1.\" Copyright (c) 1980, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. All advertising materials mentioning features or use of this software 13.\" must display the following acknowledgement: 14.\" This product includes software developed by the University of 15.\" California, Berkeley and its contributors. 16.\" 4. Neither the name of the University nor the names of its contributors 17.\" may be used to endorse or promote products derived from this software 18.\" without specific prior written permission. 19.\" 20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30.\" SUCH DAMAGE. 31.\" 32.\" @(#)chmod.2 8.1 (Berkeley) 6/4/93 33.\" $FreeBSD: src/lib/libc/sys/chmod.2,v 1.16.2.7 2001/12/14 18:34:00 ru Exp $ 34.\" $DragonFly: src/lib/libc/sys/chmod.2,v 1.4 2006/05/26 19:39:37 swildner Exp $ 35.\" 36.Dd August 9, 2009 37.Dt CHMOD 2 38.Os 39.Sh NAME 40.Nm chmod , 41.Nm fchmod , 42.Nm lchmod , 43.Nm fchmodat 44.Nd change mode of file 45.Sh LIBRARY 46.Lb libc 47.Sh SYNOPSIS 48.In sys/stat.h 49.Ft int 50.Fn chmod "const char *path" "mode_t mode" 51.Ft int 52.Fn fchmod "int fd" "mode_t mode" 53.Ft int 54.Fn lchmod "const char *path" "mode_t mode" 55.Ft int 56.Fn fchmodat "int dirfd" "const char *path" "mode_t mode" "int flags" 57.Sh DESCRIPTION 58The file permission bits of the file named specified by 59.Fa path 60or referenced by the file descriptor 61.Fa fd 62are changed to 63.Fa mode . 64The 65.Fn chmod 66function verifies that the process owner (user) either owns 67the file specified by 68.Fa path 69(or 70.Fa fd ) , 71or 72is the super-user. 73The 74.Fn chmod 75function follows symbolic links to operate on the target of the link 76rather than the link itself. 77.Pp 78The 79.Fa lchmod 80function is similar to 81.Fn chmod 82but does not follow symbolic links. 83.Pp 84The 85.Fn fchmodat 86function is equivalent to the 87.Fn chmod 88or 89.Fn lchmod 90functions except in the case where the 91.Fa path 92specifies a relative path. 93In this case the file to be opened is determined relative to the directory 94associated with the file descriptor 95.Fa dirfd 96instead of the current working directory. 97If 98.Fn fchmodat 99is passed the special value 100.Dv AT_FDCWD 101in the 102.Fa dirfd 103parameter, the current working directory is used 104and the behavior is identical to a call to 105.Fn chmod 106or 107.Fn lchmod . 108.Pp 109A mode is created from 110.Em or'd 111permission bit masks 112defined in 113.In sys/stat.h : 114.Pp 115.Bd -literal -offset indent -compact 116#define S_IRWXU 0000700 /* RWX mask for owner */ 117#define S_IRUSR 0000400 /* R for owner */ 118#define S_IWUSR 0000200 /* W for owner */ 119#define S_IXUSR 0000100 /* X for owner */ 120 121#define S_IRWXG 0000070 /* RWX mask for group */ 122#define S_IRGRP 0000040 /* R for group */ 123#define S_IWGRP 0000020 /* W for group */ 124#define S_IXGRP 0000010 /* X for group */ 125 126#define S_IRWXO 0000007 /* RWX mask for other */ 127#define S_IROTH 0000004 /* R for other */ 128#define S_IWOTH 0000002 /* W for other */ 129#define S_IXOTH 0000001 /* X for other */ 130 131#define S_ISUID 0004000 /* set user id on execution */ 132#define S_ISGID 0002000 /* set group id on execution */ 133#define S_ISVTX 0001000 /* sticky bit */ 134#ifndef _POSIX_SOURCE 135#define S_ISTXT 0001000 136#endif 137.Ed 138.Pp 139The 140.Dx 141VM system totally ignores the sticky bit 142.Pq Dv ISVTX 143for executables. 144On UFS-based filesystems (FFS, MFS, LFS) the sticky 145bit may only be set upon directories. 146.Pp 147If mode 148.Dv ISVTX 149(the `sticky bit') is set on a directory, 150an unprivileged user may not delete or rename 151files of other users in that directory. 152The sticky bit may be 153set by any user on a directory which the user owns or has appropriate 154permissions. 155For more details of the properties of the sticky bit, see 156.Xr sticky 8 . 157.Pp 158If mode ISUID (set UID) is set on a directory, 159and the MNT_SUIDDIR option was used in the mount of the filesystem, 160then the owner of any new files and sub-directories 161created within this directory are set 162to be the same as the owner of that directory. 163If this function is enabled, new directories will inherit 164the bit from their parents. Execute bits are removed from 165the file, and it will not be given to root. 166This behavior does not change the 167requirements for the user to be allowed to write the file, but only the eventual 168owner after it has been created. 169Group inheritance is not affected. 170.Pp 171This feature is designed for use on fileservers serving PC users via 172ftp, SAMBA, or netatalk. 173It provides security holes for shell users and as 174such should not be used on shell machines, especially on home directories. 175This option requires the SUIDDIR 176option in the kernel to work. 177Only UFS filesystems support this option. 178For more details of the suiddir mount option, see 179.Xr mount 8 . 180.Pp 181Writing or changing the owner of a file 182turns off the set-user-id and set-group-id bits 183unless the user is the super-user. 184This makes the system somewhat more secure 185by protecting set-user-id (set-group-id) files 186from remaining set-user-id (set-group-id) if they are modified, 187at the expense of a degree of compatibility. 188.Pp 189The values for the 190.Fa flags 191are constructed by a bitwise-inclusive OR of flags from the following list, 192defined in 193.In fcntl.h : 194.Bl -tag -width indent 195.It Dv AT_SYMLINK_NOFOLLOW 196If 197.Fa path 198names a symbolic link, the mode of the symbolic link is changed. 199.El 200.Sh RETURN VALUES 201.Rv -std 202.Sh ERRORS 203.Fn Chmod , 204.Fn lchmod 205and 206.Fn fchmodat 207will fail and the file mode will be unchanged if: 208.Bl -tag -width Er 209.It Bq Er ENOTDIR 210A component of the path prefix or 211.Fa dirfd 212is not a directory. 213.It Bq Er ENAMETOOLONG 214A component of a pathname exceeded 255 characters, 215or an entire path name exceeded 1023 characters. 216.It Bq Er ENOENT 217The named file does not exist. 218.It Bq Er EACCES 219Search permission is denied for a component of the path prefix. 220.It Bq Er ELOOP 221Too many symbolic links were encountered in translating the pathname. 222.It Bq Er EPERM 223The effective user ID does not match the owner of the file and 224the effective user ID is not the super-user. 225.It Bq Er EROFS 226The named file resides on a read-only file system. 227.It Bq Er EFAULT 228.Fa Path 229points outside the process's allocated address space. 230.It Bq Er EIO 231An I/O error occurred while reading from or writing to the file system. 232.It Bq Er EFTYPE 233An attempt was made to set the sticky bit upon an executable. 234.El 235.Pp 236.Fn Fchmod 237will fail if: 238.Bl -tag -width Er 239.It Bq Er EBADF 240The descriptor is not valid. 241.It Bq Er EINVAL 242.Fa fd 243refers to a socket, not to a file. 244.It Bq Er EROFS 245The file resides on a read-only file system. 246.It Bq Er EIO 247An I/O error occurred while reading from or writing to the file system. 248.El 249.Sh SEE ALSO 250.Xr chmod 1 , 251.Xr chown 2 , 252.Xr open 2 , 253.Xr stat 2 , 254.Xr sticky 8 255.Sh STANDARDS 256The 257.Fn chmod 258function call is expected to conform to 259.St -p1003.1-90 , 260except for the return of 261.Er EFTYPE 262and the use of 263.Dv S_ISTXT . 264.Sh HISTORY 265A 266.Fn chmod 267function call appeared in 268.At v7 . 269The 270.Fn fchmod 271function call 272appeared in 273.Bx 4.2 . 274The 275.Fn lchmod 276function call appeared in 277.Fx 3.0 . 278.Pp 279The 280.Fn fchmodat 281system call appeared in 282.Dx 2.3 . 283