chown.3p (10092B)
- '\" et
- .TH CHOWN "3P" 2017 "IEEE/The Open Group" "POSIX Programmer's Manual"
- .\"
- .SH PROLOG
- This manual page is part of the POSIX Programmer's Manual.
- The Linux implementation of this interface may differ (consult
- the corresponding Linux manual page for details of Linux behavior),
- or the interface may not be implemented on Linux.
- .\"
- .SH NAME
- chown, fchownat
- \(em change owner and group of a file
- .SH SYNOPSIS
- .LP
- .nf
- #include <unistd.h>
- .P
- int chown(const char *\fIpath\fP, uid_t \fIowner\fP, gid_t \fIgroup\fP);
- .P
- #include <fcntl.h>
- .P
- int fchownat(int \fIfd\fP, const char *\fIpath\fP, uid_t \fIowner\fP, gid_t \fIgroup\fP,
- int \fIflag\fP);
- .fi
- .SH DESCRIPTION
- The
- \fIchown\fR()
- function shall change the user and group ownership of a file.
- .P
- The
- .IR path
- argument points to a pathname naming a file. The user ID and group ID
- of the named file shall be set to the numeric values contained in
- .IR owner
- and
- .IR group ,
- respectively.
- .P
- Only processes with an effective user ID equal to the user ID of the
- file or with appropriate privileges may change the ownership of a
- file. If _POSIX_CHOWN_RESTRICTED is in effect for
- .IR path :
- .IP " *" 4
- Changing the user ID is restricted to processes with appropriate
- privileges.
- .IP " *" 4
- Changing the group ID is permitted to a process with an effective user
- ID equal to the user ID of the file, but without appropriate
- privileges, if and only if
- .IR owner
- is equal to the file's user ID or (\c
- .BR uid_t )\-1
- and
- .IR group
- is equal either to the calling process' effective group ID or to one of
- its supplementary group IDs.
- .P
- If the specified file is a regular file, one or more of the S_IXUSR,
- S_IXGRP, or S_IXOTH bits of the file mode are set, and the process does
- not have appropriate privileges, the set-user-ID (S_ISUID) and
- set-group-ID (S_ISGID) bits of the file mode shall be cleared upon
- successful return from
- \fIchown\fR().
- If the specified file is a regular file, one or more of the S_IXUSR,
- S_IXGRP, or S_IXOTH bits of the file mode are set, and the process has
- appropriate privileges, it is implementation-defined whether the
- set-user-ID and set-group-ID bits are altered. If the
- \fIchown\fR()
- function is successfully invoked on a file that is not a regular file
- and one or more of the S_IXUSR, S_IXGRP, or S_IXOTH bits of the file
- mode are set, the set-user-ID and set-group-ID bits may be cleared.
- .P
- If
- .IR owner
- or
- .IR group
- is specified as (\c
- .BR uid_t )\-1
- or (\c
- .BR gid_t )\-1,
- respectively, the corresponding ID of the file shall not be changed.
- .P
- Upon successful completion,
- \fIchown\fR()
- shall mark for update the last file status change timestamp of the
- file, except that if
- .IR owner
- is (\c
- .BR uid_t )\-1
- and
- .IR group
- is (\c
- .BR gid_t )\-1,
- the file status change timestamp need not be marked for update.
- .P
- The
- \fIfchownat\fR()
- function shall be equivalent to the
- \fIchown\fR()
- and
- \fIlchown\fR()
- functions except in the case where
- .IR path
- specifies a relative path. In this case the file to be changed is
- determined relative to the directory associated with the file
- descriptor
- .IR fd
- instead of the current working directory. If the access mode of
- the open file description associated with the file descriptor is not
- O_SEARCH, the function shall check whether directory searches are
- permitted using the current permissions of the directory underlying
- the file descriptor. If the access mode is O_SEARCH, the function
- shall not perform the check.
- .P
- Values for
- .IR flag
- are constructed by a bitwise-inclusive OR of flags from the following
- list, defined in
- .IR <fcntl.h> :
- .IP AT_SYMLINK_NOFOLLOW 6
- .br
- If
- .IR path
- names a symbolic link, ownership of the symbolic link is changed.
- .P
- If
- \fIfchownat\fR()
- is passed the special value AT_FDCWD in the
- .IR fd
- parameter, the current working directory shall be used and the behavior
- shall be identical to a call to
- \fIchown\fR()
- or
- \fIlchown\fR()
- respectively, depending on whether or not the AT_SYMLINK_NOFOLLOW bit
- is set in the
- .IR flag
- argument.
- .SH "RETURN VALUE"
- Upon successful completion, these functions shall return 0.
- Otherwise, these functions shall return \-1 and set
- .IR errno
- to indicate the error. If \-1 is returned, no changes are
- made in the user ID and group ID of the file.
- .SH ERRORS
- These functions shall fail if:
- .TP
- .BR EACCES
- Search permission is denied on a component of the path prefix.
- .TP
- .BR ELOOP
- A loop exists in symbolic links encountered during resolution of the
- .IR path
- argument.
- .TP
- .BR ENAMETOOLONG
- .br
- The length of a component of a pathname is longer than
- {NAME_MAX}.
- .TP
- .BR ENOENT
- A component of
- .IR path
- does not name an existing file or
- .IR path
- is an empty string.
- .TP
- .BR ENOTDIR
- A component of the path prefix names an existing file that is neither
- a directory nor a symbolic link to a directory, or the
- .IR path
- argument contains at least one non-\c
- <slash>
- character and ends with one or more trailing
- <slash>
- characters and the last pathname component names an existing file
- that is neither a directory nor a symbolic link to a directory.
- .TP
- .BR EPERM
- The effective user ID does not match the owner of the file, or the
- calling process does not have appropriate privileges and
- _POSIX_CHOWN_RESTRICTED indicates that such privilege is required.
- .TP
- .BR EROFS
- The named file resides on a read-only file system.
- .P
- The
- \fIfchownat\fR()
- function shall fail if:
- .TP
- .BR EACCES
- The access mode of the open file description associated with
- .IR fd
- is not O_SEARCH and the permissions of the directory underlying
- .IR fd
- do not permit directory searches.
- .TP
- .BR EBADF
- The
- .IR path
- argument does not specify an absolute path and the
- .IR fd
- argument is neither AT_FDCWD nor a valid file descriptor open
- for reading or searching.
- .TP
- .BR ENOTDIR
- The
- .IR path
- argument is not an absolute path and
- .IR fd
- is a file descriptor associated with a non-directory file.
- .P
- These functions may fail if:
- .TP
- .BR EIO
- An I/O error occurred while reading or writing to the file system.
- .TP
- .BR EINTR
- The
- \fIchown\fR()
- function was interrupted by a signal which was caught.
- .TP
- .BR EINVAL
- The owner or group ID supplied is not a value supported by the
- implementation.
- .TP
- .BR ELOOP
- More than
- {SYMLOOP_MAX}
- symbolic links were encountered during resolution of the
- .IR path
- argument.
- .TP
- .BR ENAMETOOLONG
- .br
- The length of a pathname exceeds
- {PATH_MAX},
- or pathname resolution of a symbolic link produced an intermediate
- result with a length that exceeds
- {PATH_MAX}.
- .br
- .P
- The
- \fIfchownat\fR()
- function may fail if:
- .TP
- .BR EINVAL
- The value of the
- .IR flag
- argument is not valid.
- .LP
- .IR "The following sections are informative."
- .SH EXAMPLES
- None.
- .SH "APPLICATION USAGE"
- Although
- \fIchown\fR()
- can be used on some implementations by the file owner to change the owner
- and group to any desired values, the only portable use of this function
- is to change the group of a file to the effective GID of the calling
- process or to a member of its group set.
- .SH RATIONALE
- System III and System V allow a user to give away files;
- that is, the owner of a file may change its user ID to anything. This
- is a serious problem for implementations that are intended to meet
- government security regulations.
- Version 7 and 4.3 BSD permit only the superuser
- to change the user ID of a file. Some government agencies (usually not
- ones concerned directly with security) find this limitation too
- confining. This volume of POSIX.1\(hy2017 uses \fImay\fP to permit secure implementations
- while not disallowing System V.
- .P
- System III and System V allow the owner of a file to change the
- group ID to anything. Version 7 permits only the superuser to change
- the group ID of a file.
- 4.3 BSD permits the owner to change the group ID of a file
- to its effective group ID
- or to any of the groups in the list of supplementary group IDs, but to
- no others.
- .P
- The POSIX.1\(hy1990 standard requires that the
- \fIchown\fR()
- function invoked by a non-appropriate privileged process clear the
- S_ISGID and the S_ISUID bits for regular files, and permits them to be
- cleared for other types of files. This is so that changes in
- accessibility do not accidentally cause files to become security holes.
- Unfortunately, requiring these bits to be cleared on non-executable
- data files also clears the mandatory file locking bit (shared with
- S_ISGID), which is an extension on many implementations (it first
- appeared in System V). These bits should only be required to be
- cleared on regular files that have one or more of their execute bits
- set.
- .P
- The purpose of the
- \fIfchownat\fR()
- function is to enable changing ownership of files in directories other
- than the current working directory without exposure to race
- conditions. Any part of the path of a file could be changed in
- parallel to a call to
- \fIchown\fR()
- or
- \fIlchown\fR(),
- resulting in unspecified behavior. By opening a file descriptor for
- the target directory and using the
- \fIfchownat\fR()
- function it can be guaranteed that the changed file is located relative
- to the desired directory.
- .SH "FUTURE DIRECTIONS"
- None.
- .SH "SEE ALSO"
- .IR "\fIchmod\fR\^(\|)",
- .IR "\fIfpathconf\fR\^(\|)",
- .IR "\fIlchown\fR\^(\|)"
- .P
- The Base Definitions volume of POSIX.1\(hy2017,
- .IR "\fB<fcntl.h>\fP",
- .IR "\fB<sys_types.h>\fP",
- .IR "\fB<unistd.h>\fP"
- .\"
- .SH COPYRIGHT
- Portions of this text are reprinted and reproduced in electronic form
- from IEEE Std 1003.1-2017, Standard for Information Technology
- -- Portable Operating System Interface (POSIX), The Open Group Base
- Specifications Issue 7, 2018 Edition,
- Copyright (C) 2018 by the Institute of
- Electrical and Electronics Engineers, Inc and The Open Group.
- In the event of any discrepancy between this version and the original IEEE and
- The Open Group Standard, the original IEEE and The Open Group Standard
- is the referee document. The original Standard can be obtained online at
- http://www.opengroup.org/unix/online.html .
- .PP
- Any typographical or formatting errors that appear
- in this page are most likely
- to have been introduced during the conversion of the source files to
- man page format. To report such errors, see
- https://www.kernel.org/doc/man-pages/reporting_bugs.html .