1 .\" Copyright (c) 1992 Drew Eckhardt (drew@cs.colorado.edu), March 28, 1992
2 .\" and Copyright (c) 1998 Andries Brouwer (aeb@cwi.nl)
3 .\" and Copyright (c) 2006, 2007, 2008, 2014 Michael Kerrisk <mtk.manpages@gmail.com>
5 .\" %%%LICENSE_START(VERBATIM)
6 .\" Permission is granted to make and distribute verbatim copies of this
7 .\" manual provided the copyright notice and this permission notice are
8 .\" preserved on all copies.
10 .\" Permission is granted to copy and distribute modified versions of this
11 .\" manual under the conditions for verbatim copying, provided that the
12 .\" entire resulting derived work is distributed under the terms of a
13 .\" permission notice identical to this one.
15 .\" Since the Linux kernel and libraries are constantly changing, this
16 .\" manual page may be incorrect or out-of-date. The author(s) assume no
17 .\" responsibility for errors or omissions, or for damages resulting from
18 .\" the use of the information contained herein. The author(s) may not
19 .\" have taken the same level of care in the production of this manual,
20 .\" which is licensed free of charge, as they might when working
23 .\" Formatted or processed versions of this manual, if unaccompanied by
24 .\" the source, must acknowledge the copyright and authors of this work.
27 .\" Modified by Michael Haardt <michael@moria.de>
28 .\" Modified 1993-07-21 by Rik Faith <faith@cs.unc.edu>
29 .\" Modified 1996-07-09 by Andries Brouwer <aeb@cwi.nl>
30 .\" Modified 1996-11-06 by Eric S. Raymond <esr@thyrsus.com>
31 .\" Modified 1997-05-18 by Michael Haardt <michael@cantor.informatik.rwth-aachen.de>
32 .\" Modified 2004-06-23 by Michael Kerrisk <mtk.manpages@gmail.com>
33 .\" 2007-07-08, mtk, added an example program; updated SYNOPSIS
34 .\" 2008-05-08, mtk, Describe rules governing ownership of new files
35 .\" (bsdgroups versus sysvgroups, and the effect of the parent
36 .\" directory's set-group-ID mode bit).
38 .TH CHOWN 2 2019-03-06 "Linux" "Linux Programmer's Manual"
40 chown, fchown, lchown, fchownat \- change ownership of a file
43 .B #include <unistd.h>
45 .BI "int chown(const char *" pathname ", uid_t " owner ", gid_t " group );
46 .BI "int fchown(int " fd ", uid_t " owner ", gid_t " group );
47 .BI "int lchown(const char *" pathname ", uid_t " owner ", gid_t " group );
49 .BR "#include <fcntl.h> " "/* Definition of AT_* constants */"
50 .B #include <unistd.h>
52 .BI "int fchownat(int " dirfd ", const char *" pathname ,
53 .BI " uid_t " owner ", gid_t " group ", int " flags );
57 Feature Test Macro Requirements for glibc (see
58 .BR feature_test_macros (7)):
66 /* Since glibc 2.12: */ _POSIX_C_SOURCE\ >=\ 200809L
67 || _XOPEN_SOURCE\ >=\ 500
68 .\" || _XOPEN_SOURCE\ &&\ _XOPEN_SOURCE_EXTENDED
69 || /* Glibc versions <= 2.19: */ _BSD_SOURCE
78 _POSIX_C_SOURCE\ >=\ 200809L
86 These system calls change the owner and group of a file.
92 system calls differ only in how the file is specified:
95 changes the ownership of the file specified by
97 which is dereferenced if it is a symbolic link.
100 changes the ownership of the file referred to by the open file descriptor
106 but does not dereference symbolic links.
108 Only a privileged process (Linux: one with the
110 capability) may change the owner of a file.
111 The owner of a file may change the group of the file
112 to any group of which that owner is a member.
113 A privileged process (Linux: with
115 may change the group arbitrarily.
121 is specified as \-1, then that ID is not changed.
123 When the owner or group of an executable file is
124 changed by an unprivileged user, the
128 mode bits are cleared.
129 POSIX does not specify whether
130 this also should happen when root does the
132 the Linux behavior depends on the kernel version,
133 and since Linux 2.2.13, root is treated like other users.
134 .\" In Linux 2.0 kernels, superuser was like everyone else
135 .\" In 2.2, up to 2.2.12, these bits were not cleared for superuser.
136 .\" Since 2.2.13, superuser is once more like everyone else.
137 In case of a non-group-executable file (i.e., one for which the
141 bit indicates mandatory locking, and is not cleared by a
144 When the owner or group of an executable file is changed (by any user),
145 all capability sets for the file are cleared.
150 system call operates in exactly the same way as
152 except for the differences described here.
154 If the pathname given in
156 is relative, then it is interpreted relative to the directory
157 referred to by the file descriptor
159 (rather than relative to the current working directory of
160 the calling process, as is done by
162 for a relative pathname).
172 is interpreted relative to the current working
173 directory of the calling process (like
184 argument is a bit mask created by ORing together
185 0 or more of the following values;
187 .BR AT_EMPTY_PATH " (since Linux 2.6.39)"
188 .\" commit 65cfc6722361570bfe255698d9cd4dccaf47570d
191 is an empty string, operate on the file referred to by
193 (which may have been obtained using the
199 can refer to any type of file, not just a directory.
204 the call operates on the current working directory.
205 This flag is Linux-specific; define
207 .\" Before glibc 2.16, defining _ATFILE_SOURCE sufficed
208 to obtain its definition.
210 .B AT_SYMLINK_NOFOLLOW
213 is a symbolic link, do not dereference it:
214 instead operate on the link itself, like
218 dereferences symbolic links, like
223 for an explanation of the need for
226 On success, zero is returned.
227 On error, \-1 is returned, and
229 is set appropriately.
231 Depending on the filesystem,
232 errors other than those listed below can be returned.
234 The more general errors for
239 Search permission is denied on a component of the path prefix.
241 .BR path_resolution (7).)
245 points outside your accessible address space.
248 Too many symbolic links were encountered in resolving
256 The file does not exist.
259 Insufficient kernel memory was available.
262 A component of the path prefix is not a directory.
265 The calling process did not have the required permissions
266 (see above) to change owner and/or group.
269 The file is marked immutable or append-only.
271 .BR ioctl_iflags (2).)
274 The named file resides on a read-only filesystem.
276 The general errors for
282 is not a valid open file descriptor.
285 A low-level I/O error occurred while modifying the inode.
296 The same errors that occur for
300 The following additional errors can occur for
305 is not a valid file descriptor.
308 Invalid flag specified in
315 is a file descriptor referring to a file other than a directory.
318 was added to Linux in kernel 2.6.16;
319 library support was added to glibc in version 2.4.
324 4.4BSD, SVr4, POSIX.1-2001, POSIX.1-2008.
326 The 4.4BSD version can be
327 used only by the superuser (that is, ordinary users cannot give away files).
329 .\" SVr4 documents EINVAL, EINTR, ENOLINK and EMULTIHOP returns, but no
330 .\" ENOMEM. POSIX.1 does not document ENOMEM or ELOOP error conditions.
332 .\" SVr4 documents additional EINVAL, EIO, EINTR, and ENOLINK
333 .\" error conditions.
338 .SS Ownership of new files
339 When a new file is created (by, for example,
343 its owner is made the same as the filesystem user ID of the
345 The group of the file depends on a range of factors,
346 including the type of filesystem,
347 the options used to mount the filesystem,
348 and whether or not the set-group-ID mode bit is enabled
349 on the parent directory.
350 If the filesystem supports the
353 .BR "\-o\ bsdgroups" )
357 .BR "\-o\ sysvgroups" )
359 options, then the rules are as follows:
361 If the filesystem is mounted with
363 then the group of a new file is made
364 the same as that of the parent directory.
366 If the filesystem is mounted with
368 and the set-group-ID bit is disabled on the parent directory,
369 then the group of a new file is made the same as the
370 process's filesystem GID.
372 If the filesystem is mounted with
374 and the set-group-ID bit is enabled on the parent directory,
375 then the group of a new file is made
376 the same as that of the parent directory.
383 mount options are supported by ext2, ext3, ext4, and XFS.
384 Filesystems that don't support these mount options follow the
388 On older kernels where
390 is unavailable, the glibc wrapper function falls back to the use of
396 is a relative pathname,
397 glibc constructs a pathname based on the symbolic link in
399 that corresponds to the
405 semantics are deliberately violated on NFS filesystems
406 which have UID mapping enabled.
407 Additionally, the semantics of all system
408 calls which access the file contents are violated, because
410 may cause immediate access revocation on already open files.
412 caching may lead to a delay between the time where ownership have
413 been changed to allow access for a user and the time where the file can
414 actually be accessed by the user on other clients.
415 .SS Historical details
421 system calls supported only 16-bit user and group IDs.
422 Subsequently, Linux 2.4 added
427 supporting 32-bit IDs.
433 wrapper functions transparently deal with the variations across kernel versions.
435 In versions of Linux prior to 2.1.81 (and distinct from 2.1.46),
437 did not follow symbolic links.
440 does follow symbolic links, and there is a new system call
442 that does not follow symbolic links.
443 Since Linux 2.1.86, this new call (that has the same semantics
446 has got the same syscall number, and
448 got the newly introduced number.
451 The following program changes the ownership of the file named in
452 its second command-line argument to the value specified in its
453 first command-line argument.
454 The new owner can be specified either as a numeric user ID,
455 or as a username (which is converted to a user ID by using
457 to perform a lookup in the system password file).
466 main(int argc, char *argv[])
472 if (argc != 3 || argv[1][0] == \(aq\e0\(aq) {
473 fprintf(stderr, "%s <owner> <file>\en", argv[0]);
477 uid = strtol(argv[1], &endptr, 10); /* Allow a numeric string */
479 if (*endptr != \(aq\e0\(aq) { /* Was not pure numeric string */
480 pwd = getpwnam(argv[1]); /* Try getting UID for username */
489 if (chown(argv[2], uid, \-1) == \-1) {
502 .BR path_resolution (7),