1351 This function is a GNU extension.
1356 @deftypefun int getutid_r (const struct utmp *@var{id}, struct utmp *@var{buffer}, struct utmp **@var{result})
1357 @safety{@prelim{}@mtunsafe{@mtasurace{:utent} @mtascusig{:ALRM} @mtascutimer{}}@asunsafe{@asulock{}}@acunsafe{@aculock{} @acsfd{}}}
1358 @c getutid_r @mtasurace:utent @mtascusig:ALRM @mtascutimer @asulock @aculock @acsfd
1359 @c libc_lock_lock dup @asulock @aculock
1360 @c *libc_utmp_jump_table->getutid_r @mtasurace:utent @mtascusig:ALRM @mtascutimer @acsfd
1361 @c getutid_r_unknown @mtasurace:utent @acsfd
1362 @c setutent_unknown dup @mtasurace:utent @acsfd
1363 @c getutid_r_file @mtascusig:ALRM @mtascutimer
1364 @c internal_getut_r @mtascusig:ALRM @mtascutimer
1365 @c LOCK_FILE dup @mtascusig:ALRM @mtascutimer
1366 @c LOCKING_FAILED dup ok
1367 @c read_not_cancel dup ok
1370 @c UNLOCK_FILE dup @mtascutimer
1372 @c libc_lock_unlock dup @aculock
1373 This function retrieves just like @code{getutid} the next entry matching
1374 the information stored in @var{id}. But the result is stored in the
1375 buffer pointed to by the parameter @var{buffer}.
1377 If successful the function returns @code{0} and the pointer variable
1378 pointed to by the parameter @var{result} contains a pointer to the
1379 buffer with the result (probably the same as @var{result}. If not
1380 successful the function return @code{-1}.
1382 This function is a GNU extension.
1387 @deftypefun int getutline_r (const struct utmp *@var{line}, struct utmp *@var{buffer}, struct utmp **@var{result})
1388 @safety{@prelim{}@mtunsafe{@mtasurace{:utent} @mtascusig{:ALRM} @mtascutimer{}}@asunsafe{@asulock{}}@acunsafe{@aculock{} @acsfd{}}}
1389 @c getutline_r @mtasurace:utent @mtascusig:ALRM @mtascutimer @asulock @aculock @acsfd
1390 @c libc_lock_lock dup @asulock @aculock
1391 @c *libc_utmp_jump_table->getutline_r @mtasurace:utent @mtascusig:ALRM @mtascutimer @acsfd
1392 @c getutline_r_unknown @mtasurace:utent @acsfd
1393 @c setutent_unknown dup @mtasurace:utent @acsfd
1394 @c getutline_r_file @mtasurace:utent @mtascusig:ALRM @mtascutimer
1395 @c LOCK_FILE @mtascusig:ALRM @mtascutimer
1396 @c alarm dup @mtascutimer
1397 @c sigemptyset dup ok
1400 @c fcntl_not_cancel dup ok
1401 @c LOCKING_FAILED ok
1402 @c read_not_cancel dup ok
1404 @c UNLOCK_FILE @mtascutimer
1405 @c fcntl_not_cancel dup ok
1406 @c alarm dup @mtascutimer
1409 @c libc_lock_unlock dup ok
1410 This function retrieves just like @code{getutline} the next entry
1411 matching the information stored in @var{line}. But the result is stored
1412 in the buffer pointed to by the parameter @var{buffer}.
1414 If successful the function returns @code{0} and the pointer variable
1415 pointed to by the parameter @var{result} contains a pointer to the
1416 buffer with the result (probably the same as @var{result}. If not
1417 successful the function return @code{-1}.
1419 This function is a GNU extension.
1423 In addition to the user accounting database, most systems keep a number
1424 of similar databases. For example most systems keep a log file with all
1425 previous logins (usually in @file{/etc/wtmp} or @file{/var/log/wtmp}).
1427 For specifying which database to examine, the following function should
1432 @deftypefun int utmpname (const char *@var{file})
1433 @safety{@prelim{}@mtunsafe{@mtasurace{:utent}}@asunsafe{@asulock{} @ascuheap{}}@acunsafe{@aculock{} @acsmem{}}}
1434 @c utmpname @mtasurace:utent @asulock @ascuheap @aculock @acsmem
1435 @c libc_lock_lock dup @asulock @aculock
1436 @c *libc_utmp_jump_table->endutent dup @mtasurace:utent
1438 @c free dup @ascuheap @acsmem
1439 @c strdup dup @ascuheap @acsmem
1440 @c libc_lock_unlock dup @aculock
1441 The @code{utmpname} function changes the name of the database to be
1442 examined to @var{file}, and closes any previously opened database. By
1443 default @code{getutent}, @code{getutid}, @code{getutline} and
1444 @code{pututline} read from and write to the user accounting database.
1446 The following macros are defined for use as the @var{file} argument:
1448 @deftypevr Macro {char *} _PATH_UTMP
1449 This macro is used to specify the user accounting database.
1452 @deftypevr Macro {char *} _PATH_WTMP
1453 This macro is used to specify the user accounting log file.
1456 The @code{utmpname} function returns a value of @code{0} if the new name
1457 was successfully stored, and a value of @code{-1} to indicate an error.
1458 Note that @code{utmpname} does not try to open the database, and that
1459 therefore the return value does not say anything about whether the
1460 database can be successfully opened.
1463 Specially for maintaining log-like databases @theglibc{} provides
1464 the following function:
1468 @deftypefun void updwtmp (const char *@var{wtmp_file}, const struct utmp *@var{utmp})
1469 @safety{@prelim{}@mtunsafe{@mtascusig{:ALRM} @mtascutimer{}}@asunsafe{}@acunsafe{@acsfd{}}}
1470 @c updwtmp @mtascusig:ALRM @mtascutimer @acsfd
1471 @c TRANSFORM_UTMP_FILE_NAME dup ok
1472 @c *libc_utmp_file_functions->updwtmp = updwtmp_file @mtascusig:ALRM @mtascutimer @acsfd
1473 @c open_not_cancel_2 dup @acsfd
1474 @c LOCK_FILE dup @mtascusig:ALRM @mtascutimer
1475 @c LOCKING_FAILED dup ok
1477 @c ftruncate64 dup ok
1478 @c write_not_cancel dup ok
1479 @c UNLOCK_FILE dup @mtascutimer
1480 @c close_not_cancel_no_status dup @acsfd
1481 The @code{updwtmp} function appends the entry *@var{utmp} to the
1482 database specified by @var{wtmp_file}. For possible values for the
1483 @var{wtmp_file} argument see the @code{utmpname} function.
1486 @strong{Portability Note:} Although many operating systems provide a
1487 subset of these functions, they are not standardized. There are often
1488 subtle differences in the return types, and there are considerable
1489 differences between the various definitions of @code{struct utmp}. When
1490 programming for @theglibc{}, it is probably best to stick
1491 with the functions described in this section. If however, you want your
1492 program to be portable, consider using the XPG functions described in
1493 @ref{XPG Functions}, or take a look at the BSD compatible functions in
1494 @ref{Logging In and Out}.
1498 @subsection XPG User Accounting Database Functions
1500 These functions, described in the X/Open Portability Guide, are declared
1501 in the header file @file{utmpx.h}.
1504 @deftp {Data Type} {struct utmpx}
1505 The @code{utmpx} data structure contains at least the following members:
1508 @item short int ut_type
1509 Specifies the type of login; one of @code{EMPTY}, @code{RUN_LVL},
1510 @code{BOOT_TIME}, @code{OLD_TIME}, @code{NEW_TIME}, @code{INIT_PROCESS},
1511 @code{LOGIN_PROCESS}, @code{USER_PROCESS} or @code{DEAD_PROCESS}.
1514 The process ID number of the login process.
1516 @item char ut_line[]
1517 The device name of the tty (without @file{/dev/}).
1520 The inittab ID of the process.
1522 @item char ut_user[]
1523 The user's login name.
1525 @item struct timeval ut_tv
1526 Time the entry was made. For entries of type @code{OLD_TIME} this is
1527 the time when the system clock changed, and for entries of type
1528 @code{NEW_TIME} this is the time the system clock was set to.
1530 In @theglibc{}, @code{struct utmpx} is identical to @code{struct
1531 utmp} except for the fact that including @file{utmpx.h} does not make
1532 visible the declaration of @code{struct exit_status}.
1535 The following macros are defined for use as values for the
1536 @code{ut_type} member of the @code{utmpx} structure. The values are
1537 integer constants and are, in @theglibc{}, identical to the
1538 definitions in @file{utmp.h}.
1544 This macro is used to indicate that the entry contains no valid user
1545 accounting information.
1550 This macro is used to identify the system's runlevel.
1555 This macro is used to identify the time of system boot.
1560 This macro is used to identify the time when the system clock changed.
1565 This macro is used to identify the time after the system clock changed.
1570 This macro is used to identify a process spawned by the init process.
1575 This macro is used to identify the session leader of a logged in user.
1580 This macro is used to identify a user process.
1585 This macro is used to identify a terminated process.
1588 The size of the @code{ut_line}, @code{ut_id} and @code{ut_user} arrays
1589 can be found using the @code{sizeof} operator.
1593 @deftypefun void setutxent (void)
1594 @safety{@prelim{}@mtunsafe{@mtasurace{:utent}}@asunsafe{@asulock{}}@acunsafe{@aculock{} @acsfd{}}}
1595 This function is similar to @code{setutent}. In @theglibc{} it is
1596 simply an alias for @code{setutent}.
1601 @deftypefun {struct utmpx *} getutxent (void)
1602 @safety{@prelim{}@mtunsafe{@mtuinit{} @mtasurace{:utent} @mtascusig{:ALRM} @mtascutimer{}}@asunsafe{@ascuheap{} @asulock{}}@acunsafe{@aculock{} @acsfd{} @acsmem{}}}
1603 The @code{getutxent} function is similar to @code{getutent}, but returns
1604 a pointer to a @code{struct utmpx} instead of @code{struct utmp}. In
1605 @theglibc{} it simply is an alias for @code{getutent}.
1610 @deftypefun void endutxent (void)
1611 @safety{@prelim{}@mtunsafe{@mtasurace{:utent}}@asunsafe{@asulock{}}@acunsafe{@aculock{}}}
1612 This function is similar to @code{endutent}. In @theglibc{} it is
1613 simply an alias for @code{endutent}.
1618 @deftypefun {struct utmpx *} getutxid (const struct utmpx *@var{id})
1619 @safety{@prelim{}@mtunsafe{@mtuinit{} @mtasurace{:utent} @mtascusig{:ALRM} @mtascutimer{}}@asunsafe{@asulock{} @ascuheap{}}@acunsafe{@aculock{} @acsmem{} @acsfd{}}}
1620 This function is similar to @code{getutid}, but uses @code{struct utmpx}
1621 instead of @code{struct utmp}. In @theglibc{} it is simply an alias
1627 @deftypefun {struct utmpx *} getutxline (const struct utmpx *@var{line})
1628 @safety{@prelim{}@mtunsafe{@mtuinit{} @mtasurace{:utent} @mtascusig{:ALRM} @mtascutimer{}}@asunsafe{@ascuheap{} @asulock{}}@acunsafe{@aculock{} @acsfd{} @acsmem{}}}
1629 This function is similar to @code{getutid}, but uses @code{struct utmpx}
1630 instead of @code{struct utmp}. In @theglibc{} it is simply an alias
1631 for @code{getutline}.
1636 @deftypefun {struct utmpx *} pututxline (const struct utmpx *@var{utmp})
1637 @safety{@prelim{}@mtunsafe{@mtasurace{:utent} @mtascusig{:ALRM} @mtascutimer{}}@asunsafe{@asulock{}}@acunsafe{@aculock{} @acsfd{}}}
1638 The @code{pututxline} function is functionally identical to
1639 @code{pututline}, but uses @code{struct utmpx} instead of @code{struct
1640 utmp}. In @theglibc{}, @code{pututxline} is simply an alias for
1646 @deftypefun int utmpxname (const char *@var{file})
1647 @safety{@prelim{}@mtunsafe{@mtasurace{:utent}}@asunsafe{@asulock{} @ascuheap{}}@acunsafe{@aculock{} @acsmem{}}}
1648 The @code{utmpxname} function is functionally identical to
1649 @code{utmpname}. In @theglibc{}, @code{utmpxname} is simply an
1650 alias for @code{utmpname}.
1653 You can translate between a traditional @code{struct utmp} and an XPG
1654 @code{struct utmpx} with the following functions. In @theglibc{},
1655 these functions are merely copies, since the two structures are
1661 @deftypefun int getutmp (const struct utmpx *@var{utmpx}, struct utmp *@var{utmp})
1662 @safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}}
1663 @code{getutmp} copies the information, insofar as the structures are
1664 compatible, from @var{utmpx} to @var{utmp}.
1670 @deftypefun int getutmpx (const struct utmp *@var{utmp}, struct utmpx *@var{utmpx})
1671 @safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}}
1672 @code{getutmpx} copies the information, insofar as the structures are
1673 compatible, from @var{utmp} to @var{utmpx}.
1677 @node Logging In and Out
1678 @subsection Logging In and Out
1680 These functions, derived from BSD, are available in the separate
1681 @file{libutil} library, and declared in @file{utmp.h}.
1684 Note that the @code{ut_user} member of @code{struct utmp} is called
1685 @code{ut_name} in BSD. Therefore, @code{ut_name} is defined as an alias
1686 for @code{ut_user} in @file{utmp.h}.
1690 @deftypefun int login_tty (int @var{filedes})
1691 @safety{@prelim{}@mtunsafe{@mtasurace{:ttyname}}@asunsafe{@ascuheap{} @asulock{}}@acunsafe{@aculock{} @acsfd{} @acsmem{}}}
1692 @c If this function is canceled, it may have succeeded in redirecting
1693 @c only some of the standard streams to the newly opened terminal.
1694 @c Should there be a safety annotation for this?
1695 @c login_tty @mtasurace:ttyname @ascuheap @asulock @aculock @acsmem @acsfd
1698 @c ttyname dup @mtasurace:ttyname @ascuheap @asulock @aculock @acsmem @acsfd
1702 This function makes @var{filedes} the controlling terminal of the
1703 current process, redirects standard input, standard output and
1704 standard error output to this terminal, and closes @var{filedes}.
1706 This function returns @code{0} on successful completion, and @code{-1}
1712 @deftypefun void login (const struct utmp *@var{entry})
1713 @safety{@prelim{}@mtunsafe{@mtasurace{:utent} @mtascusig{:ALRM} @mtascutimer{}}@asunsafe{@asulock{} @ascuheap{}}@acunsafe{@aculock{} @acucorrupt{} @acsfd{} @acsmem{}}}
1714 @c login @mtasurace:utent @mtascusig:ALRM @mtascutimer @asulock @ascuheap @aculock @acucorrupt @acsfd @acsmem
1716 @c tty_name @ascuheap @acucorrupt @acsmem @acsfd
1717 @c ttyname_r dup @ascuheap @acsmem @acsfd
1719 @c realloc dup @ascuheap @acsmem
1720 @c malloc dup @ascuheap @acsmem
1721 @c free dup @ascuheap @acsmem
1725 @c utmpname dup @mtasurace:utent @asulock @ascuheap @aculock @acsmem
1726 @c setutent dup @mtasurace:utent @asulock @aculock @acsfd
1727 @c pututline dup @mtasurace:utent @mtascusig:ALRM @mtascutimer @asulock @aculock @acsfd
1728 @c endutent dup @mtasurace:utent @asulock @aculock
1729 @c free dup @ascuheap @acsmem
1730 @c updwtmp dup @mtascusig:ALRM @mtascutimer @acsfd
1731 The @code{login} functions inserts an entry into the user accounting
1732 database. The @code{ut_line} member is set to the name of the terminal
1733 on standard input. If standard input is not a terminal @code{login}
1734 uses standard output or standard error output to determine the name of
1735 the terminal. If @code{struct utmp} has a @code{ut_type} member,
1736 @code{login} sets it to @code{USER_PROCESS}, and if there is an
1737 @code{ut_pid} member, it will be set to the process ID of the current
1738 process. The remaining entries are copied from @var{entry}.
1740 A copy of the entry is written to the user accounting log file.
1745 @deftypefun int logout (const char *@var{ut_line})
1746 @safety{@prelim{}@mtunsafe{@mtasurace{:utent} @mtascusig{:ALRM} @mtascutimer{}}@asunsafe{@asulock{} @ascuheap{}}@acunsafe{@aculock{} @acsfd{} @acsmem{}}}
1747 @c logout @mtasurace:utent @mtascusig:ALRM @mtascutimer @asulock @ascuheap @aculock @acsfd @acsmem
1748 @c utmpname dup @mtasurace:utent @asulock @ascuheap @aculock @acsmem
1749 @c setutent dup @mtasurace:utent @asulock @aculock @acsfd
1751 @c getutline_r dup @mtasurace:utent @mtascusig:ALRM @mtascutimer @asulock @aculock @acsfd
1753 @c gettimeofday dup ok
1755 @c pututline dup @mtasurace:utent @mtascusig:ALRM @mtascutimer @asulock @aculock @acsfd
1756 @c endutent dup @mtasurace:utent @asulock @aculock
1757 This function modifies the user accounting database to indicate that the
1758 user on @var{ut_line} has logged out.
1760 The @code{logout} function returns @code{1} if the entry was successfully
1761 written to the database, or @code{0} on error.
1766 @deftypefun void logwtmp (const char *@var{ut_line}, const char *@var{ut_name}, const char *@var{ut_host})
1767 @safety{@prelim{}@mtunsafe{@mtascusig{:ALRM} @mtascutimer{}}@asunsafe{}@acunsafe{@acsfd{}}}
1768 @c logwtmp @mtascusig:ALRM @mtascutimer @acsfd
1772 @c gettimeofday dup ok
1774 @c updwtmp dup @mtascusig:ALRM @mtascutimer @acsfd
1775 The @code{logwtmp} function appends an entry to the user accounting log
1776 file, for the current time and the information provided in the
1777 @var{ut_line}, @var{ut_name} and @var{ut_host} arguments.
1780 @strong{Portability Note:} The BSD @code{struct utmp} only has the
1781 @code{ut_line}, @code{ut_name}, @code{ut_host} and @code{ut_time}
1782 members. Older systems do not even have the @code{ut_host} member.
1786 @section User Database
1787 @cindex user database
1788 @cindex password database
1791 This section describes how to search and scan the database of registered
1792 users. The database itself is kept in the file @file{/etc/passwd} on
1793 most systems, but on some systems a special network server gives access
1797 * User Data Structure:: What each user record contains.
1798 * Lookup User:: How to look for a particular user.
1799 * Scanning All Users:: Scanning the list of all users, one by one.
1800 * Writing a User Entry:: How a program can rewrite a user's record.
1803 @node User Data Structure
1804 @subsection The Data Structure that Describes a User
1806 The functions and data structures for accessing the system user database
1807 are declared in the header file @file{pwd.h}.
1812 @deftp {Data Type} {struct passwd}
1813 The @code{passwd} data structure is used to hold information about
1814 entries in the system user data base. It has at least the following members:
1818 The user's login name.
1820 @item char *pw_passwd.
1821 The encrypted password string.
1827 The user's default group ID number.
1829 @item char *pw_gecos
1830 A string typically containing the user's real name, and possibly other
1831 information such as a phone number.
1834 The user's home directory, or initial working directory. This might be
1835 a null pointer, in which case the interpretation is system-dependent.
1837 @item char *pw_shell
1838 The user's default shell, or the initial program run when the user logs in.
1839 This might be a null pointer, indicating that the system default should
1845 @subsection Looking Up One User
1846 @cindex converting user ID to user name
1847 @cindex converting user name to user ID
1849 You can search the system user database for information about a
1850 specific user using @code{getpwuid} or @code{getpwnam}. These
1851 functions are declared in @file{pwd.h}.
1855 @deftypefun {struct passwd *} getpwuid (uid_t @var{uid})
1856 @safety{@prelim{}@mtunsafe{@mtasurace{:pwuid} @mtslocale{}}@asunsafe{@ascudlopen{} @ascuplugin{} @ascuheap{} @asulock{}}@acunsafe{@acucorrupt{} @aculock{} @acsfd{} @acsmem{}}}
1857 @c getpwuid @mtasurace:pwuid @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
1858 @c libc_lock_lock dup @asulock @aculock
1859 @c malloc dup @ascuheap @acsmem
1860 @c getpwuid_r dup @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
1861 @c realloc dup @ascuheap @acsmem
1862 @c free dup @ascuheap @acsmem
1863 @c libc_lock_unlock dup @aculock
1864 This function returns a pointer to a statically-allocated structure
1865 containing information about the user whose user ID is @var{uid}. This
1866 structure may be overwritten on subsequent calls to @code{getpwuid}.
1868 A null pointer value indicates there is no user in the data base with
1874 @deftypefun int getpwuid_r (uid_t @var{uid}, struct passwd *@var{result_buf}, char *@var{buffer}, size_t @var{buflen}, struct passwd **@var{result})
1875 @safety{@prelim{}@mtsafe{@mtslocale{}}@asunsafe{@ascudlopen{} @ascuplugin{} @ascuheap{} @asulock{}}@acunsafe{@acucorrupt{} @aculock{} @acsfd{} @acsmem{}}}
1876 @c getpwuid_r @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
1877 @c nscd_getpwuid_r @ascuheap @acsfd @acsmem
1879 @c nscd_getpw_r @ascuheap @acsfd @acsmem
1880 @c nscd_get_map_ref @ascuheap @acsfd @acsmem
1881 @c nscd_acquire_maplock ok
1882 @c nscd_get_mapping @ascuheap @acsfd @acsmem
1883 @c open_socket dup @acsfd
1885 @c wait_on_socket dup ok
1890 @c munmap dup @acsmem
1891 @c malloc dup @ascuheap @acsmem
1893 @c nscd_unmap dup @ascuheap @acsmem
1894 @c nscd_cache_search ok
1897 @c nscd_open_socket @acsfd
1898 @c open_socket @acsfd
1899 @c socket dup @acsfd
1904 @c gettimeofday dup ok
1906 @c close_not_cancel_no_status dup @acsfd
1907 @c wait_on_socket dup ok
1909 @c close_not_cancel_no_status dup @acsfd
1912 @c wait_on_socket ok
1914 @c gettimeofday dup ok
1916 @c close_not_cancel_no_status dup @acsfd
1917 @c nscd_drop_map_ref @ascuheap @acsmem
1918 @c nscd_unmap dup @ascuheap @acsmem
1919 @c nscd_unmap @ascuheap @acsmem
1921 @c free dup @ascuheap @acsmem
1922 @c nss_passwd_lookup2 @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
1923 @c nss_database_lookup @mtslocale @ascuheap @asulock @acucorrupt @acsmem @acsfd @aculock
1924 @c libc_lock_lock @asulock @aculock
1925 @c libc_lock_unlock @aculock
1926 @c nss_parse_file @mtslocale @ascuheap @asulock @acucorrupt @acsmem @acsfd @aculock
1927 @c fopen dup @ascuheap @asulock @acsmem @acsfd @aculock
1928 @c fsetlocking dup ok [no concurrent uses]
1929 @c malloc dup @asulock @aculock @acsfd @acsmem
1930 @c fclose dup @ascuheap @asulock @acsmem @acsfd @aculock
1931 @c getline dup @ascuheap @aculock @acucorrupt @acsmem
1933 @c nss_getline @mtslocale @ascuheap @acsmem
1934 @c isspace @mtslocale^^
1936 @c malloc dup @asulock @aculock @acsfd @acsmem
1938 @c nss_parse_service_list dup @mtslocale^, @ascuheap @acsmem
1939 @c feof_unlocked dup ok
1940 @c free dup @asulock @aculock @acsfd @acsmem
1942 @c nss_parse_service_list @mtslocale^, @ascuheap @acsmem
1943 @c isspace @mtslocale^^
1944 @c malloc dup @asulock @aculock @acsfd @acsmem
1946 @c strncasecmp dup ok
1947 @c free dup @asulock @aculock @acsfd @acsmem
1948 @c malloc dup @asulock @aculock @acsfd @acsmem
1949 @c nss_lookup @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
1950 @c nss_lookup_function @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
1951 @c libc_lock_lock @asulock @aculock
1952 @c tsearch @ascuheap @acucorrupt @acsmem [no @mtsrace or @asucorrupt due to locking]
1955 @c malloc dup @ascuheap @acsmem
1956 @c tdelete @ascuheap @acucorrupt @acsmem [no @mtsrace or @asucorrupt due to locking]
1957 @c free dup @ascuheap @acsmem
1958 @c nss_load_library @ascudlopen @ascuplugin @ascuheap @asulock @aculock @acsfd @acsmem
1959 @c nss_new_service @ascuheap @acsmem
1961 @c malloc dup @ascuheap @acsmem
1964 @c libc_dlopen @ascudlopen @ascuheap @asulock @aculock @acsfd @acsmem
1965 @c libc_dlsym dup @asulock @aculock @acsfd @acsmem
1966 @c *ifct(*nscd_init_cb) @ascuplugin
1968 @c libc_dlsym dup @asulock @aculock @acsfd @acsmem
1969 @c libc_lock_unlock dup ok
1970 @c nss_next_action ok
1971 @c *fct.l -> _nss_*_getpwuid_r @ascuplugin
1972 @c nss_next2 @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
1973 @c nss_next_action dup ok
1974 @c nss_lookup_function dup @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
1976 @c _nss_files_getpwuid_r @mtslocale @ascuheap @asulock @aculock @acsmem @acsfd
1977 @c libc_lock_lock dup @asulock @aculock
1978 @c internal_setent @ascuheap @asulock @aculock @acsmem @acsfd
1979 @c fopen dup @ascuheap @asulock @acsmem @acsfd @aculock
1982 @c fclose dup @ascuheap @asulock @aculock @acsmem @acsfd
1983 @c rewind dup @aculock [stream guarded by non-recursive pwent lock]
1984 @c internal_getent @mtslocale^
1985 @c fgets_unlocked dup ok [stream guarded by non-recursive pwent lock]
1986 @c isspace dup @mtslocale^^
1987 @c _nss_files_parse_pwent = parse_line ok
1989 @c internal_endent @ascuheap @asulock @aculock @acsmem @acsfd
1990 @c fclose dup @ascuheap @asulock @aculock @acsmem @acsfd
1991 @c libc_lock_unlock dup @aculock
1993 @c _nss_nis_getpwuid_r ... not fully reviewed (assumed) @asuinit @asulock @acucorrupt @aculock
1994 @c yp_get_default_domain @asulock @aculock
1995 @c libc_lock_lock dup @asulock @aculock
1996 @c getdomainname dup ok
1998 @c libc_lock_unlock dup @aculock
1999 @c snprintf dup @ascuheap @acsmem
2001 @c do_ypcall_tr(xdr_ypreq_key,xdr_ypresp_val)
2002 @c do_ypcall(xdr_ypreq_key,xdr_ypresp_val)
2003 @c libc_lock_lock @asulock @aculock
2009 @c libc_lock_unlock @aculock
2013 @c calloc dup @asulock @aculock @acsfd @acsmem
2016 @c snprintf dup @ascuheap @acsmem
2017 @c open dup @acsfd [cancelpt]
2018 @c pread dup [cancelpt]
2019 @c yp_bind_client_create
2020 @c close dup @acsfd [cancelpt]
2021 @c yp_bind_ypbindprog
2024 @c clnt_call(xdr_domainname,xdr_ypbind_resp)
2026 @c yp_bind_client_create
2027 @c free dup @asulock @aculock @acsfd @acsmem
2028 @c calloc dup @asulock @aculock @acsfd @acsmem
2029 @c free dup @asulock @aculock @acsfd @acsmem
2032 @c xdr_free(xdr_ypresp_val)
2051 @c mem_alloc @ascuheap @acsmem
2052 @c malloc dup @ascuheap @acsmem
2058 @c mem_free @ascuheap @acsmem
2059 @c free dup @ascuheap @acsmem
2062 @c _nls_default_nss @asuinit @ascuheap @asulock @acucorrupt @acsmem @acsfd @aculock
2063 @c init @asuinit^, @ascuheap @asulock @acucorrupt @acsmem @acsfd @aculock
2064 @c fopen dup @ascuheap @asulock @acsmem @acsfd @aculock
2065 @c fsetlocking ok [no concurrent uses]
2066 @c feof_unlocked dup ok
2067 @c getline dup @ascuheap @aculock @acucorrupt @acsmem
2068 @c isspace dup @mtslocale^^
2070 @c free dup @asulock @acsmem @acsfd @aculock
2071 @c fclose dup @ascuheap @asulock @aculock @acsmem @acsfd
2072 @c free dup @asulock @acsmem @acsfd @aculock
2075 @c isspace dup @mtslocale^^
2076 @c _nss_files_parse_pwent ok
2077 This function is similar to @code{getpwuid} in that it returns
2078 information about the user whose user ID is @var{uid}. However, it
2079 fills the user supplied structure pointed to by @var{result_buf} with
2080 the information instead of using a static buffer. The first
2081 @var{buflen} bytes of the additional buffer pointed to by @var{buffer}
2082 are used to contain additional information, normally strings which are
2083 pointed to by the elements of the result structure.
2085 If a user with ID @var{uid} is found, the pointer returned in
2086 @var{result} points to the record which contains the wanted data (i.e.,
2087 @var{result} contains the value @var{result_buf}). If no user is found
2088 or if an error occurred, the pointer returned in @var{result} is a null
2089 pointer. The function returns zero or an error code. If the buffer
2090 @var{buffer} is too small to contain all the needed information, the
2091 error code @code{ERANGE} is returned and @var{errno} is set to
2098 @deftypefun {struct passwd *} getpwnam (const char *@var{name})
2099 @safety{@prelim{}@mtunsafe{@mtasurace{:pwnam} @mtslocale{}}@asunsafe{@ascudlopen{} @ascuplugin{} @ascuheap{} @asulock{}}@acunsafe{@acucorrupt{} @aculock{} @acsfd{} @acsmem{}}}
2100 @c getpwnam @mtasurace:pwnam @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2101 @c libc_lock_lock dup @asulock @aculock
2102 @c malloc dup @ascuheap @acsmem
2103 @c getpwnam_r dup @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2104 @c realloc dup @ascuheap @acsmem
2105 @c free dup @ascuheap @acsmem
2106 @c libc_lock_unlock dup @aculock
2107 This function returns a pointer to a statically-allocated structure
2108 containing information about the user whose user name is @var{name}.
2109 This structure may be overwritten on subsequent calls to
2112 A null pointer return indicates there is no user named @var{name}.
2117 @deftypefun int getpwnam_r (const char *@var{name}, struct passwd *@var{result_buf}, char *@var{buffer}, size_t @var{buflen}, struct passwd **@var{result})
2118 @safety{@prelim{}@mtsafe{@mtslocale{}}@asunsafe{@ascudlopen{} @ascuplugin{} @ascuheap{} @asulock{}}@acunsafe{@acucorrupt{} @aculock{} @acsfd{} @acsmem{}}}
2119 @c getpwnam_r @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2120 @c nscd_getpwnam_r @ascuheap @asulock @aculock @acsfd @acsmem
2122 @c nscd_getpw_r dup @ascuheap @asulock @aculock @acsfd @acsmem
2123 @c nss_passwd_lookup2 dup @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2124 @c *fct.l @ascuplugin
2125 @c nss_next2 dup @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2127 @c _nss_files_getpwnam_r @mtslocale @ascuheap @asulock @aculock @acsmem @acsfd
2128 @c libc_lock_lock dup @asulock @aculock
2129 @c internal_setent dup @ascuheap @asulock @aculock @acsmem @acsfd
2130 @c internal_getent dup @mtslocale^
2132 @c internal_endent dup @ascuheap @asulock @aculock @acsmem @acsfd
2133 @c libc_lock_unlock dup @aculock
2135 @c _nss_*_getpwnam_r (assumed) @asuinit @asulock @acucorrupt @aculock
2137 This function is similar to @code{getpwnam} in that it returns
2138 information about the user whose user name is @var{name}. However, like
2139 @code{getpwuid_r}, it fills the user supplied buffers in
2140 @var{result_buf} and @var{buffer} with the information instead of using
2143 The return values are the same as for @code{getpwuid_r}.
2147 @node Scanning All Users
2148 @subsection Scanning the List of All Users
2149 @cindex scanning the user list
2151 This section explains how a program can read the list of all users in
2152 the system, one user at a time. The functions described here are
2153 declared in @file{pwd.h}.
2155 You can use the @code{fgetpwent} function to read user entries from a
2160 @deftypefun {struct passwd *} fgetpwent (FILE *@var{stream})
2161 @safety{@prelim{}@mtunsafe{@mtasurace{:fpwent}}@asunsafe{@asucorrupt{} @asulock{}}@acunsafe{@acucorrupt{} @aculock{}}}
2162 @c fgetpwent @mtasurace:fpwent @asucorrupt @asulock @acucorrupt @aculock
2163 @c fgetpos dup @asucorrupt @aculock @acucorrupt
2164 @c libc_lock_lock dup @asulock @aculock
2165 @c malloc dup @ascuheap @acsmem
2166 @c fgetpwent_r dup @asucorrupt @acucorrupt @aculock
2167 @c realloc dup @ascuheap @acsmem
2168 @c free dup @ascuheap @acsmem
2169 @c fsetpos dup @asucorrupt @aculock @acucorrupt
2170 @c libc_lock_unlock dup @aculock
2171 This function reads the next user entry from @var{stream} and returns a
2172 pointer to the entry. The structure is statically allocated and is
2173 rewritten on subsequent calls to @code{fgetpwent}. You must copy the
2174 contents of the structure if you wish to save the information.
2176 The stream must correspond to a file in the same format as the standard
2177 password database file.
2182 @deftypefun int fgetpwent_r (FILE *@var{stream}, struct passwd *@var{result_buf}, char *@var{buffer}, size_t @var{buflen}, struct passwd **@var{result})
2183 @safety{@prelim{}@mtsafe{}@asunsafe{@asucorrupt{}}@acunsafe{@acucorrupt{} @aculock{}}}
2184 @c fgetpwent_r @asucorrupt @acucorrupt @aculock
2185 @c flockfile dup @aculock
2186 @c fgets_unlocked @asucorrupt @acucorrupt [no @mtsrace due to explicit locking]
2187 @c feof_unlocked dup ok
2188 @c funlockfile dup @aculock
2189 @c isspace dup @mtslocale^^
2190 @c parse_line dup ok
2191 This function is similar to @code{fgetpwent} in that it reads the next
2192 user entry from @var{stream}. But the result is returned in the
2193 structure pointed to by @var{result_buf}. The
2194 first @var{buflen} bytes of the additional buffer pointed to by
2195 @var{buffer} are used to contain additional information, normally
2196 strings which are pointed to by the elements of the result structure.
2198 The stream must correspond to a file in the same format as the standard
2199 password database file.
2201 If the function returns zero @var{result} points to the structure with
2202 the wanted data (normally this is in @var{result_buf}). If errors
2203 occurred the return value is nonzero and @var{result} contains a null
2207 The way to scan all the entries in the user database is with
2208 @code{setpwent}, @code{getpwent}, and @code{endpwent}.
2212 @deftypefun void setpwent (void)
2213 @safety{@prelim{}@mtunsafe{@mtasurace{:pwent} @mtslocale{}}@asunsafe{@ascudlopen{} @ascuplugin{} @ascuheap{} @asulock{}}@acunsafe{@acucorrupt{} @aculock{} @acsfd{} @acsmem{}}}
2214 @c setpwent @mtasurace:pwent @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2215 @c libc_lock_lock @asulock @aculock
2216 @c nss_setent(nss_passwd_lookup2) @mtasurace:pwent @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2217 @c ** resolv's res_maybe_init not called here
2218 @c setup(nss_passwd_lookup2) @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2219 @c *lookup_fct = nss_passwd_lookup2 dup @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2220 @c nss_lookup dup @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2221 @c *fct.f @mtasurace:pwent @ascuplugin
2222 @c nss_next2 dup @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2223 @c libc_lock_unlock @aculock
2224 This function initializes a stream which @code{getpwent} and
2225 @code{getpwent_r} use to read the user database.
2230 @deftypefun {struct passwd *} getpwent (void)
2231 @safety{@prelim{}@mtunsafe{@mtasurace{:pwent} @mtasurace{:pwentbuf} @mtslocale{}}@asunsafe{@ascudlopen{} @ascuplugin{} @ascuheap{} @asulock{}}@acunsafe{@acucorrupt{} @aculock{} @acsfd{} @acsmem{}}}
2232 @c getpwent @mtasurace:pwent @mtasurace:pwentbuf @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2233 @c libc_lock_lock dup @asulock @aculock
2234 @c nss_getent(getpwent_r) @mtasurace:pwent @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2235 @c malloc dup @ascuheap @acsmem
2236 @c *func = getpwent_r dup @mtasurace:pwent @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2237 @c realloc dup @ascuheap @acsmem
2238 @c free dup @ascuheap @acsmem
2239 @c libc_lock_unlock dup @aculock
2240 The @code{getpwent} function reads the next entry from the stream
2241 initialized by @code{setpwent}. It returns a pointer to the entry. The
2242 structure is statically allocated and is rewritten on subsequent calls
2243 to @code{getpwent}. You must copy the contents of the structure if you
2244 wish to save the information.
2246 A null pointer is returned when no more entries are available.
2251 @deftypefun int getpwent_r (struct passwd *@var{result_buf}, char *@var{buffer}, size_t @var{buflen}, struct passwd **@var{result})
2252 @safety{@prelim{}@mtunsafe{@mtasurace{:pwent} @mtslocale{}}@asunsafe{@ascudlopen{} @ascuplugin{} @ascuheap{} @asulock{}}@acunsafe{@acucorrupt{} @aculock{} @acsfd{} @acsmem{}}}
2253 @c The static buffer here is not the result_buf, but rather the
2254 @c variables that keep track of what nss backend we've last used, and
2255 @c whatever internal state the nss backend uses to keep track of the
2257 @c getpwent_r @mtasurace:pwent @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2258 @c libc_lock_lock dup @asulock @aculock
2259 @c nss_getent_r(nss_passwd_lookup2) @mtasurace:pwent @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2260 @c setup(nss_passwd_lookup2) dup @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2261 @c *fct.f @mtasurace:pwent @ascuplugin
2262 @c nss_next2 dup @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2263 @c nss_lookup dup @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2264 @c *sfct.f @mtasurace:pwent @ascuplugin
2265 @c libc_lock_unlock dup @aculock
2266 This function is similar to @code{getpwent} in that it returns the next
2267 entry from the stream initialized by @code{setpwent}. Like
2268 @code{fgetpwent_r}, it uses the user-supplied buffers in
2269 @var{result_buf} and @var{buffer} to return the information requested.
2271 The return values are the same as for @code{fgetpwent_r}.
2277 @deftypefun void endpwent (void)
2278 @safety{@prelim{}@mtunsafe{@mtasurace{:pwent} @mtslocale{}}@asunsafe{@ascudlopen{} @ascuplugin{} @ascuheap{} @asulock{}}@acunsafe{@acucorrupt{} @aculock{} @acsfd{} @acsmem{}}}
2279 @c endpwent @mtasurace:pwent @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2280 @c libc_lock_lock @asulock @aculock
2281 @c nss_endent(nss_passwd_lookup2) @mtasurace:pwent @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2282 @c ** resolv's res_maybe_init not called here
2283 @c setup(nss_passwd_lookup2) dup @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2284 @c *fct.f @mtasurace:pwent @ascuplugin
2285 @c nss_next2 dup @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2286 @c libc_lock_unlock @aculock
2287 This function closes the internal stream used by @code{getpwent} or
2291 @node Writing a User Entry
2292 @subsection Writing a User Entry
2296 @deftypefun int putpwent (const struct passwd *@var{p}, FILE *@var{stream})
2297 @safety{@prelim{}@mtsafe{@mtslocale{}}@asunsafe{@asucorrupt{}}@acunsafe{@aculock{} @acucorrupt{}}}
2298 @c putpwent @mtslocale @asucorrupt @aculock @acucorrupt
2299 @c fprintf dup @mtslocale @asucorrupt @aculock @acucorrupt [no @ascuheap @acsmem]
2300 This function writes the user entry @code{*@var{p}} to the stream
2301 @var{stream}, in the format used for the standard user database
2302 file. The return value is zero on success and nonzero on failure.
2304 This function exists for compatibility with SVID. We recommend that you
2305 avoid using it, because it makes sense only on the assumption that the
2306 @code{struct passwd} structure has no members except the standard ones;
2307 on a system which merges the traditional Unix data base with other
2308 extended information about users, adding an entry using this function
2309 would inevitably leave out much of the important information.
2310 @c Then how are programmers to modify the password file? -zw
2312 The group and user ID fields are left empty if the group or user name
2313 starts with a - or +.
2315 The function @code{putpwent} is declared in @file{pwd.h}.
2318 @node Group Database
2319 @section Group Database
2320 @cindex group database
2323 This section describes how to search and scan the database of
2324 registered groups. The database itself is kept in the file
2325 @file{/etc/group} on most systems, but on some systems a special network
2326 service provides access to it.
2329 * Group Data Structure:: What each group record contains.
2330 * Lookup Group:: How to look for a particular group.
2331 * Scanning All Groups:: Scanning the list of all groups.
2334 @node Group Data Structure
2335 @subsection The Data Structure for a Group
2337 The functions and data structures for accessing the system group
2338 database are declared in the header file @file{grp.h}.
2343 @deftp {Data Type} {struct group}
2344 The @code{group} structure is used to hold information about an entry in
2345 the system group database. It has at least the following members:
2349 The name of the group.
2352 The group ID of the group.
2355 A vector of pointers to the names of users in the group. Each user name
2356 is a null-terminated string, and the vector itself is terminated by a
2362 @subsection Looking Up One Group
2363 @cindex converting group name to group ID
2364 @cindex converting group ID to group name
2366 You can search the group database for information about a specific
2367 group using @code{getgrgid} or @code{getgrnam}. These functions are
2368 declared in @file{grp.h}.
2372 @deftypefun {struct group *} getgrgid (gid_t @var{gid})
2373 @safety{@prelim{}@mtunsafe{@mtasurace{:grgid} @mtslocale{}}@asunsafe{@ascudlopen{} @ascuplugin{} @ascuheap{} @asulock{}}@acunsafe{@acucorrupt{} @aculock{} @acsfd{} @acsmem{}}}
2374 @c getgrgid =~ getpwuid dup @mtasurace:grgid @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2375 @c getgrgid_r dup @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2376 This function returns a pointer to a statically-allocated structure
2377 containing information about the group whose group ID is @var{gid}.
2378 This structure may be overwritten by subsequent calls to
2381 A null pointer indicates there is no group with ID @var{gid}.
2386 @deftypefun int getgrgid_r (gid_t @var{gid}, struct group *@var{result_buf}, char *@var{buffer}, size_t @var{buflen}, struct group **@var{result})
2387 @safety{@prelim{}@mtsafe{@mtslocale{}}@asunsafe{@ascudlopen{} @ascuplugin{} @ascuheap{} @asulock{}}@acunsafe{@acucorrupt{} @aculock{} @acsfd{} @acsmem{}}}
2388 @c getgrgid_r =~ getpwuid_r dup @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2389 @c nscd_getgrgid_r @ascuheap @acsfd @acsmem
2391 @c nscd_getgr_r @ascuheap @acsfd @acsmem
2392 @c nscd_get_map_ref dup @ascuheap @acsfd @acsmem
2393 @c nscd_cache_search dup ok
2394 @c nscd_open_socket dup @acsfd
2398 @c wait_on_socket dup ok
2401 @c close_not_cancel_no_status dup @acsfd
2402 @c nscd_drop_map_ref dup @ascuheap @acsmem
2403 @c nscd_unmap dup @ascuheap @acsmem
2404 @c nss_group_lookup2 =~ nss_passwd_lookup2 dup @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2405 @c *fct.l -> _nss_*_getgrgid_r @ascuplugin
2406 @c nss_next2 dup @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2407 This function is similar to @code{getgrgid} in that it returns
2408 information about the group whose group ID is @var{gid}. However, it
2409 fills the user supplied structure pointed to by @var{result_buf} with
2410 the information instead of using a static buffer. The first
2411 @var{buflen} bytes of the additional buffer pointed to by @var{buffer}
2412 are used to contain additional information, normally strings which are
2413 pointed to by the elements of the result structure.
2415 If a group with ID @var{gid} is found, the pointer returned in
2416 @var{result} points to the record which contains the wanted data (i.e.,
2417 @var{result} contains the value @var{result_buf}). If no group is found
2418 or if an error occurred, the pointer returned in @var{result} is a null
2419 pointer. The function returns zero or an error code. If the buffer
2420 @var{buffer} is too small to contain all the needed information, the
2421 error code @code{ERANGE} is returned and @var{errno} is set to
2427 @deftypefun {struct group *} getgrnam (const char *@var{name})
2428 @safety{@prelim{}@mtunsafe{@mtasurace{:grnam} @mtslocale{}}@asunsafe{@ascudlopen{} @ascuplugin{} @ascuheap{} @asulock{}}@acunsafe{@acucorrupt{} @aculock{} @acsfd{} @acsmem{}}}
2429 @c getgrnam =~ getpwnam dup @mtasurace:grnam @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2430 @c getgrnam_r dup @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2431 This function returns a pointer to a statically-allocated structure
2432 containing information about the group whose group name is @var{name}.
2433 This structure may be overwritten by subsequent calls to
2436 A null pointer indicates there is no group named @var{name}.
2441 @deftypefun int getgrnam_r (const char *@var{name}, struct group *@var{result_buf}, char *@var{buffer}, size_t @var{buflen}, struct group **@var{result})
2442 @safety{@prelim{}@mtsafe{@mtslocale{}}@asunsafe{@ascudlopen{} @ascuplugin{} @ascuheap{} @asulock{}}@acunsafe{@acucorrupt{} @aculock{} @acsfd{} @acsmem{}}}
2443 @c getgrnam_r =~ getpwnam_r dup @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2444 @c nscd_getgrnam_r @ascuheap @asulock @aculock @acsfd @acsmem
2446 @c nscd_getgr_r dup @ascuheap @asulock @aculock @acsfd @acsmem
2447 @c nss_group_lookup2 dup @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2448 @c *fct.l @ascuplugin
2449 @c nss_next2 dup @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2450 This function is similar to @code{getgrnam} in that it returns
2451 information about the group whose group name is @var{name}. Like
2452 @code{getgrgid_r}, it uses the user supplied buffers in
2453 @var{result_buf} and @var{buffer}, not a static buffer.
2455 The return values are the same as for @code{getgrgid_r}.
2458 @node Scanning All Groups
2459 @subsection Scanning the List of All Groups
2460 @cindex scanning the group list
2462 This section explains how a program can read the list of all groups in
2463 the system, one group at a time. The functions described here are
2464 declared in @file{grp.h}.
2466 You can use the @code{fgetgrent} function to read group entries from a
2471 @deftypefun {struct group *} fgetgrent (FILE *@var{stream})
2472 @safety{@prelim{}@mtunsafe{@mtasurace{:fgrent}}@asunsafe{@asucorrupt{} @asulock{}}@acunsafe{@acucorrupt{} @aculock{}}}
2473 @c fgetgrent @mtasurace:fgrent @asucorrupt @asulock @acucorrupt @aculock
2474 @c fgetpos dup @asucorrupt @aculock @acucorrupt
2475 @c libc_lock_lock dup @asulock @aculock
2476 @c malloc dup @ascuheap @acsmem
2477 @c fgetgrent_r dup @asucorrupt @acucorrupt @aculock
2478 @c realloc dup @ascuheap @acsmem
2479 @c free dup @ascuheap @acsmem
2480 @c fsetpos dup @asucorrupt @aculock @acucorrupt
2481 @c libc_lock_unlock dup @aculock
2482 The @code{fgetgrent} function reads the next entry from @var{stream}.
2483 It returns a pointer to the entry. The structure is statically
2484 allocated and is overwritten on subsequent calls to @code{fgetgrent}. You
2485 must copy the contents of the structure if you wish to save the
2488 The stream must correspond to a file in the same format as the standard
2489 group database file.
2494 @deftypefun int fgetgrent_r (FILE *@var{stream}, struct group *@var{result_buf}, char *@var{buffer}, size_t @var{buflen}, struct group **@var{result})
2495 @safety{@prelim{}@mtsafe{}@asunsafe{@asucorrupt{}}@acunsafe{@acucorrupt{} @aculock{}}}
2496 @c fgetgrent_r @asucorrupt @acucorrupt @aculock
2497 @c flockfile dup @aculock
2498 @c fgets_unlocked @asucorrupt @acucorrupt [no @mtsrace due to explicit locking]
2499 @c feof_unlocked dup ok
2500 @c funlockfile dup @aculock
2501 @c isspace dup @mtslocale^^
2502 @c parse_line dup ok
2503 This function is similar to @code{fgetgrent} in that it reads the next
2504 user entry from @var{stream}. But the result is returned in the
2505 structure pointed to by @var{result_buf}. The first @var{buflen} bytes
2506 of the additional buffer pointed to by @var{buffer} are used to contain
2507 additional information, normally strings which are pointed to by the
2508 elements of the result structure.
2510 This stream must correspond to a file in the same format as the standard
2511 group database file.
2513 If the function returns zero @var{result} points to the structure with
2514 the wanted data (normally this is in @var{result_buf}). If errors
2515 occurred the return value is non-zero and @var{result} contains a null
2519 The way to scan all the entries in the group database is with
2520 @code{setgrent}, @code{getgrent}, and @code{endgrent}.
2524 @deftypefun void setgrent (void)
2525 @safety{@prelim{}@mtunsafe{@mtasurace{:grent} @mtslocale{}}@asunsafe{@ascudlopen{} @ascuplugin{} @ascuheap{} @asulock{}}@acunsafe{@acucorrupt{} @aculock{} @acsfd{} @acsmem{}}}
2526 @c setgrent =~ setpwent dup @mtasurace:grent @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2527 @c ...*lookup_fct = nss_group_lookup2 dup @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2528 This function initializes a stream for reading from the group data base.
2529 You use this stream by calling @code{getgrent} or @code{getgrent_r}.
2534 @deftypefun {struct group *} getgrent (void)
2535 @safety{@prelim{}@mtunsafe{@mtasurace{:grent} @mtasurace{:grentbuf} @mtslocale{}}@asunsafe{@ascudlopen{} @ascuplugin{} @ascuheap{} @asulock{}}@acunsafe{@acucorrupt{} @aculock{} @acsfd{} @acsmem{}}}
2536 @c getgrent =~ getpwent dup @mtasurace:grent @mtasurace:grentbuf @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2537 @c *func = getgrent_r dup @mtasurace:grent @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2538 The @code{getgrent} function reads the next entry from the stream
2539 initialized by @code{setgrent}. It returns a pointer to the entry. The
2540 structure is statically allocated and is overwritten on subsequent calls
2541 to @code{getgrent}. You must copy the contents of the structure if you
2542 wish to save the information.
2547 @deftypefun int getgrent_r (struct group *@var{result_buf}, char *@var{buffer}, size_t @var{buflen}, struct group **@var{result})
2548 @safety{@prelim{}@mtunsafe{@mtasurace{:grent} @mtslocale{}}@asunsafe{@ascudlopen{} @ascuplugin{} @ascuheap{} @asulock{}}@acunsafe{@acucorrupt{} @aculock{} @acsfd{} @acsmem{}}}
2549 @c getgrent_r =~ getpwent_r dup @mtasurace:grent @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2550 This function is similar to @code{getgrent} in that it returns the next
2551 entry from the stream initialized by @code{setgrent}. Like
2552 @code{fgetgrent_r}, it places the result in user-supplied buffers
2553 pointed to by @var{result_buf} and @var{buffer}.
2555 If the function returns zero @var{result} contains a pointer to the data
2556 (normally equal to @var{result_buf}). If errors occurred the return
2557 value is non-zero and @var{result} contains a null pointer.
2562 @deftypefun void endgrent (void)
2563 @safety{@prelim{}@mtunsafe{@mtasurace{:grent} @mtslocale{}}@asunsafe{@ascudlopen{} @ascuplugin{} @ascuheap{} @asulock{}}@acunsafe{@acucorrupt{} @aculock{} @acsfd{} @acsmem{}}}
2564 @c endgrent =~ endpwent dup @mtasurace:grent @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2565 This function closes the internal stream used by @code{getgrent} or
2569 @node Database Example
2570 @section User and Group Database Example
2572 Here is an example program showing the use of the system database inquiry
2573 functions. The program prints some information about the user running
2580 Here is some output from this program:
2583 I am Throckmorton Snurd.
2584 My login name is snurd.
2586 My home directory is /home/fsg/snurd.
2587 My default shell is /bin/sh.
2588 My default group is guest (12).
2589 The members of this group are:
2594 @node Netgroup Database
2595 @section Netgroup Database
2598 * Netgroup Data:: Data in the Netgroup database and where
2600 * Lookup Netgroup:: How to look for a particular netgroup.
2601 * Netgroup Membership:: How to test for netgroup membership.
2605 @subsection Netgroup Data
2608 Sometimes it is useful to group users according to other criteria
2609 (@pxref{Group Database}). E.g., it is useful to associate a certain
2610 group of users with a certain machine. On the other hand grouping of
2611 host names is not supported so far.
2613 In Sun Microsystems' SunOS appeared a new kind of database, the netgroup
2614 database. It allows grouping hosts, users, and domains freely, giving
2615 them individual names. To be more concrete, a netgroup is a list of triples
2616 consisting of a host name, a user name, and a domain name where any of
2617 the entries can be a wildcard entry matching all inputs. A last
2618 possibility is that names of other netgroups can also be given in the
2619 list specifying a netgroup. So one can construct arbitrary hierarchies
2622 Sun's implementation allows netgroups only for the @code{nis} or
2623 @code{nisplus} service, @pxref{Services in the NSS configuration}. The
2624 implementation in @theglibc{} has no such restriction. An entry
2625 in either of the input services must have the following form:
2628 @var{groupname} ( @var{groupname} | @code{(}@var{hostname}@code{,}@var{username}@code{,}@code{domainname}@code{)} )+
2631 Any of the fields in the triple can be empty which means anything
2632 matches. While describing the functions we will see that the opposite
2633 case is useful as well. I.e., there may be entries which will not
2634 match any input. For entries like this, a name consisting of the single
2635 character @code{-} shall be used.
2637 @node Lookup Netgroup
2638 @subsection Looking up one Netgroup
2640 The lookup functions for netgroups are a bit different than all other
2641 system database handling functions. Since a single netgroup can contain
2642 many entries a two-step process is needed. First a single netgroup is
2643 selected and then one can iterate over all entries in this netgroup.
2644 These functions are declared in @file{netdb.h}.
2648 @deftypefun int setnetgrent (const char *@var{netgroup})
2649 @safety{@prelim{}@mtunsafe{@mtasurace{:netgrent} @mtslocale{}}@asunsafe{@ascudlopen{} @ascuplugin{} @ascuheap{} @asulock{}}@acunsafe{@acucorrupt{} @aculock{} @acsfd{} @acsmem{}}}
2650 @c setnetgrent @mtasurace:netgrent @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2651 @c libc_lock_lock dup @asulock @aculock
2652 @c nscd_setnetgrent @ascuheap @acsfd @acsmem
2653 @c __nscd_setnetgrent @ascuheap @acsfd @acsmem
2655 @c nscd_get_map_ref dup @ascuheap @acsfd @acsmem
2656 @c nscd_cache_search dup ok
2657 @c nscd_open_socket dup @acsfd
2658 @c malloc dup @ascuheap @acsmem
2660 @c free dup @ascuheap @acsmem
2661 @c close_not_cancel_no_status dup @acsfd
2662 @c nscd_drop_map_ref dup @ascuheap @acsmem
2663 @c nscd_unmap dup @ascuheap @acsmem
2664 @c internal_setnetgrent @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2665 @c free_memory dup @ascuheap @acsmem
2666 @c free dup @ascuheap @acsmem
2667 @c internal_setnetgrent_reuse @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2668 @c endnetgrent_hook dup @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2669 @c nss_lookup_function dup @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2670 @c *endfct @ascuplugin
2671 @c (netgroup::)setup @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2672 @c nss_netgroup_lookup dup @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2673 @c nss_netgroup_lookup2 =~ nss_passwd_lookup2 dup @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2674 @c nss_lookup dup @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2675 @c *fct.f @ascuplugin
2676 @c nss_next2 dup @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2677 @c nss_lookup_function dup @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2678 @c *endfct @ascuplugin
2680 @c malloc dup @ascuheap @acsmem
2682 @c libc_lock_unlock dup @aculock
2683 A call to this function initializes the internal state of the library to
2684 allow following calls of @code{getnetgrent} to iterate over all entries
2685 in the netgroup with name @var{netgroup}.
2687 When the call is successful (i.e., when a netgroup with this name exists)
2688 the return value is @code{1}. When the return value is @code{0} no
2689 netgroup of this name is known or some other error occurred.
2692 It is important to remember that there is only one single state for
2693 iterating the netgroups. Even if the programmer uses the
2694 @code{getnetgrent_r} function the result is not really reentrant since
2695 always only one single netgroup at a time can be processed. If the
2696 program needs to process more than one netgroup simultaneously she
2697 must protect this by using external locking. This problem was
2698 introduced in the original netgroups implementation in SunOS and since
2699 we must stay compatible it is not possible to change this.
2701 Some other functions also use the netgroups state. Currently these are
2702 the @code{innetgr} function and parts of the implementation of the
2703 @code{compat} service part of the NSS implementation.
2707 @deftypefun int getnetgrent (char **@var{hostp}, char **@var{userp}, char **@var{domainp})
2708 @safety{@prelim{}@mtunsafe{@mtasurace{:netgrent} @mtasurace{:netgrentbuf} @mtslocale{}}@asunsafe{@ascudlopen{} @ascuplugin{} @ascuheap{} @asulock{}}@acunsafe{@acucorrupt{} @aculock{} @acsfd{} @acsmem{}}}
2709 @c getnetgrent @mtasurace:netgrent @mtasurace:netgrentbuf @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2710 @c uses unsafely a static buffer allocated within a libc_once call
2711 @c allocate (libc_once) @ascuheap @acsmem
2712 @c malloc dup @ascuheap @acsmem
2713 @c getnetgrent_r dup @mtasurace:netgrent @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2714 This function returns the next unprocessed entry of the currently
2715 selected netgroup. The string pointers, in which addresses are passed in
2716 the arguments @var{hostp}, @var{userp}, and @var{domainp}, will contain
2717 after a successful call pointers to appropriate strings. If the string
2718 in the next entry is empty the pointer has the value @code{NULL}.
2719 The returned string pointers are only valid if none of the netgroup
2720 related functions are called.
2722 The return value is @code{1} if the next entry was successfully read. A
2723 value of @code{0} means no further entries exist or internal errors occurred.
2728 @deftypefun int getnetgrent_r (char **@var{hostp}, char **@var{userp}, char **@var{domainp}, char *@var{buffer}, size_t @var{buflen})
2729 @safety{@prelim{}@mtunsafe{@mtasurace{:netgrent} @mtslocale{}}@asunsafe{@ascudlopen{} @ascuplugin{} @ascuheap{} @asulock{}}@acunsafe{@acucorrupt{} @aculock{} @acsfd{} @acsmem{}}}
2730 @c getnetgrent_r @mtasurace:netgrent @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2731 @c libc_lock_lock dup @asulock @aculock
2732 @c internal_getnetgrent_r @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2733 @c nss_lookup_function dup @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2735 @c nscd_getnetgrent ok
2737 @c internal_setnetgrent_reuse dup @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2739 @c malloc dup @ascuheap @acsmem
2741 @c libc_lock_unlock dup @aculock
2742 This function is similar to @code{getnetgrent} with only one exception:
2743 the strings the three string pointers @var{hostp}, @var{userp}, and
2744 @var{domainp} point to, are placed in the buffer of @var{buflen} bytes
2745 starting at @var{buffer}. This means the returned values are valid
2746 even after other netgroup related functions are called.
2748 The return value is @code{1} if the next entry was successfully read and
2749 the buffer contains enough room to place the strings in it. @code{0} is
2750 returned in case no more entries are found, the buffer is too small, or
2751 internal errors occurred.
2753 This function is a GNU extension. The original implementation in the
2754 SunOS libc does not provide this function.
2759 @deftypefun void endnetgrent (void)
2760 @safety{@prelim{}@mtunsafe{@mtasurace{:netgrent}}@asunsafe{@ascudlopen{} @ascuplugin{} @ascuheap{} @asulock{}}@acunsafe{@acucorrupt{} @aculock{} @acsfd{} @acsmem{}}}
2761 @c endnetgrent @mtasurace:netgrent @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2762 @c libc_lock_lock dup @asulock @aculock
2763 @c internal_endnetgrent @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2764 @c endnetgrent_hook dup @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2765 @c free_memory dup @ascuheap @acsmem
2766 @c libc_lock_unlock dup @aculock
2767 This function frees all buffers which were allocated to process the last
2768 selected netgroup. As a result all string pointers returned by calls
2769 to @code{getnetgrent} are invalid afterwards.
2772 @node Netgroup Membership
2773 @subsection Testing for Netgroup Membership
2775 It is often not necessary to scan the whole netgroup since often the
2776 only interesting question is whether a given entry is part of the
2781 @deftypefun int innetgr (const char *@var{netgroup}, const char *@var{host}, const char *@var{user}, const char *@var{domain})
2782 @safety{@prelim{}@mtunsafe{@mtasurace{:netgrent} @mtslocale{}}@asunsafe{@ascudlopen{} @ascuplugin{} @ascuheap{} @asulock{}}@acunsafe{@acucorrupt{} @aculock{} @acsfd{} @acsmem{}}}
2783 @c This function does not use the static data structure that the
2784 @c *netgrent* ones do, but since each nss must maintains internal state
2785 @c to support iteration and concurrent iteration will interfere
2786 @c destructively, we regard this internal state as a static buffer.
2787 @c getnetgrent_r iteration in each nss backend.
2788 @c innetgr @mtasurace:netgrent @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2789 @c nscd_innetgr @ascuheap @acsfd @acsmem
2791 @c malloc dup @ascuheap @acsmem
2793 @c nscd_get_map_ref dup @ascuheap @acsfd @acsmem
2794 @c nscd_cache_search dup ok
2795 @c nscd_open_socket dup @acsfd
2796 @c close_not_cancel_no_status dup @acsfd
2797 @c nscd_drop_map_ref dup @ascuheap @acsmem
2798 @c nscd_unmap dup @ascuheap @acsmem
2799 @c free dup @ascuheap @acsmem
2801 @c (netgroup::)setup dup @mtslocale @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2802 @c *setfct.f @ascuplugin
2803 @c nss_lookup_function dup @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2804 @c *getfct @ascuplugin
2807 @c malloc dup @ascuheap @acsmem
2810 @c *endfct @ascuplugin
2811 @c nss_next2 dup @ascudlopen @ascuplugin @ascuheap @asulock @acucorrupt @aculock @acsfd @acsmem
2812 @c free_memory dup @ascuheap @acsmem
2813 This function tests whether the triple specified by the parameters
2814 @var{host}, @var{user}, and @var{domain} is part of the netgroup
2815 @var{netgroup}. Using this function has the advantage that
2819 no other netgroup function can use the global netgroup state since
2820 internal locking is used and
2822 the function is implemented more efficiently than successive calls
2823 to the other @code{set}/@code{get}/@code{endnetgrent} functions.
2826 Any of the pointers @var{host}, @var{user}, or @var{domain} can be
2827 @code{NULL} which means any value is accepted in this position. This is
2828 also true for the name @code{-} which should not match any other string
2831 The return value is @code{1} if an entry matching the given triple is
2832 found in the netgroup. The return value is @code{0} if the netgroup
2833 itself is not found, the netgroup does not contain the triple or
2834 internal errors occurred.
2837 @c FIXME these are undocumented: