PTHREAD_SETUGID_NP(2) System Calls Manual PTHREAD_SETUGID_NP(2)

pthread_setugid_npSet the per-thread userid and single groupid.

#include <sys/types.h>
#include <sys/unistd.h>

int
pthread_setugid_np(uid_t uid, gid_t gid);

() changes the current thread's effective, real, and saved userid and groupid to the requested userid and groupid ( uid and gid , respectively) and clears all other groupids.

uid can be the current real userid, KAUTH_UID_NONE, or, if the caller is privileged, any userid. gid can be the current real groupid or, if the caller is priviledged, any single groupid.

Setting uid to KAUTH_UID_NONE means to "revert to the per process credential".

Temporarily restoring root privileges for a non-privileged process is only possible on a per-process basis and not a per-thread basis.

pthread_setugid_np() is not intended as a privilege escalation mechanism.

Do not use pthread_setugid_np.2() in a security sensitive situation.

Upon successful completion, a value of 0 is returned. Otherwise, -1 is returned and the global variable errno is set to indicate the error.

pthread_setugid_np() fails if one or more of the following are true:

[EPERM]
The calling process does not have the correct credentials to set the override identity (i.e. The current credentials do not imply "super-user").
[EPERM]
If uid is set to KAUTH_UID_NONE, the current thread must already be assuming another identity in order to revert back.
[EPERM]
The current thread cannot already be assuming another identity.

setuid(2) setgid(2) seteuid(2) setegid(2)

October 1, 2008 Mac OS X 12