chmod(2)chmod(2)NAMEchmod(), fchmod() - change file mode access permissions
SYNOPSISDESCRIPTION
The and system calls set the access permission portion of the file's
mode according to the bit pattern contained in mode. path points to a
path name naming a file. fildes is a file descriptor.
The following symbolic constants representing the access permission
bits are defined with the indicated values in and are used to construct
the mode argument. The value of mode is the bit-wise inclusive OR of
the values for the desired permissions.
The mode bit (same as is used to enforce file-locking mode (see
lockf(2), fcntl(2), and flock(2)) on files that are not group exe‐
cutable. This might affect future calls to and on such files (see
open(2), creat(2), read(2), write(2), and truncate(2)).
The mode bit (sticky bit) has no significance when set on a regular
file.
If the path given to contains a symbolic link as the last element, this
link is traversed and path name resolution continues. changes the
access mode of the symbolic link's target, rather than the access mode
of the link.
Access Control Lists - HFS File Systems Only
All optional entries in a file's access control list are deleted when
is executed. (This behavior conforms to the IEEE Standard POSIX
1003.1-1988.) To preserve optional entries in a file's access control
list, it is necessary to save and restore them using and (see getacl(2)
and setacl(2)).
To set the permission bits of access control list entries, use instead
of
Access Control Lists - JFS File Systems Only
The effective permissions granted by optional entries in a file's
access control list may be changed when is executed. In particular,
using to remove read, write and execute permissions from a file's
owner, owning group, and all others works as expected, because affects
the entry in the ACL, limiting any access that can be granted to addi‐
tional users or groups via optional ACL entries. The effect can be
verified by doing a on the file after the and noting that all optional
(non-default) ACL entries with nonzero permissions also have the com‐
ment
To set the permission bits of access control list entries, use instead
of
For more information on access control list entries, see acl(5) and
aclv(5).
Security Restrictions
To change the mode of a file, the effective user ID of the process must
match that of the owner of the file or the process must have the privi‐
lege.
If the process does not have the privilege, mode bit is cleared.
If the process does not have privilege, and the effective group ID of
the process does not match the group ID of the file, and none of the
group IDs in the supplementary groups list match the group ID of the
file, mode bit is cleared.
If the mode bit (sticky bit) is set on a directory, files inside the
directory can be renamed or removed only by the owner of the file, the
owner of the directory, or a process with the privilege (even if the
modes of the directory would otherwise allow such an operation).
See privileges(5) for more information about privileged access on sys‐
tems that support fine-grained privileges.
RETURN VALUE
returns the following values:
Successful completion.
Failure.
is set to indicate the error.
ERRORS
If fails, the file mode is unchanged. is set to one of the following
values:
Search permission is denied on a component of the path prefix.
path points outside the allocated address space
of the process. The reliable detection of
this error is implementation dependent.
path or fildes descriptor does not refer to an
appropriate file.
Too many symbolic links were encountered in translating
path.
A component of path exceeds bytes while is in effect or
path exceeds bytes.
A component of path or the file named by path does not
exist.
A component of the path prefix is not a directory.
The effective user ID does not match that of
the owner of the file or the process does
not have privilege.
The named file resides on a read-only file system.
If fails, the file mode is unchanged. is set to one of the following
values:
fildes is not a valid file descriptor.
path or fildes descriptor does not refer to an
appropriate file.
The effective user ID does not match that of the owner of the
file,
and the effective user ID is not that of a
user with appropriate privileges.
The named file resides on a read-only file system.
AUTHOR
was developed by AT&T, the University of California, Berkeley, and HP.
was developed by the University of California, Berkeley.
SEE ALSOchmod(1), getacl(1), chown(2), creat(2), fcntl(2), flock(2), getacl(2),
lockf(2), mknod(2), open(2), read(2), setacl(2), truncate(2), write(2),
acl(5), aclv(5), privileges(5).
STANDARDS CONFORMANCEchmod(2)