1.\" Copyright (c) 1980, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. Neither the name of the University nor the names of its contributors 13.\" may be used to endorse or promote products derived from this software 14.\" without specific prior written permission. 15.\" 16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\" 28.\" @(#)chmod.2 8.1 (Berkeley) 6/4/93 29.\" $FreeBSD$ 30.\" 31.Dd December 1, 2017 32.Dt CHMOD 2 33.Os 34.Sh NAME 35.Nm chmod , 36.Nm fchmod , 37.Nm lchmod , 38.Nm fchmodat 39.Nd change mode of file 40.Sh LIBRARY 41.Lb libc 42.Sh SYNOPSIS 43.In sys/stat.h 44.Ft int 45.Fn chmod "const char *path" "mode_t mode" 46.Ft int 47.Fn fchmod "int fd" "mode_t mode" 48.Ft int 49.Fn lchmod "const char *path" "mode_t mode" 50.Ft int 51.Fn fchmodat "int fd" "const char *path" "mode_t mode" "int flag" 52.Sh DESCRIPTION 53The file permission bits of the file named specified by 54.Fa path 55or referenced by the file descriptor 56.Fa fd 57are changed to 58.Fa mode . 59The 60.Fn chmod 61system call verifies that the process owner (user) either owns 62the file specified by 63.Fa path 64(or 65.Fa fd ) , 66or 67is the super-user. 68The 69.Fn chmod 70system call follows symbolic links to operate on the target of the link 71rather than the link itself. 72.Pp 73The 74.Fn lchmod 75system call is similar to 76.Fn chmod 77but does not follow symbolic links. 78.Pp 79The 80.Fn fchmodat 81is equivalent to either 82.Fn chmod 83or 84.Fn lchmod 85depending on the 86.Fa flag 87except in the case where 88.Fa path 89specifies a relative path. 90In this case the file to be changed is determined relative to the directory 91associated with the file descriptor 92.Fa fd 93instead of the current working directory. 94The values for the 95.Fa flag 96are constructed by a bitwise-inclusive OR of flags from the following list, defined 97in 98.In fcntl.h : 99.Bl -tag -width indent 100.It Dv AT_SYMLINK_NOFOLLOW 101If 102.Fa path 103names a symbolic link, then the mode of the symbolic link is changed. 104.El 105.Pp 106If 107.Fn fchmodat 108is passed the special value 109.Dv AT_FDCWD 110in the 111.Fa fd 112parameter, the current working directory is used. 113If also 114.Fa flag 115is zero, the behavior is identical to a call to 116.Fn chmod . 117.Pp 118A mode is created from 119.Em or'd 120permission bit masks 121defined in 122.In sys/stat.h : 123.Pp 124.Bd -literal -offset indent -compact 125#define S_IRWXU 0000700 /* RWX mask for owner */ 126#define S_IRUSR 0000400 /* R for owner */ 127#define S_IWUSR 0000200 /* W for owner */ 128#define S_IXUSR 0000100 /* X for owner */ 129 130#define S_IRWXG 0000070 /* RWX mask for group */ 131#define S_IRGRP 0000040 /* R for group */ 132#define S_IWGRP 0000020 /* W for group */ 133#define S_IXGRP 0000010 /* X for group */ 134 135#define S_IRWXO 0000007 /* RWX mask for other */ 136#define S_IROTH 0000004 /* R for other */ 137#define S_IWOTH 0000002 /* W for other */ 138#define S_IXOTH 0000001 /* X for other */ 139 140#define S_ISUID 0004000 /* set user id on execution */ 141#define S_ISGID 0002000 /* set group id on execution */ 142#define S_ISVTX 0001000 /* sticky bit */ 143.Ed 144.Pp 145The non-standard 146.Dv S_ISTXT 147is a synonym for 148.Dv S_ISVTX . 149.Pp 150The 151.Fx 152VM system totally ignores the sticky bit 153.Pq Dv S_ISVTX 154for executables. 155On UFS-based file systems (FFS, LFS) the sticky 156bit may only be set upon directories. 157.Pp 158If mode 159.Dv S_ISVTX 160(the `sticky bit') is set on a directory, 161an unprivileged user may not delete or rename 162files of other users in that directory. 163The sticky bit may be 164set by any user on a directory which the user owns or has appropriate 165permissions. 166For more details of the properties of the sticky bit, see 167.Xr sticky 7 . 168.Pp 169If mode ISUID (set UID) is set on a directory, 170and the MNT_SUIDDIR option was used in the mount of the file system, 171then the owner of any new files and sub-directories 172created within this directory are set 173to be the same as the owner of that directory. 174If this function is enabled, new directories will inherit 175the bit from their parents. 176Execute bits are removed from 177the file, and it will not be given to root. 178This behavior does not change the 179requirements for the user to be allowed to write the file, but only the eventual 180owner after it has been created. 181Group inheritance is not affected. 182.Pp 183This feature is designed for use on fileservers serving PC users via 184ftp, SAMBA, or netatalk. 185It provides security holes for shell users and as 186such should not be used on shell machines, especially on home directories. 187This option requires the SUIDDIR 188option in the kernel to work. 189Only UFS file systems support this option. 190For more details of the suiddir mount option, see 191.Xr mount 8 . 192.Pp 193Writing or changing the owner of a file 194turns off the set-user-id and set-group-id bits 195unless the user is the super-user. 196This makes the system somewhat more secure 197by protecting set-user-id (set-group-id) files 198from remaining set-user-id (set-group-id) if they are modified, 199at the expense of a degree of compatibility. 200.Sh RETURN VALUES 201.Rv -std 202.Sh ERRORS 203The 204.Fn chmod 205system call 206will fail and the file mode will be unchanged if: 207.Bl -tag -width Er 208.It Bq Er ENOTDIR 209A component of the path prefix is not a directory. 210.It Bq Er ENAMETOOLONG 211A component of a pathname exceeded 255 characters, 212or an entire path name exceeded 1023 characters. 213.It Bq Er ENOENT 214The named file does not exist. 215.It Bq Er EACCES 216Search permission is denied for a component of the path prefix. 217.It Bq Er ELOOP 218Too many symbolic links were encountered in translating the pathname. 219.It Bq Er EPERM 220The effective user ID does not match the owner of the file and 221the effective user ID is not the super-user. 222.It Bq Er EPERM 223The effective user ID is not the super-user, the effective user ID do match the 224owner of the file, but the group ID of the file does not match the effective 225group ID nor one of the supplementary group IDs. 226.It Bq Er EPERM 227The named file has its immutable or append-only flag set, see the 228.Xr chflags 2 229manual page for more information. 230.It Bq Er EROFS 231The named file resides on a read-only file system. 232.It Bq Er EFAULT 233The 234.Fa path 235argument 236points outside the process's allocated address space. 237.It Bq Er EIO 238An I/O error occurred while reading from or writing to the file system. 239.It Bq Er EFTYPE 240The effective user ID is not the super-user, the mode includes the sticky bit 241.Dv ( S_ISVTX ) , 242and path does not refer to a directory. 243.El 244.Pp 245The 246.Fn fchmod 247system call will fail if: 248.Bl -tag -width Er 249.It Bq Er EBADF 250The descriptor is not valid. 251.It Bq Er EINVAL 252The 253.Fa fd 254argument 255refers to a socket, not to a file. 256.It Bq Er EROFS 257The file resides on a read-only file system. 258.It Bq Er EIO 259An I/O error occurred while reading from or writing to the file system. 260.El 261.Pp 262In addition to the 263.Fn chmod 264errors, 265.Fn fchmodat 266fails if: 267.Bl -tag -width Er 268.It Bq Er EBADF 269The 270.Fa path 271argument does not specify an absolute path and the 272.Fa fd 273argument is neither 274.Fa AT_FDCWD 275nor a valid file descriptor open for searching. 276.It Bq Er EINVAL 277The value of the 278.Fa flag 279argument is not valid. 280.It Bq Er ENOTDIR 281The 282.Fa path 283argument is not an absolute path and 284.Fa fd 285is neither 286.Dv AT_FDCWD 287nor a file descriptor associated with a directory. 288.El 289.Sh SEE ALSO 290.Xr chmod 1 , 291.Xr chflags 2 , 292.Xr chown 2 , 293.Xr open 2 , 294.Xr stat 2 , 295.Xr sticky 7 296.Sh STANDARDS 297The 298.Fn chmod 299system call is expected to conform to 300.St -p1003.1-90 , 301except for the return of 302.Er EFTYPE . 303The 304.Dv S_ISVTX 305bit on directories is expected to conform to 306.St -susv3 . 307The 308.Fn fchmodat 309system call is expected to conform to 310.St -p1003.1-2008 . 311.Sh HISTORY 312The 313.Fn chmod 314function appeared in 315.At v1 . 316The 317.Fn fchmod 318system call appeared in 319.Bx 4.2 . 320The 321.Fn lchmod 322system call appeared in 323.Fx 3.0 . 324The 325.Fn fchmodat 326system call appeared in 327.Fx 8.0 . 328