oasis-root

chmod.3p (10036B)

'\" et
.TH CHMOD "3P" 2017 "IEEE/The Open Group" "POSIX Programmer's Manual"
.\"
.SH PROLOG
This manual page is part of the POSIX Programmer's Manual.
The Linux implementation of this interface may differ (consult
the corresponding Linux manual page for details of Linux behavior),
or the interface may not be implemented on Linux.
.\"
.SH NAME
chmod, fchmodat
\(em change mode of a file
.SH SYNOPSIS
.LP
.nf
#include <sys/stat.h>
.P
int chmod(const char *\fIpath\fP, mode_t \fImode\fP);
.P
#include <fcntl.h>
.P
int fchmodat(int \fIfd\fP, const char *\fIpath\fP, mode_t \fImode\fP, int \fIflag\fP);
.fi
.SH DESCRIPTION
The
\fIchmod\fR()
function shall change S_ISUID, S_ISGID,
S_ISVTX,
and the file permission bits of the file named by the pathname pointed
to by the
.IR path
argument to the corresponding bits in the
.IR mode
argument. The application shall ensure that the effective user ID
of the process matches the owner of the file or the process has
appropriate privileges in order to do this.
.P
S_ISUID, S_ISGID,
S_ISVTX,
and the file permission bits
are described in
.IR <sys/stat.h> .
.P
If the calling process does not have appropriate privileges, and if the
group ID of the file does not match the effective group ID or one of
the supplementary group IDs and if the file is a regular file, bit
S_ISGID (set-group-ID on execution) in the file's mode shall be cleared
upon successful return from
\fIchmod\fR().
.P
Additional implementation-defined restrictions may cause the S_ISUID
and S_ISGID bits in
.IR mode
to be ignored.
.P
Upon successful completion,
\fIchmod\fR()
shall mark for update the last file status change timestamp of the file.
.P
The
\fIfchmodat\fR()
function shall be equivalent to the
\fIchmod\fR()
function except in the case where
.IR path
specifies a relative path. In this case the file to be changed is
determined relative to the directory associated with the file
descriptor
.IR fd
instead of the current working directory. If the access mode of the
open file description associated with the file descriptor is not
O_SEARCH, the function shall check whether directory searches
are permitted using the current permissions of the directory
underlying the file descriptor. If the access mode is
O_SEARCH, the function shall not perform the check.
.P
Values for
.IR flag
are constructed by a bitwise-inclusive OR of flags from the following
list, defined in
.IR <fcntl.h> :
.IP AT_SYMLINK_NOFOLLOW 6
.br
If
.IR path
names a symbolic link, then the mode of the symbolic link is changed.
.P
If
\fIfchmodat\fR()
is passed the special value AT_FDCWD in the
.IR fd
parameter, the current working directory shall be used. If also
.IR flag
is zero, the behavior shall be identical to a call to
\fIchmod\fR().
.SH "RETURN VALUE"
Upon successful completion, these functions shall return 0.
Otherwise, these functions shall return \-1 and set
.IR errno
to indicate the error. If \-1 is returned, no change to the
file mode occurs.
.SH ERRORS
These functions shall fail if:
.TP
.BR EACCES
Search permission is denied on a component of the path prefix.
.TP
.BR ELOOP
A loop exists in symbolic links encountered during resolution of the
.IR path
argument.
.TP
.BR ENAMETOOLONG
.br
The length of a component of a pathname is longer than
{NAME_MAX}.
.TP
.BR ENOENT
A component of
.IR path
does not name an existing file or
.IR path
is an empty string.
.TP
.BR ENOTDIR
A component of the path prefix names an existing file that is neither
a directory nor a symbolic link to a directory, or the
.IR path
argument contains at least one non-\c
<slash>
character and ends with one or more trailing
<slash>
characters and the last pathname component names an existing file
that is neither a directory nor a symbolic link to a directory.
.TP
.BR EPERM
The effective user ID does not match the owner of the file and the
process does not have appropriate privileges.
.TP
.BR EROFS
The named file resides on a read-only file system.
.P
The
\fIfchmodat\fR()
function shall fail if:
.TP
.BR EACCES
The access mode of the open file description associated with
.IR fd
is not O_SEARCH and the permissions of the directory underlying
.IR fd
do not permit directory searches.
.TP
.BR EBADF
The
.IR path
argument does not specify an absolute path and the
.IR fd
argument is neither AT_FDCWD nor a valid file descriptor open
for reading or searching.
.TP
.BR ENOTDIR
The
.IR path
argument is not an absolute path and
.IR fd
is a file descriptor associated with a non-directory file.
.P
These functions may fail if:
.TP
.BR EINTR
A signal was caught during execution of the function.
.TP
.BR EINVAL
The value of the
.IR mode
argument is invalid.
.TP
.BR ELOOP
More than
{SYMLOOP_MAX}
symbolic links were encountered during resolution of the
.IR path
argument.
.TP
.BR ENAMETOOLONG
.br
The length of a pathname exceeds
{PATH_MAX},
or pathname resolution of a symbolic link produced an intermediate
result with a length that exceeds
{PATH_MAX}.
.P
The
\fIfchmodat\fR()
function may fail if:
.TP
.BR EINVAL
The value of the
.IR flag
argument is invalid.
.TP
.BR EOPNOTSUPP
The AT_SYMLINK_NOFOLLOW bit is set in the
.IR flag
argument,
.IR path
names a symbolic link, and the system does not support changing the
mode of a symbolic link.
.br
.LP
.IR "The following sections are informative."
.SH EXAMPLES
.SS "Setting Read Permissions for User, Group, and Others"
.P
The following example sets read permissions for the owner, group, and
others.
.sp
.RS 4
.nf
#include <sys/stat.h>
.P
const char *path;
\&...
chmod(path, S_IRUSR|S_IRGRP|S_IROTH);
.fi
.P
.RE
.SS "Setting Read, Write, and Execute Permissions for the Owner Only"
.P
The following example sets read, write, and execute permissions for the
owner, and no permissions for group and others.
.sp
.RS 4
.nf
#include <sys/stat.h>
.P
const char *path;
\&...
chmod(path, S_IRWXU);
.fi
.P
.RE
.SS "Setting Different Permissions for Owner, Group, and Other"
.P
The following example sets owner permissions for CHANGEFILE to read,
write, and execute, group permissions to read and execute, and other
permissions to read.
.sp
.RS 4
.nf
#include <sys/stat.h>
.P
#define CHANGEFILE "/etc/myfile"
\&...
chmod(CHANGEFILE, S_IRWXU|S_IRGRP|S_IXGRP|S_IROTH);
.fi
.P
.RE
.SS "Setting and Checking File Permissions"
.P
The following example sets the file permission bits for a file named
.BR /home/cnd/mod1 ,
then calls the
\fIstat\fR()
function to verify the permissions.
.sp
.RS 4
.nf
#include <sys/types.h>
#include <sys/stat.h>
.P
int status;
struct stat buffer
\&...
chmod("/home/cnd/mod1", S_IRWXU|S_IRWXG|S_IROTH|S_IWOTH);
status = stat("/home/cnd/mod1", &buffer);
.fi
.P
.RE
.SH "APPLICATION USAGE"
In order to ensure that the S_ISUID and S_ISGID
bits are set, an application requiring this should use
\fIstat\fR()
after a successful
\fIchmod\fR()
to verify this.
.P
Any file descriptors currently open by any process on the file could
possibly become invalid if the mode of the file is changed to a value
which would deny access to that process. One situation where this could
occur is on a stateless file system. This behavior will not occur in a
conforming environment.
.SH RATIONALE
This volume of POSIX.1\(hy2017 specifies that the S_ISGID bit is cleared by
\fIchmod\fR()
on a regular file under certain conditions. This is specified on the
assumption that regular files may be executed, and the system should
prevent users from making executable
\fIsetgid\fR()
files perform with privileges that the caller does not have. On
implementations that support execution of other file types, the S_ISGID
bit should be cleared for those file types under the same
circumstances.
.P
Implementations that use the S_ISUID bit to indicate some other
function (for example, mandatory record locking) on non-executable
files need not clear this bit on writing. They should clear the bit
for executable files and any other cases where the bit grants special
powers to processes that change the file contents. Similar comments
apply to the S_ISGID bit.
.P
The purpose of the
\fIfchmodat\fR()
function is to enable changing the mode of files in directories other
than the current working directory without exposure to race conditions.
Any part of the path of a file could be changed in parallel to a call
to
\fIchmod\fR(),
resulting in unspecified behavior. By opening a file descriptor for
the target directory and using the
\fIfchmodat\fR()
function it can be guaranteed that the changed file is located relative
to the desired directory. Some implementations might allow changing
the mode of symbolic links. This is not supported by the interfaces in
the POSIX specification. Systems with such support provide an
interface named
.IR lchmod (\|).
To support such implementations
\fIfchmodat\fR()
has a
.IR flag
parameter.
.SH "FUTURE DIRECTIONS"
None.
.SH "SEE ALSO"
.IR "\fIaccess\fR\^(\|)",
.IR "\fIchown\fR\^(\|)",
.IR "\fIexec\fR\^",
.IR "\fIfstatat\fR\^(\|)",
.IR "\fIfstatvfs\fR\^(\|)",
.IR "\fImkdir\fR\^(\|)",
.IR "\fImkfifo\fR\^(\|)",
.IR "\fImknod\fR\^(\|)",
.IR "\fIopen\fR\^(\|)"
.P
The Base Definitions volume of POSIX.1\(hy2017,
.IR "\fB<fcntl.h>\fP",
.IR "\fB<sys_stat.h>\fP",
.IR "\fB<sys_types.h>\fP"
.\"
.SH COPYRIGHT
Portions of this text are reprinted and reproduced in electronic form
from IEEE Std 1003.1-2017, Standard for Information Technology
-- Portable Operating System Interface (POSIX), The Open Group Base
Specifications Issue 7, 2018 Edition,
Copyright (C) 2018 by the Institute of
Electrical and Electronics Engineers, Inc and The Open Group.
In the event of any discrepancy between this version and the original IEEE and
The Open Group Standard, the original IEEE and The Open Group Standard
is the referee document. The original Standard can be obtained online at
http://www.opengroup.org/unix/online.html .
.PP
Any typographical or formatting errors that appear
in this page are most likely
to have been introduced during the conversion of the source files to
man page format. To report such errors, see
https://www.kernel.org/doc/man-pages/reporting_bugs.html .