1 .\" Copyright (c) 1992 Drew Eckhardt (drew@cs.colorado.edu), March 28, 1992
2 .\" and Copyright (C) 2006, 2014 Michael Kerrisk
4 .\" %%%LICENSE_START(VERBATIM)
5 .\" Permission is granted to make and distribute verbatim copies of this
6 .\" manual provided the copyright notice and this permission notice are
7 .\" preserved on all copies.
9 .\" Permission is granted to copy and distribute modified versions of this
10 .\" manual under the conditions for verbatim copying, provided that the
11 .\" entire resulting derived work is distributed under the terms of a
12 .\" permission notice identical to this one.
14 .\" Since the Linux kernel and libraries are constantly changing, this
15 .\" manual page may be incorrect or out-of-date. The author(s) assume no
16 .\" responsibility for errors or omissions, or for damages resulting from
17 .\" the use of the information contained herein. The author(s) may not
18 .\" have taken the same level of care in the production of this manual,
19 .\" which is licensed free of charge, as they might when working
22 .\" Formatted or processed versions of this manual, if unaccompanied by
23 .\" the source, must acknowledge the copyright and authors of this work.
26 .\" Modified by Michael Haardt <michael@moria.de>
27 .\" Modified 1993-07-21 by Rik Faith <faith@cs.unc.edu>
28 .\" Modified 1997-01-12 by Michael Haardt
29 .\" <michael@cantor.informatik.rwth-aachen.de>: NFS details
30 .\" Modified 2004-06-23 by Michael Kerrisk <mtk.manpages@gmail.com>
32 .TH CHMOD 2 2016-03-15 "Linux" "Linux Programmer's Manual"
34 chmod, fchmod, fchmodat \- change permissions of a file
37 .B #include <sys/stat.h>
39 .BI "int chmod(const char *" pathname ", mode_t " mode );
41 .BI "int fchmod(int " fd ", mode_t " mode );
43 .BR "#include <fcntl.h>" " /* Definition of AT_* constants */"
44 .B #include <sys/stat.h>
46 .BI "int fchmodat(int " dirfd ", const char *" pathname ", mode_t " \
47 mode ", int " flags );
51 Feature Test Macro Requirements for glibc (see
52 .BR feature_test_macros (7)):
59 /* Since glibc 2.16: */ _POSIX_C_SOURCE
60 || /* Glibc versions <= 2.19: */ _BSD_SOURCE
61 || /* Glibc versions <= 2.15: */ _XOPEN_SOURCE\ >=\ 500
62 .\" || _XOPEN_SOURCE\ &&\ _XOPEN_SOURCE_EXTENDED
63 || /* Glibc 2.12 to 2.15: */ _POSIX_C_SOURCE\ >=\ 200809L
73 _POSIX_C_SOURCE\ >=\ 200809L
86 system calls change a files mode bits.
87 (The file mode consists of the file permission bits plus the set-user-ID,
88 set-group-ID, and sticky bits.)
89 These system calls differ only in how the file is specified:
92 changes the mode of the file specified whose pathname is given in
94 which is dereferenced if it is a symbolic link.
97 changes the mode of the file referred to by the open file descriptor
100 The new file mode is specified in
102 which is a bit mask created by ORing together zero or
103 more of the following:
105 .BR S_ISUID " (04000)"
106 set-user-ID (set process effective user ID on
109 .BR S_ISGID " (02000)"
110 set-group-ID (set process effective group ID on
112 mandatory locking, as described in
114 take a new file's group from parent directory, as described in
119 .BR S_ISVTX " (01000)"
120 sticky bit (restricted deletion flag, as described in
123 .BR S_IRUSR " (00400)"
126 .BR S_IWUSR " (00200)"
129 .BR S_IXUSR " (00100)"
130 execute/search by owner ("search" applies for directories,
131 and means that entries within the directory can be accessed)
133 .BR S_IRGRP " (00040)"
136 .BR S_IWGRP " (00020)"
139 .BR S_IXGRP " (00010)"
140 execute/search by group
142 .BR S_IROTH " (00004)"
145 .BR S_IWOTH " (00002)"
148 .BR S_IXOTH " (00001)"
149 execute/search by others
151 The effective UID of the calling process must match the owner of the file,
152 or the process must be privileged (Linux: it must have the
156 If the calling process is not privileged (Linux: does not have the
158 capability), and the group of the file does not match
159 the effective group ID of the process or one of its
160 supplementary group IDs, the
162 bit will be turned off,
163 but this will not cause an error to be returned.
165 As a security measure, depending on the filesystem,
166 the set-user-ID and set-group-ID execution bits
167 may be turned off if a file is written.
168 (On Linux, this occurs if the writing process does not have the
171 On some filesystems, only the superuser can set the sticky bit,
172 which may have a special meaning.
173 For the sticky bit, and for set-user-ID and set-group-ID bits on
177 On NFS filesystems, restricting the permissions will immediately influence
178 already open files, because the access control is done on the server, but
179 open files are maintained by the client.
180 Widening the permissions may be
181 delayed for other clients if attribute caching is enabled on them.
187 system call operates in exactly the same way as
189 except for the differences described here.
191 If the pathname given in
193 is relative, then it is interpreted relative to the directory
194 referred to by the file descriptor
196 (rather than relative to the current working directory of
197 the calling process, as is done by
199 for a relative pathname).
209 is interpreted relative to the current working
210 directory of the calling process (like
220 can either be 0, or include the following flag:
222 .B AT_SYMLINK_NOFOLLOW
225 is a symbolic link, do not dereference it:
226 instead operate on the link itself.
227 This flag is not currently implemented.
231 for an explanation of the need for
234 On success, zero is returned.
235 On error, \-1 is returned, and
237 is set appropriately.
239 Depending on the filesystem,
240 errors other than those listed below can be returned.
242 The more general errors for
247 Search permission is denied on a component of the path prefix.
249 .BR path_resolution (7).)
253 points outside your accessible address space.
256 An I/O error occurred.
259 Too many symbolic links were encountered in resolving
267 The file does not exist.
270 Insufficient kernel memory was available.
273 A component of the path prefix is not a directory.
276 The effective UID does not match the owner of the file,
277 and the process is not privileged (Linux: it does not have the
282 The named file resides on a read-only filesystem.
284 The general errors for
302 The same errors that occur for
306 The following additional errors can occur for
311 is not a valid file descriptor.
314 Invalid flag specified in
321 is a file descriptor referring to a file other than a directory.
326 .BR AT_SYMLINK_NOFOLLOW ,
327 which is not supported.
330 was added to Linux in kernel 2.6.16;
331 library support was added to glibc in version 2.4.
335 4.4BSD, SVr4, POSIX.1-2001i, POSIX.1-2008.
340 .SS C library/kernel differences
343 wrapper function implements the POSIX-specified
344 interface described in this page.
345 This interface differs from the underlying Linux system call, which does
351 On older kernels where
353 is unavailable, the glibc wrapper function falls back to the use of
357 is a relative pathname,
358 glibc constructs a pathname based on the symbolic link in
360 that corresponds to the
369 .BR path_resolution (7),