libc/sys/chmod.2

.\" Copyright (c) 1980, 1991, 1993
.\"	The Regents of the University of California.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\" 3. All advertising materials mentioning features or use of this software
.\"    must display the following acknowledgement:
.\"	This product includes software developed by the University of
.\"	California, Berkeley and its contributors.
.\" 4. Neither the name of the University nor the names of its contributors
.\"    may be used to endorse or promote products derived from this software
.\"    without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\"     @(#)chmod.2	8.1 (Berkeley) 6/4/93
.\" $FreeBSD: src/lib/libc/sys/chmod.2,v 1.16.2.7 2001/12/14 18:34:00 ru Exp $
.\"
.Dd August 9, 2009
.Dt CHMOD 2
.Os
.Sh NAME
.Nm chmod ,
.Nm fchmod ,
.Nm lchmod ,
.Nm fchmodat
.Nd change mode of file
.Sh LIBRARY
.Lb libc
.Sh SYNOPSIS
.In sys/stat.h
.Ft int
.Fn chmod "const char *path" "mode_t mode"
.Ft int
.Fn fchmod "int fd" "mode_t mode"
.Ft int
.Fn lchmod "const char *path" "mode_t mode"
.Ft int
.Fn fchmodat "int dirfd" "const char *path" "mode_t mode" "int flags"
.Sh DESCRIPTION
The file permission bits of the file named specified by
.Fa path
or referenced by the file descriptor
.Fa fd
are changed to
.Fa mode .
The
.Fn chmod
function verifies that the process owner (user) either owns
the file specified by
.Fa path
(or
.Fa fd ) ,
or
is the super-user.
The
.Fn chmod
function follows symbolic links to operate on the target of the link
rather than the link itself.
.Pp
The
.Fa lchmod
function is similar to
.Fn chmod
but does not follow symbolic links.
.Pp
The
.Fn fchmodat
function is equivalent to the
.Fn chmod
or
.Fn lchmod
functions except in the case where the
.Fa path
specifies a relative path.
In this case the file to be opened is determined relative to the directory
associated with the file descriptor
.Fa dirfd
instead of the current working directory.
If
.Fn fchmodat
is passed the special value
.Dv AT_FDCWD
in the
.Fa dirfd
parameter, the current working directory is used
and the behavior is identical to a call to
.Fn chmod
or
.Fn lchmod .
.Pp
A mode is created from
.Em or'd
permission bit masks
defined in
.In sys/stat.h :
.Pp
.Bd -literal -offset indent -compact
#define S_IRWXU 0000700    /* RWX mask for owner */
#define S_IRUSR 0000400    /* R for owner */
#define S_IWUSR 0000200    /* W for owner */
#define S_IXUSR 0000100    /* X for owner */

#define S_IRWXG 0000070    /* RWX mask for group */
#define S_IRGRP 0000040    /* R for group */
#define S_IWGRP 0000020    /* W for group */
#define S_IXGRP 0000010    /* X for group */

#define S_IRWXO 0000007    /* RWX mask for other */
#define S_IROTH 0000004    /* R for other */
#define S_IWOTH 0000002    /* W for other */
#define S_IXOTH 0000001    /* X for other */

#define S_ISUID 0004000    /* set user id on execution */
#define S_ISGID 0002000    /* set group id on execution */
#define S_ISVTX 0001000    /* sticky bit */
#ifndef _POSIX_SOURCE
#define S_ISTXT 0001000
#endif
.Ed
.Pp
The
.Dx
VM system totally ignores the sticky bit
.Pq Dv ISVTX
for executables.
On UFS-based filesystems (FFS, MFS, LFS) the sticky
bit may only be set upon directories.
.Pp
If mode
.Dv ISVTX
(the `sticky bit') is set on a directory,
an unprivileged user may not delete or rename
files of other users in that directory.
The sticky bit may be
set by any user on a directory which the user owns or has appropriate
permissions.
For more details of the properties of the sticky bit, see
.Xr sticky 8 .
.Pp
If mode ISUID (set UID) is set on a directory,
and the MNT_SUIDDIR option was used in the mount of the filesystem,
then the owner of any new files and sub-directories
created within this directory are set
to be the same as the owner of that directory.
If this function is enabled, new directories will inherit
the bit from their parents.  Execute bits are removed from
the file, and it will not be given to root.
This behavior does not change the
requirements for the user to be allowed to write the file, but only the eventual
owner after it has been created.
Group inheritance is not affected.
.Pp
This feature is designed for use on fileservers serving PC users via
ftp or SAMBA.
It provides security holes for shell users and as
such should not be used on shell machines, especially on home directories.
This option requires the SUIDDIR
option in the kernel to work.
Only UFS filesystems support this option.
For more details of the suiddir mount option, see
.Xr mount 8 .
.Pp
Writing or changing the owner of a file
turns off the set-user-id and set-group-id bits
unless the user is the super-user.
This makes the system somewhat more secure
by protecting set-user-id (set-group-id) files
from remaining set-user-id (set-group-id) if they are modified,
at the expense of a degree of compatibility.
.Pp
The values for the
.Fa flags
are constructed by a bitwise-inclusive OR of flags from the following list,
defined in
.In fcntl.h :
.Bl -tag -width indent
.It Dv AT_SYMLINK_NOFOLLOW
If
.Fa path
names a symbolic link, the mode of the symbolic link is changed.
.El
.Sh RETURN VALUES
.Rv -std
.Sh ERRORS
.Fn Chmod ,
.Fn lchmod
and
.Fn fchmodat
will fail and the file mode will be unchanged if:
.Bl -tag -width Er
.It Bq Er ENOTDIR
A component of the path prefix or
.Fa dirfd
is not a directory.
.It Bq Er ENAMETOOLONG
A component of a pathname exceeded 255 characters,
or an entire path name exceeded 1023 characters.
.It Bq Er ENOENT
The named file does not exist.
.It Bq Er EACCES
Search permission is denied for a component of the path prefix.
.It Bq Er ELOOP
Too many symbolic links were encountered in translating the pathname.
.It Bq Er EPERM
The effective user ID does not match the owner of the file and
the effective user ID is not the super-user.
.It Bq Er EROFS
The named file resides on a read-only file system.
.It Bq Er EFAULT
.Fa Path
points outside the process's allocated address space.
.It Bq Er EIO
An I/O error occurred while reading from or writing to the file system.
.It Bq Er EFTYPE
An attempt was made to set the sticky bit upon an executable.
.El
.Pp
.Fn Fchmod
will fail if:
.Bl -tag -width Er
.It Bq Er EBADF
The descriptor is not valid.
.It Bq Er EINVAL
.Fa fd
refers to a socket, not to a file.
.It Bq Er EROFS
The file resides on a read-only file system.
.It Bq Er EIO
An I/O error occurred while reading from or writing to the file system.
.El
.Sh SEE ALSO
.Xr chmod 1 ,
.Xr chown 2 ,
.Xr open 2 ,
.Xr stat 2 ,
.Xr sticky 8
.Sh STANDARDS
The
.Fn chmod
function call is expected to conform to
.St -p1003.1-90 ,
except for the return of
.Er EFTYPE
and the use of
.Dv S_ISTXT .
.Sh HISTORY
A
.Fn chmod
function call appeared in
.At v7 .
The
.Fn fchmod
function call
appeared in
.Bx 4.2 .
The
.Fn lchmod
function call appeared in
.Fx 3.0 .
.Pp
The
.Fn fchmodat
system call appeared in
.Dx 2.3 .