setuidgid — set process UID and GID(s) then chain
setuidgid
[--primary-group group
] [--supplementary] {account
} {next-prog
}
setuidgid is a chain-loading utility that sets the process real+effective UID and real+effective GID to the values for account
in the system account database and then chain loads to next-prog
with the execvp(3) function.
next-prog
may contain its own command line options, which setuidgid will ignore.
If the --primary-group option is used, setuidgid will use group
instead of the primary GID of account
as the GID to set.
If the --supplementary option is used, setuidgid will also set the supplementary GIDs for the groups to which account belongs, as listed in the groups database.
Without that option, it only sets the GID that is listed for account
in the password database, ignoring the group database, and clears the list of supplementary groups entirely.
In either case, the command will fail if the process is not running under the aegis of the superuser. Non-superusers are not permitted to alter the supplementary groups list.
If it cannot find an account named account
in the database, or fails setting the groups or user ID, it does not chain and exits with status code 111.