xref: /freebsd-13.1/lib/libc/sys/chmod.2 (revision ea22b5bd)
1.\" Copyright (c) 1980, 1991, 1993
2.\"	The Regents of the University of California.  All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\" 3. Neither the name of the University nor the names of its contributors
13.\"    may be used to endorse or promote products derived from this software
14.\"    without specific prior written permission.
15.\"
16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26.\" SUCH DAMAGE.
27.\"
28.\"     @(#)chmod.2	8.1 (Berkeley) 6/4/93
29.\" $FreeBSD$
30.\"
31.Dd November 11, 2018
32.Dt CHMOD 2
33.Os
34.Sh NAME
35.Nm chmod ,
36.Nm fchmod ,
37.Nm lchmod ,
38.Nm fchmodat
39.Nd change mode of file
40.Sh LIBRARY
41.Lb libc
42.Sh SYNOPSIS
43.In sys/stat.h
44.Ft int
45.Fn chmod "const char *path" "mode_t mode"
46.Ft int
47.Fn fchmod "int fd" "mode_t mode"
48.Ft int
49.Fn lchmod "const char *path" "mode_t mode"
50.Ft int
51.Fn fchmodat "int fd" "const char *path" "mode_t mode" "int flag"
52.Sh DESCRIPTION
53The file permission bits of the file named specified by
54.Fa path
55or referenced by the file descriptor
56.Fa fd
57are changed to
58.Fa mode .
59The
60.Fn chmod
61system call verifies that the process owner (user) either owns
62the file specified by
63.Fa path
64(or
65.Fa fd ) ,
66or
67is the super-user.
68The
69.Fn chmod
70system call follows symbolic links to operate on the target of the link
71rather than the link itself.
72.Pp
73The
74.Fn lchmod
75system call is similar to
76.Fn chmod
77but does not follow symbolic links.
78.Pp
79The
80.Fn fchmodat
81is equivalent to either
82.Fn chmod
83or
84.Fn lchmod
85depending on the
86.Fa flag
87except in the case where
88.Fa path
89specifies a relative path.
90In this case the file to be changed is determined relative to the directory
91associated with the file descriptor
92.Fa fd
93instead of the current working directory.
94The values for the
95.Fa flag
96are constructed by a bitwise-inclusive OR of flags from the following list, defined
97in
98.In fcntl.h :
99.Bl -tag -width indent
100.It Dv AT_SYMLINK_NOFOLLOW
101If
102.Fa path
103names a symbolic link, then the mode of the symbolic link is changed.
104.It Dv AT_BENEATH
105Only allow to change permissions of a file which is beneath of
106the topping directory.
107See the description of the
108.Dv O_BENEATH
109flag in the
110.Xr open 2
111manual page.
112.El
113.Pp
114If
115.Fn fchmodat
116is passed the special value
117.Dv AT_FDCWD
118in the
119.Fa fd
120parameter, the current working directory is used.
121If also
122.Fa flag
123is zero, the behavior is identical to a call to
124.Fn chmod .
125.Pp
126A mode is created from
127.Em or'd
128permission bit masks
129defined in
130.In sys/stat.h :
131.Pp
132.Bd -literal -offset indent -compact
133#define S_IRWXU 0000700    /* RWX mask for owner */
134#define S_IRUSR 0000400    /* R for owner */
135#define S_IWUSR 0000200    /* W for owner */
136#define S_IXUSR 0000100    /* X for owner */
137
138#define S_IRWXG 0000070    /* RWX mask for group */
139#define S_IRGRP 0000040    /* R for group */
140#define S_IWGRP 0000020    /* W for group */
141#define S_IXGRP 0000010    /* X for group */
142
143#define S_IRWXO 0000007    /* RWX mask for other */
144#define S_IROTH 0000004    /* R for other */
145#define S_IWOTH 0000002    /* W for other */
146#define S_IXOTH 0000001    /* X for other */
147
148#define S_ISUID 0004000    /* set user id on execution */
149#define S_ISGID 0002000    /* set group id on execution */
150#define S_ISVTX 0001000    /* sticky bit */
151.Ed
152.Pp
153The non-standard
154.Dv S_ISTXT
155is a synonym for
156.Dv S_ISVTX .
157.Pp
158The
159.Fx
160VM system totally ignores the sticky bit
161.Pq Dv S_ISVTX
162for executables.
163On UFS-based file systems (FFS, LFS) the sticky
164bit may only be set upon directories.
165.Pp
166If mode
167.Dv S_ISVTX
168(the `sticky bit') is set on a directory,
169an unprivileged user may not delete or rename
170files of other users in that directory.
171The sticky bit may be
172set by any user on a directory which the user owns or has appropriate
173permissions.
174For more details of the properties of the sticky bit, see
175.Xr sticky 7 .
176.Pp
177If mode ISUID (set UID) is set on a directory,
178and the MNT_SUIDDIR option was used in the mount of the file system,
179then the owner of any new files and sub-directories
180created within this directory are set
181to be the same as the owner of that directory.
182If this function is enabled, new directories will inherit
183the bit from their parents.
184Execute bits are removed from
185the file, and it will not be given to root.
186This behavior does not change the
187requirements for the user to be allowed to write the file, but only the eventual
188owner after it has been created.
189Group inheritance is not affected.
190.Pp
191This feature is designed for use on fileservers serving PC users via
192ftp, SAMBA, or netatalk.
193It provides security holes for shell users and as
194such should not be used on shell machines, especially on home directories.
195This option requires the SUIDDIR
196option in the kernel to work.
197Only UFS file systems support this option.
198For more details of the suiddir mount option, see
199.Xr mount 8 .
200.Pp
201Writing or changing the owner of a file
202turns off the set-user-id and set-group-id bits
203unless the user is the super-user.
204This makes the system somewhat more secure
205by protecting set-user-id (set-group-id) files
206from remaining set-user-id (set-group-id) if they are modified,
207at the expense of a degree of compatibility.
208.Sh RETURN VALUES
209.Rv -std
210.Sh ERRORS
211The
212.Fn chmod
213system call
214will fail and the file mode will be unchanged if:
215.Bl -tag -width Er
216.It Bq Er ENOTDIR
217A component of the path prefix is not a directory.
218.It Bq Er ENAMETOOLONG
219A component of a pathname exceeded 255 characters,
220or an entire path name exceeded 1023 characters.
221.It Bq Er ENOENT
222The named file does not exist.
223.It Bq Er EACCES
224Search permission is denied for a component of the path prefix.
225.It Bq Er ELOOP
226Too many symbolic links were encountered in translating the pathname.
227.It Bq Er EPERM
228The effective user ID does not match the owner of the file and
229the effective user ID is not the super-user.
230.It Bq Er EPERM
231The effective user ID is not the super-user, the effective user ID do match the
232owner of the file, but the group ID of the file does not match the effective
233group ID nor one of the supplementary group IDs.
234.It Bq Er EPERM
235The named file has its immutable or append-only flag set, see the
236.Xr chflags 2
237manual page for more information.
238.It Bq Er EROFS
239The named file resides on a read-only file system.
240.It Bq Er EFAULT
241The
242.Fa path
243argument
244points outside the process's allocated address space.
245.It Bq Er EIO
246An I/O error occurred while reading from or writing to the file system.
247.It Bq Er EFTYPE
248The effective user ID is not the super-user, the mode includes the sticky bit
249.Dv ( S_ISVTX ) ,
250and path does not refer to a directory.
251.El
252.Pp
253The
254.Fn fchmod
255system call will fail if:
256.Bl -tag -width Er
257.It Bq Er EBADF
258The descriptor is not valid.
259.It Bq Er EINVAL
260The
261.Fa fd
262argument
263refers to a socket, not to a file.
264.It Bq Er EROFS
265The file resides on a read-only file system.
266.It Bq Er EIO
267An I/O error occurred while reading from or writing to the file system.
268.El
269.Pp
270In addition to the
271.Fn chmod
272errors,
273.Fn fchmodat
274fails if:
275.Bl -tag -width Er
276.It Bq Er EBADF
277The
278.Fa path
279argument does not specify an absolute path and the
280.Fa fd
281argument is neither
282.Fa AT_FDCWD
283nor a valid file descriptor open for searching.
284.It Bq Er EINVAL
285The value of the
286.Fa flag
287argument is not valid.
288.It Bq Er ENOTDIR
289The
290.Fa path
291argument is not an absolute path and
292.Fa fd
293is neither
294.Dv AT_FDCWD
295nor a file descriptor associated with a directory.
296.It Bq Er ENOTCAPABLE
297.Fa path
298is an absolute path,
299or contained a ".." component leading to a
300directory outside of the directory hierarchy specified by
301.Fa fd ,
302and the process is in capability mode.
303.It Bq Er ENOTCAPABLE
304The
305.Dv AT_BENEATH
306flag was provided to
307.Fn fchmodat ,
308and the absolute
309.Fa path
310does not have its tail fully contained under the topping directory,
311or the relative
312.Fa path
313escapes it.
314.El
315.Sh SEE ALSO
316.Xr chmod 1 ,
317.Xr chflags 2 ,
318.Xr chown 2 ,
319.Xr open 2 ,
320.Xr stat 2 ,
321.Xr sticky 7
322.Sh STANDARDS
323The
324.Fn chmod
325system call is expected to conform to
326.St -p1003.1-90 ,
327except for the return of
328.Er EFTYPE .
329The
330.Dv S_ISVTX
331bit on directories is expected to conform to
332.St -susv3 .
333The
334.Fn fchmodat
335system call is expected to conform to
336.St -p1003.1-2008 .
337.Sh HISTORY
338The
339.Fn chmod
340function appeared in
341.At v1 .
342The
343.Fn fchmod
344system call appeared in
345.Bx 4.2 .
346The
347.Fn lchmod
348system call appeared in
349.Fx 3.0 .
350The
351.Fn fchmodat
352system call appeared in
353.Fx 8.0 .
354