CAPNG_CHANGE_ID(3) Libcap-ng API CAPNG_CHANGE_ID(3)NAMEcapng_change_id - change the credentials retaining capabilities
int capng_change_id(int uid, int gid, capng_flags_t flag);
This function will change uid and gid to the ones given while retaining
the capabilities previously specified in capng_update. It is not neces‐
sary and perhaps better if capng_apply has not been called prior to
this function so that all necessary privileges are still intact. The
caller is required to have CAP_SETPCAP capability still active before
calling this function.
This function also takes a flag parameter that helps to tailor the
exact actions performed by the function to secure the environment. The
option may be or'ed together. The legal values are:
Simply change uid and retain specified capabilities and
After changing id, remove and supplement groups that may
come with the account.
After changing the uid and gid, clear the bounding set
regardless to the internal representation already setup.
This returns 0 on success and a negative number on failure. -1 means
capng has not been initted properly, -2 means a failure requesting to
keep capabilities across the uid change, -3 means that applying the
intermediate capabilities failed, -4 means changing gid failed, -5
means dropping supplemental groups failed, -6 means changing the uid
failed, -7 means dropping the ability to retain caps across a uid
change failed, -8 means clearing the bounding set failed, -9 means
dropping CAP_SETPCAP failed.
Note: the only safe action to do upon failure of this function is to
probably exit. This is because you are likely in a situation with par‐
tial permissions and not what you intended.
SEE ALSOcapng_update(3), capng_apply(3), prctl(2), capabilities(7)AUTHOR
Red Hat June 2009 CAPNG_CHANGE_ID(3)