[thirdparty/man-pages.git] / man2 / chmod.2

.\" Hey Emacs! This file is -*- nroff -*- source.
.\"
.\" Copyright (c) 1992 Drew Eckhardt (drew@cs.colorado.edu), March 28, 1992
.\"
.\" Permission is granted to make and distribute verbatim copies of this
.\" manual provided the copyright notice and this permission notice are
.\" preserved on all copies.
.\"
.\" Permission is granted to copy and distribute modified versions of this
.\" manual under the conditions for verbatim copying, provided that the
.\" entire resulting derived work is distributed under the terms of a
.\" permission notice identical to this one.
.\"
.\" Since the Linux kernel and libraries are constantly changing, this
.\" manual page may be incorrect or out-of-date.  The author(s) assume no
.\" responsibility for errors or omissions, or for damages resulting from
.\" the use of the information contained herein.  The author(s) may not
.\" have taken the same level of care in the production of this manual,
.\" which is licensed free of charge, as they might when working
.\" professionally.
.\"
.\" Formatted or processed versions of this manual, if unaccompanied by
.\" the source, must acknowledge the copyright and authors of this work.
.\"
.\" Modified by Michael Haardt <michael@moria.de>
.\" Modified 1993-07-21 by Rik Faith <faith@cs.unc.edu>
.\" Modified 1997-01-12 by Michael Haardt
.\"   <michael@cantor.informatik.rwth-aachen.de>: NFS details
.\" Modified 2004-06-23 by Michael Kerrisk <mtk.manpages@gmail.com>
.\"
.TH CHMOD 2 2010-09-26 "Linux" "Linux Programmer's Manual"
.SH NAME
chmod, fchmod \- change permissions of a file
.SH SYNOPSIS
.B #include <sys/stat.h>
.sp
.BI "int chmod(const char *" path ", mode_t " mode );
.br
.BI "int fchmod(int " fd ", mode_t " mode );
.sp
.in -4n
Feature Test Macro Requirements for glibc (see
.BR feature_test_macros (7)):
.in
.sp
.ad l
.PD 0
.BR fchmod ():
.RS 4
_BSD_SOURCE ||
_XOPEN_SOURCE\ >=\ 500 ||
_XOPEN_SOURCE\ &&\ _XOPEN_SOURCE_EXTENDED
.br
|| /* Since glibc 2.12: */ _POSIX_C_SOURCE\ >=\ 200809L
.RE
.PD
.ad
.SH DESCRIPTION
These system calls change the permissions of a file.
They differ only in how the file is specified:
.IP * 2
.BR chmod ()
changes the permissions of the file specified whose pathname is given in
.IR path ,
which is dereferenced if it is a symbolic link.
.IP *
.BR fchmod ()
changes the permissions of the file referred to by the open file descriptor
.IR fd .
.PP
The new file permissions are specified in
.IR mode ,
which is a bit mask created by ORing together zero or
more of the following:
.TP 18
.BR S_ISUID "  (04000)"
set-user-ID (set process effective user ID on
.BR execve (2))
.TP
.BR S_ISGID "  (02000)"
set-group-ID (set process effective group ID on
.BR execve (2);
mandatory locking, as described in
.BR fcntl (2);
take a new file's group from parent directory, as described in
.BR chown (2)
and
.BR mkdir (2))
.TP
.BR S_ISVTX "  (01000)"
sticky bit (restricted deletion flag, as described in
.BR unlink (2))
.TP
.BR S_IRUSR "  (00400)"
read by owner
.TP
.BR S_IWUSR "  (00200)"
write by owner
.TP
.BR S_IXUSR "  (00100)"
execute/search by owner ("search" applies for directories,
and means that entries within the directory can be accessed)
.TP
.BR S_IRGRP "  (00040)"
read by group
.TP
.BR S_IWGRP "  (00020)"
write by group
.TP
.BR S_IXGRP "  (00010)"
execute/search by group
.TP
.BR S_IROTH "  (00004)"
read by others
.TP
.BR S_IWOTH "  (00002)"
write by others
.TP
.BR S_IXOTH "  (00001)"
execute/search by others
.PP
The effective UID of the calling process must match the owner of the file,
or the process must be privileged (Linux: it must have the
.B CAP_FOWNER
capability).

If the calling process is not privileged (Linux: does not have the
.B CAP_FSETID
capability), and the group of the file does not match
the effective group ID of the process or one of its
supplementary group IDs, the
.B S_ISGID
bit will be turned off,
but this will not cause an error to be returned.

As a security measure, depending on the file system,
the set-user-ID and set-group-ID execution bits
may be turned off if a file is written.
(On Linux this occurs if the writing process does not have the
.B CAP_FSETID
capability.)
On some file systems, only the superuser can set the sticky bit,
which may have a special meaning.
For the sticky bit, and for set-user-ID and set-group-ID bits on
directories, see
.BR stat (2).

On NFS file systems, restricting the permissions will immediately influence
already open files, because the access control is done on the server, but
open files are maintained by the client.
Widening the permissions may be
delayed for other clients if attribute caching is enabled on them.
.SH RETURN VALUE
On success, zero is returned.
On error, \-1 is returned, and
.I errno
is set appropriately.
.SH ERRORS
Depending on the file system, other errors can be returned.
The more general errors for
.BR chmod ()
are listed below:
.TP
.B EACCES
Search permission is denied on a component of the path prefix.
(See also
.BR path_resolution (7).)
.TP
.B EFAULT
.I path
points outside your accessible address space.
.TP
.B EIO
An I/O error occurred.
.TP
.B ELOOP
Too many symbolic links were encountered in resolving
.IR path .
.TP
.B ENAMETOOLONG
.I path
is too long.
.TP
.B ENOENT
The file does not exist.
.TP
.B ENOMEM
Insufficient kernel memory was available.
.TP
.B ENOTDIR
A component of the path prefix is not a directory.
.TP
.B EPERM
The effective UID does not match the owner of the file,
and the process is not privileged (Linux: it does not have the
.B CAP_FOWNER
capability).
.TP
.B EROFS
The named file resides on a read-only file system.
.PP
The general errors for
.BR fchmod ()
are listed below:
.TP
.B EBADF
The file descriptor
.I fd
is not valid.
.TP
.B EIO
See above.
.TP
.B EPERM
See above.
.TP
.B EROFS
See above.
.SH CONFORMING TO
4.4BSD, SVr4, POSIX.1-2001.
.SH SEE ALSO
.BR chown (2),
.BR execve (2),
.BR fchmodat (2),
.BR open (2),
.BR stat (2),
.BR path_resolution (7)
Commit	Line	Data
fea681da MK	1	.\" Hey Emacs! This file is -- nroff -- source.
	2	.\"
	3	.\" Copyright (c) 1992 Drew Eckhardt (drew@cs.colorado.edu), March 28, 1992
	4	.\"
	5	.\" Permission is granted to make and distribute verbatim copies of this
	6	.\" manual provided the copyright notice and this permission notice are
	7	.\" preserved on all copies.
	8	.\"
	9	.\" Permission is granted to copy and distribute modified versions of this
	10	.\" manual under the conditions for verbatim copying, provided that the
	11	.\" entire resulting derived work is distributed under the terms of a
	12	.\" permission notice identical to this one.
c13182ef	13	.\"
fea681da MK	14	.\" Since the Linux kernel and libraries are constantly changing, this
	15	.\" manual page may be incorrect or out-of-date. The author(s) assume no
	16	.\" responsibility for errors or omissions, or for damages resulting from
	17	.\" the use of the information contained herein. The author(s) may not
	18	.\" have taken the same level of care in the production of this manual,
	19	.\" which is licensed free of charge, as they might when working
	20	.\" professionally.
c13182ef	21	.\"
fea681da MK	22	.\" Formatted or processed versions of this manual, if unaccompanied by
	23	.\" the source, must acknowledge the copyright and authors of this work.
	24	.\"
	25	.\" Modified by Michael Haardt <michael@moria.de>
	26	.\" Modified 1993-07-21 by Rik Faith <faith@cs.unc.edu>
	27	.\" Modified 1997-01-12 by Michael Haardt
	28	.\" <michael@cantor.informatik.rwth-aachen.de>: NFS details
c11b1abf	29	.\" Modified 2004-06-23 by Michael Kerrisk <mtk.manpages@gmail.com>
fea681da	30	.\"
7990e026	31	.TH CHMOD 2 2010-09-26 "Linux" "Linux Programmer's Manual"
fea681da MK	32	.SH NAME
	33	chmod, fchmod \- change permissions of a file
	34	.SH SYNOPSIS
fea681da MK	35	.B #include <sys/stat.h>
	36	.sp
	37	.BI "int chmod(const char *" path ", mode_t " mode );
	38	.br
47752f33	39	.BI "int fchmod(int " fd ", mode_t " mode );
cc4615cc MK	40	.sp
	41	.in -4n
	42	Feature Test Macro Requirements for glibc (see
	43	.BR feature_test_macros (7)):
	44	.in
	45	.sp
65d3ffd9 MK	46	.ad l
65d3ffd9 MK	47	.PD 0
cc4615cc	48	.BR fchmod ():
65d3ffd9	49	.RS 4
65d3ffd9 MK	50	_BSD_SOURCE \|\|
	51	_XOPEN_SOURCE\ >=\ 500 \|\|
	52	_XOPEN_SOURCE\ &&\ _XOPEN_SOURCE_EXTENDED
3ba63d80	53	.br
28e7ac24	54	\|\| /* Since glibc 2.12: */ _POSIX_C_SOURCE\ >=\ 200809L
c9f2ff9d	55	.RE
65d3ffd9 MK	56	.PD
65d3ffd9 MK	57	.ad
fea681da	58	.SH DESCRIPTION
0689a4da MK	59	These system calls change the permissions of a file.
	60	They differ only in how the file is specified:
	61	.IP * 2
	62	.BR chmod ()
	63	changes the permissions of the file specified whose pathname is given in
	64	.IR path ,
	65	which is dereferenced if it is a symbolic link.
	66	.IP *
	67	.BR fchmod ()
	68	changes the permissions of the file referred to by the open file descriptor
	69	.IR fd .
	70	.PP
	71	The new file permissions are specified in
	72	.IR mode ,
	73	which is a bit mask created by ORing together zero or
	74	more of the following:
	75	.TP 18
	76	.BR S_ISUID " (04000)"
	77	set-user-ID (set process effective user ID on
	78	.BR execve (2))
fea681da	79	.TP
0689a4da MK	80	.BR S_ISGID " (02000)"
	81	set-group-ID (set process effective group ID on
	82	.BR execve (2);
	83	mandatory locking, as described in
	84	.BR fcntl (2);
	85	take a new file's group from parent directory, as described in
	86	.BR chown (2)
	87	and
	88	.BR mkdir (2))
fea681da	89	.TP
0689a4da MK	90	.BR S_ISVTX " (01000)"
	91	sticky bit (restricted deletion flag, as described in
	92	.BR unlink (2))
fea681da	93	.TP
0689a4da MK	94	.BR S_IRUSR " (00400)"
0689a4da MK	95	read by owner
fea681da	96	.TP
0689a4da MK	97	.BR S_IWUSR " (00200)"
0689a4da MK	98	write by owner
fea681da	99	.TP
0689a4da MK	100	.BR S_IXUSR " (00100)"
	101	execute/search by owner ("search" applies for directories,
	102	and means that entries within the directory can be accessed)
fea681da	103	.TP
0689a4da MK	104	.BR S_IRGRP " (00040)"
0689a4da MK	105	read by group
fea681da	106	.TP
0689a4da MK	107	.BR S_IWGRP " (00020)"
0689a4da MK	108	write by group
fea681da	109	.TP
0689a4da MK	110	.BR S_IXGRP " (00010)"
0689a4da MK	111	execute/search by group
fea681da	112	.TP
0689a4da MK	113	.BR S_IROTH " (00004)"
0689a4da MK	114	read by others
fea681da	115	.TP
0689a4da MK	116	.BR S_IWOTH " (00002)"
0689a4da MK	117	write by others
fea681da	118	.TP
0689a4da MK	119	.BR S_IXOTH " (00001)"
0689a4da MK	120	execute/search by others
cf0a9ace	121	.PP
fea681da MK	122	The effective UID of the calling process must match the owner of the file,
	123	or the process must be privileged (Linux: it must have the
	124	.B CAP_FOWNER
	125	capability).
	126
	127	If the calling process is not privileged (Linux: does not have the
	128	.B CAP_FSETID
	129	capability), and the group of the file does not match
	130	the effective group ID of the process or one of its
682edefb MK	131	supplementary group IDs, the
	132	.B S_ISGID
	133	bit will be turned off,
fea681da MK	134	but this will not cause an error to be returned.
	135
	136	As a security measure, depending on the file system,
c7400a2c	137	the set-user-ID and set-group-ID execution bits
fea681da MK	138	may be turned off if a file is written.
	139	(On Linux this occurs if the writing process does not have the
	140	.B CAP_FSETID
	141	capability.)
2c8d1c7d	142	On some file systems, only the superuser can set the sticky bit,
fea681da	143	which may have a special meaning.
c7400a2c	144	For the sticky bit, and for set-user-ID and set-group-ID bits on
fea681da MK	145	directories, see
	146	.BR stat (2).
	147
	148	On NFS file systems, restricting the permissions will immediately influence
	149	already open files, because the access control is done on the server, but
c13182ef MK	150	open files are maintained by the client.
c13182ef MK	151	Widening the permissions may be
fea681da	152	delayed for other clients if attribute caching is enabled on them.
47297adb	153	.SH RETURN VALUE
c13182ef MK	154	On success, zero is returned.
c13182ef MK	155	On error, \-1 is returned, and
fea681da MK	156	.I errno
	157	is set appropriately.
	158	.SH ERRORS
c13182ef MK	159	Depending on the file system, other errors can be returned.
c13182ef MK	160	The more general errors for
e511ffb6	161	.BR chmod ()
fea681da	162	are listed below:
fea681da MK	163	.TP
	164	.B EACCES
	165	Search permission is denied on a component of the path prefix.
	166	(See also
ad7cc990	167	.BR path_resolution (7).)
fea681da MK	168	.TP
	169	.B EFAULT
	170	.I path
	171	points outside your accessible address space.
	172	.TP
	173	.B EIO
	174	An I/O error occurred.
	175	.TP
	176	.B ELOOP
	177	Too many symbolic links were encountered in resolving
	178	.IR path .
	179	.TP
	180	.B ENAMETOOLONG
	181	.I path
	182	is too long.
	183	.TP
	184	.B ENOENT
	185	The file does not exist.
	186	.TP
	187	.B ENOMEM
	188	Insufficient kernel memory was available.
	189	.TP
	190	.B ENOTDIR
	191	A component of the path prefix is not a directory.
	192	.TP
	193	.B EPERM
	194	The effective UID does not match the owner of the file,
	195	and the process is not privileged (Linux: it does not have the
	196	.B CAP_FOWNER
	197	capability).
	198	.TP
	199	.B EROFS
	200	The named file resides on a read-only file system.
	201	.PP
	202	The general errors for
e511ffb6	203	.BR fchmod ()
fea681da MK	204	are listed below:
	205	.TP
	206	.B EBADF
	207	The file descriptor
47752f33	208	.I fd
fea681da MK	209	is not valid.
	210	.TP
	211	.B EIO
	212	See above.
	213	.TP
	214	.B EPERM
	215	See above.
	216	.TP
	217	.B EROFS
	218	See above.
47297adb	219	.SH CONFORMING TO
97c1eac8	220	4.4BSD, SVr4, POSIX.1-2001.
47297adb	221	.SH SEE ALSO
fea681da MK	222	.BR chown (2),
fea681da MK	223	.BR execve (2),
22e3b8b1	224	.BR fchmodat (2),
fea681da	225	.BR open (2),
ad7cc990 MK	226	.BR stat (2),
ad7cc990 MK	227	.BR path_resolution (7)