1 .\" Copyright (c) 1992 Drew Eckhardt (drew@cs.colorado.edu), March 28, 1992
2 .\" and Copyright (C) 2006, 2014 Michael Kerrisk
4 .\" SPDX-License-Identifier: Linux-man-pages-copyleft
6 .\" Modified by Michael Haardt <michael@moria.de>
7 .\" Modified 1993-07-21 by Rik Faith <faith@cs.unc.edu>
8 .\" Modified 1997-01-12 by Michael Haardt
9 .\" <michael@cantor.informatik.rwth-aachen.de>: NFS details
10 .\" Modified 2004-06-23 by Michael Kerrisk <mtk.manpages@gmail.com>
12 .TH CHMOD 2 2021-08-27 "Linux man-pages (unreleased)" "Linux Programmer's Manual"
14 chmod, fchmod, fchmodat \- change permissions of a file
17 .RI ( libc ", " \-lc )
20 .B #include <sys/stat.h>
22 .BI "int chmod(const char *" pathname ", mode_t " mode );
23 .BI "int fchmod(int " fd ", mode_t " mode );
25 .BR "#include <fcntl.h>" " /* Definition of AT_* constants */"
26 .B #include <sys/stat.h>
28 .BI "int fchmodat(int " dirfd ", const char *" pathname ", mode_t " \
29 mode ", int " flags );
33 Feature Test Macro Requirements for glibc (see
34 .BR feature_test_macros (7)):
40 _POSIX_C_SOURCE >= 199309L
41 .\" || (_XOPEN_SOURCE && _XOPEN_SOURCE_EXTENDED)
45 _BSD_SOURCE || _POSIX_C_SOURCE
47 _BSD_SOURCE || _XOPEN_SOURCE >= 500
48 || _POSIX_C_SOURCE >= 200809L
49 Glibc 2.11 and earlier:
50 _BSD_SOURCE || _XOPEN_SOURCE >= 500
51 .\" || (_XOPEN_SOURCE && _XOPEN_SOURCE_EXTENDED)
57 _POSIX_C_SOURCE >= 200809L
66 system calls change a file's mode bits.
67 (The file mode consists of the file permission bits plus the set-user-ID,
68 set-group-ID, and sticky bits.)
69 These system calls differ only in how the file is specified:
72 changes the mode of the file specified whose pathname is given in
74 which is dereferenced if it is a symbolic link.
77 changes the mode of the file referred to by the open file descriptor
80 The new file mode is specified in
82 which is a bit mask created by ORing together zero or
83 more of the following:
85 .BR S_ISUID " (04000)"
86 set-user-ID (set process effective user ID on
89 .BR S_ISGID " (02000)"
90 set-group-ID (set process effective group ID on
92 mandatory locking, as described in
94 take a new file's group from parent directory, as described in
99 .BR S_ISVTX " (01000)"
100 sticky bit (restricted deletion flag, as described in
103 .BR S_IRUSR " (00400)"
106 .BR S_IWUSR " (00200)"
109 .BR S_IXUSR " (00100)"
110 execute/search by owner ("search" applies for directories,
111 and means that entries within the directory can be accessed)
113 .BR S_IRGRP " (00040)"
116 .BR S_IWGRP " (00020)"
119 .BR S_IXGRP " (00010)"
120 execute/search by group
122 .BR S_IROTH " (00004)"
125 .BR S_IWOTH " (00002)"
128 .BR S_IXOTH " (00001)"
129 execute/search by others
131 The effective UID of the calling process must match the owner of the file,
132 or the process must be privileged (Linux: it must have the
136 If the calling process is not privileged (Linux: does not have the
138 capability), and the group of the file does not match
139 the effective group ID of the process or one of its
140 supplementary group IDs, the
142 bit will be turned off,
143 but this will not cause an error to be returned.
145 As a security measure, depending on the filesystem,
146 the set-user-ID and set-group-ID execution bits
147 may be turned off if a file is written.
148 (On Linux, this occurs if the writing process does not have the
151 On some filesystems, only the superuser can set the sticky bit,
152 which may have a special meaning.
153 For the sticky bit, and for set-user-ID and set-group-ID bits on
157 On NFS filesystems, restricting the permissions will immediately influence
158 already open files, because the access control is done on the server, but
159 open files are maintained by the client.
160 Widening the permissions may be
161 delayed for other clients if attribute caching is enabled on them.
167 system call operates in exactly the same way as
169 except for the differences described here.
171 If the pathname given in
173 is relative, then it is interpreted relative to the directory
174 referred to by the file descriptor
176 (rather than relative to the current working directory of
177 the calling process, as is done by
179 for a relative pathname).
189 is interpreted relative to the current working
190 directory of the calling process (like
200 can either be 0, or include the following flag:
202 .B AT_SYMLINK_NOFOLLOW
205 is a symbolic link, do not dereference it:
206 instead operate on the link itself.
207 This flag is not currently implemented.
211 for an explanation of the need for
214 On success, zero is returned.
215 On error, \-1 is returned, and
217 is set to indicate the error.
219 Depending on the filesystem,
220 errors other than those listed below can be returned.
222 The more general errors for
227 Search permission is denied on a component of the path prefix.
229 .BR path_resolution (7).)
244 nor a valid file descriptor.
248 points outside your accessible address space.
252 Invalid flag specified in
256 An I/O error occurred.
259 Too many symbolic links were encountered in resolving
267 The file does not exist.
270 Insufficient kernel memory was available.
273 A component of the path prefix is not a directory.
280 is a file descriptor referring to a file other than a directory.
286 .BR AT_SYMLINK_NOFOLLOW ,
287 which is not supported.
290 The effective UID does not match the owner of the file,
291 and the process is not privileged (Linux: it does not have the
296 The file is marked immutable or append-only.
298 .BR ioctl_iflags (2).)
301 The named file resides on a read-only filesystem.
304 was added to Linux in kernel 2.6.16;
305 library support was added to glibc in version 2.4.
309 4.4BSD, SVr4, POSIX.1-2001i, POSIX.1-2008.
314 .SS C library/kernel differences
317 wrapper function implements the POSIX-specified
318 interface described in this page.
319 This interface differs from the underlying Linux system call, which does
325 On older kernels where
327 is unavailable, the glibc wrapper function falls back to the use of
331 is a relative pathname,
332 glibc constructs a pathname based on the symbolic link in
334 that corresponds to the
344 .BR path_resolution (7),