DragonFly On-Line Manual Pages
CHMOD(2) DragonFly System Calls Manual CHMOD(2)
NAME
chmod, fchmod, lchmod, fchmodat -- change mode of file
LIBRARY
Standard C Library (libc, -lc)
SYNOPSIS
#include <sys/stat.h>
int
chmod(const char *path, mode_t mode);
int
fchmod(int fd, mode_t mode);
int
lchmod(const char *path, mode_t mode);
int
fchmodat(int dirfd, const char *path, mode_t mode, int flags);
DESCRIPTION
The file permission bits of the file named specified by path or
referenced by the file descriptor fd are changed to mode. The chmod()
function verifies that the process owner (user) either owns the file
specified by path (or fd), or is the super-user. The chmod() function
follows symbolic links to operate on the target of the link rather than
the link itself.
The lchmod function is similar to chmod() but does not follow symbolic
links.
The fchmodat() function is equivalent to the chmod() or lchmod()
functions except in the case where the path specifies a relative path.
In this case the file to be opened is determined relative to the
directory associated with the file descriptor dirfd instead of the
current working directory. If fchmodat() is passed the special value
AT_FDCWD in the dirfd parameter, the current working directory is used
and the behavior is identical to a call to chmod() or lchmod().
A mode is created from or'd permission bit masks defined in <sys/stat.h>:
#define S_IRWXU 0000700 /* RWX mask for owner */
#define S_IRUSR 0000400 /* R for owner */
#define S_IWUSR 0000200 /* W for owner */
#define S_IXUSR 0000100 /* X for owner */
#define S_IRWXG 0000070 /* RWX mask for group */
#define S_IRGRP 0000040 /* R for group */
#define S_IWGRP 0000020 /* W for group */
#define S_IXGRP 0000010 /* X for group */
#define S_IRWXO 0000007 /* RWX mask for other */
#define S_IROTH 0000004 /* R for other */
#define S_IWOTH 0000002 /* W for other */
#define S_IXOTH 0000001 /* X for other */
#define S_ISUID 0004000 /* set user id on execution */
#define S_ISGID 0002000 /* set group id on execution */
#define S_ISVTX 0001000 /* sticky bit */
#if __BSD_VISIBLE
#define S_ISTXT 0001000
#endif
The DragonFly VM system totally ignores the sticky bit (ISVTX) for
executables. On UFS-based filesystems (FFS, MFS, LFS) the sticky bit may
only be set upon directories.
If mode ISVTX (the `sticky bit') is set on a directory, an unprivileged
user may not delete or rename files of other users in that directory.
The sticky bit may be set by any user on a directory which the user owns
or has appropriate permissions. For more details of the properties of
the sticky bit, see sticky(8).
If mode ISUID (set UID) is set on a directory, and the MNT_SUIDDIR option
was used in the mount of the filesystem, then the owner of any new files
and sub-directories created within this directory are set to be the same
as the owner of that directory. If this function is enabled, new
directories will inherit the bit from their parents. Execute bits are
removed from the file, and it will not be given to root. This behavior
does not change the requirements for the user to be allowed to write the
file, but only the eventual owner after it has been created. Group
inheritance is not affected.
This feature is designed for use on fileservers serving PC users via ftp
or SAMBA. It provides security holes for shell users and as such should
not be used on shell machines, especially on home directories. This
option requires the SUIDDIR option in the kernel to work. Only UFS
filesystems support this option. For more details of the suiddir mount
option, see mount(8).
Writing or changing the owner of a file turns off the set-user-id and
set-group-id bits unless the user is the super-user. This makes the
system somewhat more secure by protecting set-user-id (set-group-id)
files from remaining set-user-id (set-group-id) if they are modified, at
the expense of a degree of compatibility.
The values for the flags are constructed by a bitwise-inclusive OR of
flags from the following list, defined in <fcntl.h>:
AT_SYMLINK_NOFOLLOW
If path names a symbolic link, the mode of the symbolic link is
changed.
RETURN VALUES
Upon successful completion, the value 0 is returned; otherwise the
value -1 is returned and the global variable errno is set to indicate the
error.
ERRORS
Chmod(), lchmod() and fchmodat() will fail and the file mode will be
unchanged if:
[ENOTDIR] A component of the path prefix or dirfd is not a
directory.
[ENAMETOOLONG] A component of a pathname exceeded 255 characters, or
an entire path name exceeded 1023 characters.
[ENOENT] The named file does not exist.
[EACCES] Search permission is denied for a component of the
path prefix.
[ELOOP] Too many symbolic links were encountered in
translating the pathname.
[EPERM] The effective user ID does not match the owner of the
file and the effective user ID is not the super-user.
[EROFS] The named file resides on a read-only file system.
[EFAULT] Path points outside the process's allocated address
space.
[EIO] An I/O error occurred while reading from or writing to
the file system.
[EFTYPE] An attempt was made to set the sticky bit upon an
executable.
Fchmod() will fail if:
[EBADF] The descriptor is not valid.
[EINVAL] fd refers to a socket, not to a file.
[EROFS] The file resides on a read-only file system.
[EIO] An I/O error occurred while reading from or writing to
the file system.
SEE ALSO
chmod(1), chown(2), open(2), stat(2), sticky(8)
STANDARDS
The chmod() function call is expected to conform to ISO/IEC 9945-1:1990
(``POSIX.1''), except for the return of EFTYPE and the use of S_ISTXT.
HISTORY
A chmod() function call appeared in Version 7 AT&T UNIX. The fchmod()
function call appeared in 4.2BSD. The lchmod() function call appeared in
FreeBSD 3.0.
The fchmodat() system call appeared in DragonFly 2.3.
DragonFly 4.5 August 3, 2016 DragonFly 4.5