Home | History | Annotate | Line # | Download | only in sys 
 $NetBSD: chmod.2,v 1.49 2021/11/19 23:51:16 wiz Exp $

 Copyright (c) 1980, 1991, 1993
 The Regents of the University of California. All rights reserved.

 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions
 are met:
 1. Redistributions of source code must retain the above copyright
 notice, this list of conditions and the following disclaimer.
 2. Redistributions in binary form must reproduce the above copyright
 notice, this list of conditions and the following disclaimer in the
 documentation and/or other materials provided with the distribution.
 3. Neither the name of the University nor the names of its contributors
 may be used to endorse or promote products derived from this software
 without specific prior written permission.

 THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
 FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 SUCH DAMAGE.

 @(#)chmod.2 8.1 (Berkeley) 6/4/93

.Dd November 20, 2021
.Dt CHMOD 2
.Os
.Sh NAME
.Nm chmod ,
.Nm lchmod ,
.Nm fchmod ,
.Nm fchmodat
.Nd change mode of file
.Sh LIBRARY
.Lb libc
.Sh SYNOPSIS
n sys/stat.h .Ft int
.Fn chmod "const char *path" "mode_t mode"
.Ft int
.Fn lchmod "const char *path" "mode_t mode"
.Ft int
.Fn fchmod "int fd" "mode_t mode"
n sys/stat.h n fcntl.h .Ft int
.Fn fchmodat "int fd" "const char *path" "mode_t mode" "int flag"
.Sh DESCRIPTION
The function
.Fn chmod
sets the file permission bits
of the file
specified by the pathname
.Fa path
to
.Fa mode .
.Fn fchmod
sets the permission bits of the specified
file descriptor
.Fa fd .
.Fn lchmod
is like
.Fn chmod
except in the case where the named file is a symbolic link,
in which case
.Fn lchmod
sets the permission bits of the link,
while
.Fn chmod
sets the bits of the file the link references.

p
.Fn fchmodat
works the same way as
.Fn chmod
(or
.Fn lchmod
if
.Dv AT_SYMLINK_NOFOLLOW
is set in
.Fa flag )
except if
.Fa path
is relative.
In that case, it is looked up from a directory whose file
descriptor was passed as
.Fa fd .
Search permission is required on this directory.
 (These alternatives await a decision about the semantics of O_SEARCH)
 Search permission is required on this directory
 except if
 .Fa fd
 was opened with the
 .Dv O_SEARCH
 flag.
 - or -
 This file descriptor must have been opened with the
 .Dv O_SEARCH
 flag.
.Fa fd
except if that file descriptor was opened with the
.Dv O_SEARCH
flag.
.Fa fd
can be set to
.Dv AT_FDCWD
in order to specify the current directory.

p
.Fn chmod
verifies that the process owner (user) either owns
the file specified by
.Fa path
(or
.Fa fd ) ,
or
is the super-user.
A mode is created from
.Em or'd
permission bit masks
defined in
n sys/stat.h : d -literal -offset indent -compact #define S_IRWXU 0000700 /* RWX mask for owner */
#define S_IRUSR 0000400 /* R for owner */
#define S_IWUSR 0000200 /* W for owner */
#define S_IXUSR 0000100 /* X for owner */

#define S_IRWXG 0000070 /* RWX mask for group */
#define S_IRGRP 0000040 /* R for group */
#define S_IWGRP 0000020 /* W for group */
#define S_IXGRP 0000010 /* X for group */

#define S_IRWXO 0000007 /* RWX mask for other */
#define S_IROTH 0000004 /* R for other */
#define S_IWOTH 0000002 /* W for other */
#define S_IXOTH 0000001 /* X for other */

#define S_ISUID 0004000 /* set user id on execution */
#define S_ISGID 0002000 /* set group id on execution */
#define S_ISVTX 0001000 /* sticky bit */
.Ed

p
The mode
.Dv ISVTX
(the
.Sq sticky bit )
can be set on regular files, but has no effect.
For historical reasons this can be done only by the super-user.

p
If mode
.Dv ISVTX
(the
.Sq sticky bit )
is set on a directory,
an unprivileged user may not delete or rename
files of other users in that directory.
The sticky bit may be set by any user on a directory which the user
owns or has appropriate permissions.

p
For more information about the history and properties of the sticky bit, see
.Xr sticky 7 .

p
Changing the owner of a file
turns off the set-user-id and set-group-id bits;
writing to a file
turns off the set-user-id and set-group-id bits
unless the user is the super-user.
This makes the system somewhat more secure
by protecting set-user-id (set-group-id) files
from remaining set-user-id (set-group-id) if they are modified,
at the expense of a degree of compatibility.
.Sh RETURN VALUES
.Rv -std chmod lchmod fchmod fchmodat
.Sh ERRORS
.Fn chmod ,
.Fn lchmod
and
.Fn fchmodat
will fail and the file mode will be unchanged if:
l -tag -width Er t Bq Er EACCES Search permission is denied for a component of the path prefix.
t Bq Er EFAULT .Fa path
points outside the process's allocated address space.
t Bq Er EFTYPE The effective user ID is not the super-user, the
.Fa mode
includes the sticky bit

q Dv S_ISVTX ,
and
.Fa path
does not refer to a directory.
t Bq Er EIO An I/O error occurred while reading from or writing to the file system.
t Bq Er ELOOP Too many symbolic links were encountered in translating the pathname.
t Bq Er ENAMETOOLONG A component of a pathname exceeded
rq Dv NAME_MAX characters, or an entire path name exceeded
rq Dv PATH_MAX characters.
t Bq Er ENOENT The named file does not exist.
t Bq Er ENOTDIR A component of the path prefix is not a directory.
t Bq Er EPERM The effective user ID does not match the owner of the file and
the effective user ID is not the super-user; or
the mode includes the setgid bit

q Dv S_ISGID
but the file's group is neither the effective group ID nor is it in the
group access list.
t Bq Er EROFS The named file resides on a read-only file system.
.El

p
In addition,
.Fn fchmodat
will fail if:
l -tag -width Er t Bq Er EBADF .Fa path
does not specify an absolute path and
.Fa fd
is neither
.Dv AT_FDCWD
nor a valid file descriptor open for reading or searching.
t Bq Er ENOTDIR .Fa path
is not an absolute path and
.Fa fd
is a file descriptor associated with a non-directory file.
.El

p
.Fn fchmod
will fail if:
l -tag -width Er t Bq Er EBADF The descriptor is not valid.
t Bq Er EFTYPE The effective user ID is not the super-user, the
.Fa mode
includes the sticky bit

q Dv S_ISVTX ,
and
.Fa fd
does not refer to a directory.
t Bq Er EINVAL .Fa fd
refers to a socket, not to a file.
t Bq Er EIO An I/O error occurred while reading from or writing to the file system.
t Bq Er EPERM The effective user ID does not match the owner of the file and
the effective user ID is not the super-user; or
the mode includes the setgid bit

q Dv S_ISGID
but the file's group is neither the effective group ID nor is it in the
group access list.
t Bq Er EROFS The file resides on a read-only file system.
.El
.Sh SEE ALSO
.Xr chmod 1 ,
.Xr chflags 2 ,
.Xr chown 2 ,
.Xr open 2 ,
.Xr stat 2 ,
.Xr getmode 3 ,
.Xr setmode 3 ,
.Xr sticky 7 ,
.Xr symlink 7
.Sh STANDARDS
The
.Fn chmod
function conforms to
.St -p1003.1-90 .
The
.Fn fchmod
function conforms to
.St -xpg4.2 .
The
.Fn fchmodat
function conforms to
.St -p1003.1-2008 .
.Sh HISTORY
The
.Fn chmod
function call appeared in
.At v1 .
The
.Fn fchmod
function call
appeared in
x 4.2 . The
.Fn lchmod
function call appeared in
.Nx 1.3 .