1.\" Copyright (c) 1980, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. All advertising materials mentioning features or use of this software 13.\" must display the following acknowledgement: 14.\" This product includes software developed by the University of 15.\" California, Berkeley and its contributors. 16.\" 4. Neither the name of the University nor the names of its contributors 17.\" may be used to endorse or promote products derived from this software 18.\" without specific prior written permission. 19.\" 20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30.\" SUCH DAMAGE. 31.\" 32.\" @(#)chmod.2 8.1 (Berkeley) 6/4/93
| 1.\" Copyright (c) 1980, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. All advertising materials mentioning features or use of this software 13.\" must display the following acknowledgement: 14.\" This product includes software developed by the University of 15.\" California, Berkeley and its contributors. 16.\" 4. Neither the name of the University nor the names of its contributors 17.\" may be used to endorse or promote products derived from this software 18.\" without specific prior written permission. 19.\" 20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30.\" SUCH DAMAGE. 31.\" 32.\" @(#)chmod.2 8.1 (Berkeley) 6/4/93
|
33.\" $FreeBSD: head/lib/libc/sys/chmod.2 69051 2000-11-22 16:02:00Z ru $
| 33.\" $FreeBSD: head/lib/libc/sys/chmod.2 70481 2000-12-29 14:08:20Z ru $
|
34.\" 35.Dd June 4, 1993 36.Dt CHMOD 2 37.Os BSD 4 38.Sh NAME 39.Nm chmod , 40.Nm fchmod , 41.Nm lchmod 42.Nd change mode of file 43.Sh LIBRARY 44.Lb libc 45.Sh SYNOPSIS 46.Fd #include <sys/stat.h> 47.Ft int 48.Fn chmod "const char *path" "mode_t mode" 49.Ft int 50.Fn fchmod "int fd" "mode_t mode" 51.Ft int 52.Fn lchmod "const char *path" "mode_t mode" 53.Sh DESCRIPTION 54The file permission bits of the file named specified by 55.Fa path 56or referenced by the file descriptor 57.Fa fd 58are changed to 59.Fa mode . 60The 61.Fn chmod 62function verifies that the process owner (user) either owns 63the file specified by 64.Fa path 65(or 66.Fa fd ) , 67or 68is the super-user. 69The 70.Fn chmod 71function follows symbolic links to operate on the target of the link 72rather than the link itself. 73.Pp 74The 75.Fa lchmod 76function is similar to 77.Fn chmod 78but does not follow symbolic links. 79.Pp 80A mode is created from 81.Em or'd 82permission bit masks 83defined in 84.Aq Pa sys/stat.h : 85.Pp 86.Bd -literal -offset indent -compact 87#define S_IRWXU 0000700 /* RWX mask for owner */ 88#define S_IRUSR 0000400 /* R for owner */ 89#define S_IWUSR 0000200 /* W for owner */ 90#define S_IXUSR 0000100 /* X for owner */ 91 92#define S_IRWXG 0000070 /* RWX mask for group */ 93#define S_IRGRP 0000040 /* R for group */ 94#define S_IWGRP 0000020 /* W for group */ 95#define S_IXGRP 0000010 /* X for group */ 96 97#define S_IRWXO 0000007 /* RWX mask for other */ 98#define S_IROTH 0000004 /* R for other */ 99#define S_IWOTH 0000002 /* W for other */ 100#define S_IXOTH 0000001 /* X for other */ 101 102#define S_ISUID 0004000 /* set user id on execution */ 103#define S_ISGID 0002000 /* set group id on execution */ 104#define S_ISVTX 0001000 /* sticky bit */ 105#ifndef _POSIX_SOURCE 106#define S_ISTXT 0001000 107#endif 108.Ed 109.Pp 110The 111.Fx 112VM system totally ignores the sticky bit 113.Pf ( Dv ISVTX 114) for executables. On UFS-based filesystems (FFS, MFS, LFS) the sticky 115bit may only be set upon directories. 116.Pp 117If mode 118.Dv ISVTX 119(the `sticky bit') is set on a directory, 120an unprivileged user may not delete or rename 121files of other users in that directory. 122The sticky bit may be 123set by any user on a directory which the user owns or has appropriate 124permissions. 125For more details of the properties of the sticky bit, see 126.Xr sticky 8 . 127.Pp 128If mode ISUID (set UID) is set on a directory, 129and the MNT_SUIDDIR option was used in the mount of the filesystem, 130then the owner of any new files and sub-directories 131created within this directory are set 132to be the same as the owner of that directory. 133If this function is enabled, new directories will inherit 134the bit from their parents. Execute bits are removed from 135the file, and it will not be given to root. 136This behavior does not change the 137requirements for the user to be allowed to write the file, but only the eventual 138owner after it has been created. 139Group inheritance is not effected. 140.Pp 141This feature is designed for use on fileservers serving PC users via 142ftp, SAMBA, or netatalk. 143It provides security holes for shell users and as 144such should not be used on shell machines, especially on home directories. 145This option requires the SUIDDIR 146option in the kernel to work. 147Only UFS filesystems support this option. 148For more details of the suiddir mount option, see 149.Xr mount 8 . 150.Pp 151Writing or changing the owner of a file 152turns off the set-user-id and set-group-id bits 153unless the user is the super-user. 154This makes the system somewhat more secure 155by protecting set-user-id (set-group-id) files 156from remaining set-user-id (set-group-id) if they are modified, 157at the expense of a degree of compatibility. 158.Sh RETURN VALUES 159Upon successful completion, a value of 0 is returned. 160Otherwise, a value of -1 is returned and 161.Va errno 162is set to indicate the error. 163.Sh ERRORS 164.Fn Chmod 165will fail and the file mode will be unchanged if: 166.Bl -tag -width Er 167.It Bq Er ENOTDIR 168A component of the path prefix is not a directory. 169.It Bq Er ENAMETOOLONG 170A component of a pathname exceeded 255 characters, 171or an entire path name exceeded 1023 characters. 172.It Bq Er ENOENT 173The named file does not exist. 174.It Bq Er EACCES 175Search permission is denied for a component of the path prefix. 176.It Bq Er ELOOP 177Too many symbolic links were encountered in translating the pathname. 178.It Bq Er EPERM 179The effective user ID does not match the owner of the file and 180the effective user ID is not the super-user. 181.It Bq Er EROFS 182The named file resides on a read-only file system. 183.It Bq Er EFAULT 184.Fa Path 185points outside the process's allocated address space. 186.It Bq Er EIO 187An I/O error occurred while reading from or writing to the file system. 188.It Bq Er EFTYPE 189An attempt was made to set the sticky bit upon an executable. 190.El 191.Pp 192.Fn Fchmod 193will fail if: 194.Bl -tag -width Er 195.It Bq Er EBADF 196The descriptor is not valid. 197.It Bq Er EINVAL
| 34.\" 35.Dd June 4, 1993 36.Dt CHMOD 2 37.Os BSD 4 38.Sh NAME 39.Nm chmod , 40.Nm fchmod , 41.Nm lchmod 42.Nd change mode of file 43.Sh LIBRARY 44.Lb libc 45.Sh SYNOPSIS 46.Fd #include <sys/stat.h> 47.Ft int 48.Fn chmod "const char *path" "mode_t mode" 49.Ft int 50.Fn fchmod "int fd" "mode_t mode" 51.Ft int 52.Fn lchmod "const char *path" "mode_t mode" 53.Sh DESCRIPTION 54The file permission bits of the file named specified by 55.Fa path 56or referenced by the file descriptor 57.Fa fd 58are changed to 59.Fa mode . 60The 61.Fn chmod 62function verifies that the process owner (user) either owns 63the file specified by 64.Fa path 65(or 66.Fa fd ) , 67or 68is the super-user. 69The 70.Fn chmod 71function follows symbolic links to operate on the target of the link 72rather than the link itself. 73.Pp 74The 75.Fa lchmod 76function is similar to 77.Fn chmod 78but does not follow symbolic links. 79.Pp 80A mode is created from 81.Em or'd 82permission bit masks 83defined in 84.Aq Pa sys/stat.h : 85.Pp 86.Bd -literal -offset indent -compact 87#define S_IRWXU 0000700 /* RWX mask for owner */ 88#define S_IRUSR 0000400 /* R for owner */ 89#define S_IWUSR 0000200 /* W for owner */ 90#define S_IXUSR 0000100 /* X for owner */ 91 92#define S_IRWXG 0000070 /* RWX mask for group */ 93#define S_IRGRP 0000040 /* R for group */ 94#define S_IWGRP 0000020 /* W for group */ 95#define S_IXGRP 0000010 /* X for group */ 96 97#define S_IRWXO 0000007 /* RWX mask for other */ 98#define S_IROTH 0000004 /* R for other */ 99#define S_IWOTH 0000002 /* W for other */ 100#define S_IXOTH 0000001 /* X for other */ 101 102#define S_ISUID 0004000 /* set user id on execution */ 103#define S_ISGID 0002000 /* set group id on execution */ 104#define S_ISVTX 0001000 /* sticky bit */ 105#ifndef _POSIX_SOURCE 106#define S_ISTXT 0001000 107#endif 108.Ed 109.Pp 110The 111.Fx 112VM system totally ignores the sticky bit 113.Pf ( Dv ISVTX 114) for executables. On UFS-based filesystems (FFS, MFS, LFS) the sticky 115bit may only be set upon directories. 116.Pp 117If mode 118.Dv ISVTX 119(the `sticky bit') is set on a directory, 120an unprivileged user may not delete or rename 121files of other users in that directory. 122The sticky bit may be 123set by any user on a directory which the user owns or has appropriate 124permissions. 125For more details of the properties of the sticky bit, see 126.Xr sticky 8 . 127.Pp 128If mode ISUID (set UID) is set on a directory, 129and the MNT_SUIDDIR option was used in the mount of the filesystem, 130then the owner of any new files and sub-directories 131created within this directory are set 132to be the same as the owner of that directory. 133If this function is enabled, new directories will inherit 134the bit from their parents. Execute bits are removed from 135the file, and it will not be given to root. 136This behavior does not change the 137requirements for the user to be allowed to write the file, but only the eventual 138owner after it has been created. 139Group inheritance is not effected. 140.Pp 141This feature is designed for use on fileservers serving PC users via 142ftp, SAMBA, or netatalk. 143It provides security holes for shell users and as 144such should not be used on shell machines, especially on home directories. 145This option requires the SUIDDIR 146option in the kernel to work. 147Only UFS filesystems support this option. 148For more details of the suiddir mount option, see 149.Xr mount 8 . 150.Pp 151Writing or changing the owner of a file 152turns off the set-user-id and set-group-id bits 153unless the user is the super-user. 154This makes the system somewhat more secure 155by protecting set-user-id (set-group-id) files 156from remaining set-user-id (set-group-id) if they are modified, 157at the expense of a degree of compatibility. 158.Sh RETURN VALUES 159Upon successful completion, a value of 0 is returned. 160Otherwise, a value of -1 is returned and 161.Va errno 162is set to indicate the error. 163.Sh ERRORS 164.Fn Chmod 165will fail and the file mode will be unchanged if: 166.Bl -tag -width Er 167.It Bq Er ENOTDIR 168A component of the path prefix is not a directory. 169.It Bq Er ENAMETOOLONG 170A component of a pathname exceeded 255 characters, 171or an entire path name exceeded 1023 characters. 172.It Bq Er ENOENT 173The named file does not exist. 174.It Bq Er EACCES 175Search permission is denied for a component of the path prefix. 176.It Bq Er ELOOP 177Too many symbolic links were encountered in translating the pathname. 178.It Bq Er EPERM 179The effective user ID does not match the owner of the file and 180the effective user ID is not the super-user. 181.It Bq Er EROFS 182The named file resides on a read-only file system. 183.It Bq Er EFAULT 184.Fa Path 185points outside the process's allocated address space. 186.It Bq Er EIO 187An I/O error occurred while reading from or writing to the file system. 188.It Bq Er EFTYPE 189An attempt was made to set the sticky bit upon an executable. 190.El 191.Pp 192.Fn Fchmod 193will fail if: 194.Bl -tag -width Er 195.It Bq Er EBADF 196The descriptor is not valid. 197.It Bq Er EINVAL
|
198.Fa Fd
| 198.Fa fd
|
199refers to a socket, not to a file. 200.It Bq Er EROFS 201The file resides on a read-only file system. 202.It Bq Er EIO 203An I/O error occurred while reading from or writing to the file system. 204.El 205.Sh SEE ALSO 206.Xr chmod 1 , 207.Xr chown 2 , 208.Xr open 2 , 209.Xr stat 2 , 210.Xr sticky 8 211.Sh STANDARDS 212The 213.Fn chmod 214function call is expected to conform to 215.St -p1003.1-90 , 216except for the return of 217.Er EFTYPE 218and the use of 219.Dv S_ISTXT . 220.Sh HISTORY 221A 222.Fn chmod 223function call appeared in 224.At v7 . 225The 226.Fn fchmod 227function call 228appeared in 229.Bx 4.2 . 230The 231.Fn lchmod 232function call appeared in 233.Fx 3.0 .
| 199refers to a socket, not to a file. 200.It Bq Er EROFS 201The file resides on a read-only file system. 202.It Bq Er EIO 203An I/O error occurred while reading from or writing to the file system. 204.El 205.Sh SEE ALSO 206.Xr chmod 1 , 207.Xr chown 2 , 208.Xr open 2 , 209.Xr stat 2 , 210.Xr sticky 8 211.Sh STANDARDS 212The 213.Fn chmod 214function call is expected to conform to 215.St -p1003.1-90 , 216except for the return of 217.Er EFTYPE 218and the use of 219.Dv S_ISTXT . 220.Sh HISTORY 221A 222.Fn chmod 223function call appeared in 224.At v7 . 225The 226.Fn fchmod 227function call 228appeared in 229.Bx 4.2 . 230The 231.Fn lchmod 232function call appeared in 233.Fx 3.0 .
|