1.\" Copyright (c) 1980, 1991, 1993
2.\" The Regents of the University of California. All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\" notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\" notice, this list of conditions and the following disclaimer in the
11.\" documentation and/or other materials provided with the distribution.
12.\" 3. All advertising materials mentioning features or use of this software
13.\" must display the following acknowledgement:
14.\" This product includes software developed by the University of
15.\" California, Berkeley and its contributors.
16.\" 4. Neither the name of the University nor the names of its contributors
17.\" may be used to endorse or promote products derived from this software
18.\" without specific prior written permission.
19.\"
20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30.\" SUCH DAMAGE.
31.\"
32.\" @(#)chmod.2 8.1 (Berkeley) 6/4/93
| 1.\" Copyright (c) 1980, 1991, 1993
2.\" The Regents of the University of California. All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\" notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\" notice, this list of conditions and the following disclaimer in the
11.\" documentation and/or other materials provided with the distribution.
12.\" 3. All advertising materials mentioning features or use of this software
13.\" must display the following acknowledgement:
14.\" This product includes software developed by the University of
15.\" California, Berkeley and its contributors.
16.\" 4. Neither the name of the University nor the names of its contributors
17.\" may be used to endorse or promote products derived from this software
18.\" without specific prior written permission.
19.\"
20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30.\" SUCH DAMAGE.
31.\"
32.\" @(#)chmod.2 8.1 (Berkeley) 6/4/93
|
33.\" $FreeBSD: head/lib/libc/sys/chmod.2 69051 2000-11-22 16:02:00Z ru $
| 33.\" $FreeBSD: head/lib/libc/sys/chmod.2 70481 2000-12-29 14:08:20Z ru $
|
34.\"
35.Dd June 4, 1993
36.Dt CHMOD 2
37.Os BSD 4
38.Sh NAME
39.Nm chmod ,
40.Nm fchmod ,
41.Nm lchmod
42.Nd change mode of file
43.Sh LIBRARY
44.Lb libc
45.Sh SYNOPSIS
46.Fd #include <sys/stat.h>
47.Ft int
48.Fn chmod "const char *path" "mode_t mode"
49.Ft int
50.Fn fchmod "int fd" "mode_t mode"
51.Ft int
52.Fn lchmod "const char *path" "mode_t mode"
53.Sh DESCRIPTION
54The file permission bits of the file named specified by
55.Fa path
56or referenced by the file descriptor
57.Fa fd
58are changed to
59.Fa mode .
60The
61.Fn chmod
62function verifies that the process owner (user) either owns
63the file specified by
64.Fa path
65(or
66.Fa fd ) ,
67or
68is the super-user.
69The
70.Fn chmod
71function follows symbolic links to operate on the target of the link
72rather than the link itself.
73.Pp
74The
75.Fa lchmod
76function is similar to
77.Fn chmod
78but does not follow symbolic links.
79.Pp
80A mode is created from
81.Em or'd
82permission bit masks
83defined in
84.Aq Pa sys/stat.h :
85.Pp
86.Bd -literal -offset indent -compact
87#define S_IRWXU 0000700 /* RWX mask for owner */
88#define S_IRUSR 0000400 /* R for owner */
89#define S_IWUSR 0000200 /* W for owner */
90#define S_IXUSR 0000100 /* X for owner */
91
92#define S_IRWXG 0000070 /* RWX mask for group */
93#define S_IRGRP 0000040 /* R for group */
94#define S_IWGRP 0000020 /* W for group */
95#define S_IXGRP 0000010 /* X for group */
96
97#define S_IRWXO 0000007 /* RWX mask for other */
98#define S_IROTH 0000004 /* R for other */
99#define S_IWOTH 0000002 /* W for other */
100#define S_IXOTH 0000001 /* X for other */
101
102#define S_ISUID 0004000 /* set user id on execution */
103#define S_ISGID 0002000 /* set group id on execution */
104#define S_ISVTX 0001000 /* sticky bit */
105#ifndef _POSIX_SOURCE
106#define S_ISTXT 0001000
107#endif
108.Ed
109.Pp
110The
111.Fx
112VM system totally ignores the sticky bit
113.Pf ( Dv ISVTX
114) for executables. On UFS-based filesystems (FFS, MFS, LFS) the sticky
115bit may only be set upon directories.
116.Pp
117If mode
118.Dv ISVTX
119(the `sticky bit') is set on a directory,
120an unprivileged user may not delete or rename
121files of other users in that directory.
122The sticky bit may be
123set by any user on a directory which the user owns or has appropriate
124permissions.
125For more details of the properties of the sticky bit, see
126.Xr sticky 8 .
127.Pp
128If mode ISUID (set UID) is set on a directory,
129and the MNT_SUIDDIR option was used in the mount of the filesystem,
130then the owner of any new files and sub-directories
131created within this directory are set
132to be the same as the owner of that directory.
133If this function is enabled, new directories will inherit
134the bit from their parents. Execute bits are removed from
135the file, and it will not be given to root.
136This behavior does not change the
137requirements for the user to be allowed to write the file, but only the eventual
138owner after it has been created.
139Group inheritance is not effected.
140.Pp
141This feature is designed for use on fileservers serving PC users via
142ftp, SAMBA, or netatalk.
143It provides security holes for shell users and as
144such should not be used on shell machines, especially on home directories.
145This option requires the SUIDDIR
146option in the kernel to work.
147Only UFS filesystems support this option.
148For more details of the suiddir mount option, see
149.Xr mount 8 .
150.Pp
151Writing or changing the owner of a file
152turns off the set-user-id and set-group-id bits
153unless the user is the super-user.
154This makes the system somewhat more secure
155by protecting set-user-id (set-group-id) files
156from remaining set-user-id (set-group-id) if they are modified,
157at the expense of a degree of compatibility.
158.Sh RETURN VALUES
159Upon successful completion, a value of 0 is returned.
160Otherwise, a value of -1 is returned and
161.Va errno
162is set to indicate the error.
163.Sh ERRORS
164.Fn Chmod
165will fail and the file mode will be unchanged if:
166.Bl -tag -width Er
167.It Bq Er ENOTDIR
168A component of the path prefix is not a directory.
169.It Bq Er ENAMETOOLONG
170A component of a pathname exceeded 255 characters,
171or an entire path name exceeded 1023 characters.
172.It Bq Er ENOENT
173The named file does not exist.
174.It Bq Er EACCES
175Search permission is denied for a component of the path prefix.
176.It Bq Er ELOOP
177Too many symbolic links were encountered in translating the pathname.
178.It Bq Er EPERM
179The effective user ID does not match the owner of the file and
180the effective user ID is not the super-user.
181.It Bq Er EROFS
182The named file resides on a read-only file system.
183.It Bq Er EFAULT
184.Fa Path
185points outside the process's allocated address space.
186.It Bq Er EIO
187An I/O error occurred while reading from or writing to the file system.
188.It Bq Er EFTYPE
189An attempt was made to set the sticky bit upon an executable.
190.El
191.Pp
192.Fn Fchmod
193will fail if:
194.Bl -tag -width Er
195.It Bq Er EBADF
196The descriptor is not valid.
197.It Bq Er EINVAL
| 34.\"
35.Dd June 4, 1993
36.Dt CHMOD 2
37.Os BSD 4
38.Sh NAME
39.Nm chmod ,
40.Nm fchmod ,
41.Nm lchmod
42.Nd change mode of file
43.Sh LIBRARY
44.Lb libc
45.Sh SYNOPSIS
46.Fd #include <sys/stat.h>
47.Ft int
48.Fn chmod "const char *path" "mode_t mode"
49.Ft int
50.Fn fchmod "int fd" "mode_t mode"
51.Ft int
52.Fn lchmod "const char *path" "mode_t mode"
53.Sh DESCRIPTION
54The file permission bits of the file named specified by
55.Fa path
56or referenced by the file descriptor
57.Fa fd
58are changed to
59.Fa mode .
60The
61.Fn chmod
62function verifies that the process owner (user) either owns
63the file specified by
64.Fa path
65(or
66.Fa fd ) ,
67or
68is the super-user.
69The
70.Fn chmod
71function follows symbolic links to operate on the target of the link
72rather than the link itself.
73.Pp
74The
75.Fa lchmod
76function is similar to
77.Fn chmod
78but does not follow symbolic links.
79.Pp
80A mode is created from
81.Em or'd
82permission bit masks
83defined in
84.Aq Pa sys/stat.h :
85.Pp
86.Bd -literal -offset indent -compact
87#define S_IRWXU 0000700 /* RWX mask for owner */
88#define S_IRUSR 0000400 /* R for owner */
89#define S_IWUSR 0000200 /* W for owner */
90#define S_IXUSR 0000100 /* X for owner */
91
92#define S_IRWXG 0000070 /* RWX mask for group */
93#define S_IRGRP 0000040 /* R for group */
94#define S_IWGRP 0000020 /* W for group */
95#define S_IXGRP 0000010 /* X for group */
96
97#define S_IRWXO 0000007 /* RWX mask for other */
98#define S_IROTH 0000004 /* R for other */
99#define S_IWOTH 0000002 /* W for other */
100#define S_IXOTH 0000001 /* X for other */
101
102#define S_ISUID 0004000 /* set user id on execution */
103#define S_ISGID 0002000 /* set group id on execution */
104#define S_ISVTX 0001000 /* sticky bit */
105#ifndef _POSIX_SOURCE
106#define S_ISTXT 0001000
107#endif
108.Ed
109.Pp
110The
111.Fx
112VM system totally ignores the sticky bit
113.Pf ( Dv ISVTX
114) for executables. On UFS-based filesystems (FFS, MFS, LFS) the sticky
115bit may only be set upon directories.
116.Pp
117If mode
118.Dv ISVTX
119(the `sticky bit') is set on a directory,
120an unprivileged user may not delete or rename
121files of other users in that directory.
122The sticky bit may be
123set by any user on a directory which the user owns or has appropriate
124permissions.
125For more details of the properties of the sticky bit, see
126.Xr sticky 8 .
127.Pp
128If mode ISUID (set UID) is set on a directory,
129and the MNT_SUIDDIR option was used in the mount of the filesystem,
130then the owner of any new files and sub-directories
131created within this directory are set
132to be the same as the owner of that directory.
133If this function is enabled, new directories will inherit
134the bit from their parents. Execute bits are removed from
135the file, and it will not be given to root.
136This behavior does not change the
137requirements for the user to be allowed to write the file, but only the eventual
138owner after it has been created.
139Group inheritance is not effected.
140.Pp
141This feature is designed for use on fileservers serving PC users via
142ftp, SAMBA, or netatalk.
143It provides security holes for shell users and as
144such should not be used on shell machines, especially on home directories.
145This option requires the SUIDDIR
146option in the kernel to work.
147Only UFS filesystems support this option.
148For more details of the suiddir mount option, see
149.Xr mount 8 .
150.Pp
151Writing or changing the owner of a file
152turns off the set-user-id and set-group-id bits
153unless the user is the super-user.
154This makes the system somewhat more secure
155by protecting set-user-id (set-group-id) files
156from remaining set-user-id (set-group-id) if they are modified,
157at the expense of a degree of compatibility.
158.Sh RETURN VALUES
159Upon successful completion, a value of 0 is returned.
160Otherwise, a value of -1 is returned and
161.Va errno
162is set to indicate the error.
163.Sh ERRORS
164.Fn Chmod
165will fail and the file mode will be unchanged if:
166.Bl -tag -width Er
167.It Bq Er ENOTDIR
168A component of the path prefix is not a directory.
169.It Bq Er ENAMETOOLONG
170A component of a pathname exceeded 255 characters,
171or an entire path name exceeded 1023 characters.
172.It Bq Er ENOENT
173The named file does not exist.
174.It Bq Er EACCES
175Search permission is denied for a component of the path prefix.
176.It Bq Er ELOOP
177Too many symbolic links were encountered in translating the pathname.
178.It Bq Er EPERM
179The effective user ID does not match the owner of the file and
180the effective user ID is not the super-user.
181.It Bq Er EROFS
182The named file resides on a read-only file system.
183.It Bq Er EFAULT
184.Fa Path
185points outside the process's allocated address space.
186.It Bq Er EIO
187An I/O error occurred while reading from or writing to the file system.
188.It Bq Er EFTYPE
189An attempt was made to set the sticky bit upon an executable.
190.El
191.Pp
192.Fn Fchmod
193will fail if:
194.Bl -tag -width Er
195.It Bq Er EBADF
196The descriptor is not valid.
197.It Bq Er EINVAL
|
198.Fa Fd
| 198.Fa fd
|
199refers to a socket, not to a file.
200.It Bq Er EROFS
201The file resides on a read-only file system.
202.It Bq Er EIO
203An I/O error occurred while reading from or writing to the file system.
204.El
205.Sh SEE ALSO
206.Xr chmod 1 ,
207.Xr chown 2 ,
208.Xr open 2 ,
209.Xr stat 2 ,
210.Xr sticky 8
211.Sh STANDARDS
212The
213.Fn chmod
214function call is expected to conform to
215.St -p1003.1-90 ,
216except for the return of
217.Er EFTYPE
218and the use of
219.Dv S_ISTXT .
220.Sh HISTORY
221A
222.Fn chmod
223function call appeared in
224.At v7 .
225The
226.Fn fchmod
227function call
228appeared in
229.Bx 4.2 .
230The
231.Fn lchmod
232function call appeared in
233.Fx 3.0 .
| 199refers to a socket, not to a file.
200.It Bq Er EROFS
201The file resides on a read-only file system.
202.It Bq Er EIO
203An I/O error occurred while reading from or writing to the file system.
204.El
205.Sh SEE ALSO
206.Xr chmod 1 ,
207.Xr chown 2 ,
208.Xr open 2 ,
209.Xr stat 2 ,
210.Xr sticky 8
211.Sh STANDARDS
212The
213.Fn chmod
214function call is expected to conform to
215.St -p1003.1-90 ,
216except for the return of
217.Er EFTYPE
218and the use of
219.Dv S_ISTXT .
220.Sh HISTORY
221A
222.Fn chmod
223function call appeared in
224.At v7 .
225The
226.Fn fchmod
227function call
228appeared in
229.Bx 4.2 .
230The
231.Fn lchmod
232function call appeared in
233.Fx 3.0 .
|