|
Packit |
7cfc04 |
'\" et
|
|
Packit |
7cfc04 |
.TH CHOWN "3P" 2013 "IEEE/The Open Group" "POSIX Programmer's Manual"
|
|
Packit |
7cfc04 |
.SH PROLOG
|
|
Packit |
7cfc04 |
This manual page is part of the POSIX Programmer's Manual.
|
|
Packit |
7cfc04 |
The Linux implementation of this interface may differ (consult
|
|
Packit |
7cfc04 |
the corresponding Linux manual page for details of Linux behavior),
|
|
Packit |
7cfc04 |
or the interface may not be implemented on Linux.
|
|
Packit |
7cfc04 |
|
|
Packit |
7cfc04 |
.SH NAME
|
|
Packit |
7cfc04 |
chown, fchownat
|
|
Packit |
7cfc04 |
\(em change owner and group of a file relative to directory
|
|
Packit |
7cfc04 |
file descriptor
|
|
Packit |
7cfc04 |
.SH SYNOPSIS
|
|
Packit |
7cfc04 |
.LP
|
|
Packit |
7cfc04 |
.nf
|
|
Packit |
7cfc04 |
#include <unistd.h>
|
|
Packit |
7cfc04 |
.P
|
|
Packit |
7cfc04 |
int chown(const char *\fIpath\fP, uid_t \fIowner\fP, gid_t \fIgroup\fP);
|
|
Packit |
7cfc04 |
int fchownat(int \fIfd\fP, const char *\fIpath\fP, uid_t \fIowner\fP, gid_t \fIgroup\fP,
|
|
Packit |
7cfc04 |
int \fIflag\fP);
|
|
Packit |
7cfc04 |
.fi
|
|
Packit |
7cfc04 |
.SH DESCRIPTION
|
|
Packit |
7cfc04 |
The
|
|
Packit |
7cfc04 |
\fIchown\fR()
|
|
Packit |
7cfc04 |
function shall change the user and group ownership of a file.
|
|
Packit |
7cfc04 |
.P
|
|
Packit |
7cfc04 |
The
|
|
Packit |
7cfc04 |
.IR path
|
|
Packit |
7cfc04 |
argument points to a pathname naming a file. The user ID and group ID
|
|
Packit |
7cfc04 |
of the named file shall be set to the numeric values contained in
|
|
Packit |
7cfc04 |
.IR owner
|
|
Packit |
7cfc04 |
and
|
|
Packit |
7cfc04 |
.IR group ,
|
|
Packit |
7cfc04 |
respectively.
|
|
Packit |
7cfc04 |
.P
|
|
Packit |
7cfc04 |
Only processes with an effective user ID equal to the user ID of the
|
|
Packit |
7cfc04 |
file or with appropriate privileges may change the ownership of a
|
|
Packit |
7cfc04 |
file. If _POSIX_CHOWN_RESTRICTED is in effect for
|
|
Packit |
7cfc04 |
.IR path :
|
|
Packit |
7cfc04 |
.IP " *" 4
|
|
Packit |
7cfc04 |
Changing the user ID is restricted to processes with appropriate
|
|
Packit |
7cfc04 |
privileges.
|
|
Packit |
7cfc04 |
.IP " *" 4
|
|
Packit |
7cfc04 |
Changing the group ID is permitted to a process with an effective user
|
|
Packit |
7cfc04 |
ID equal to the user ID of the file, but without appropriate
|
|
Packit |
7cfc04 |
privileges, if and only if
|
|
Packit |
7cfc04 |
.IR owner
|
|
Packit |
7cfc04 |
is equal to the file's user ID or (\c
|
|
Packit |
7cfc04 |
.BR uid_t )\(mi1
|
|
Packit |
7cfc04 |
and
|
|
Packit |
7cfc04 |
.IR group
|
|
Packit |
7cfc04 |
is equal either to the calling process' effective group ID or to one of
|
|
Packit |
7cfc04 |
its supplementary group IDs.
|
|
Packit |
7cfc04 |
.P
|
|
Packit |
7cfc04 |
If the specified file is a regular file, one or more of the S_IXUSR,
|
|
Packit |
7cfc04 |
S_IXGRP, or S_IXOTH bits of the file mode are set, and the process does
|
|
Packit |
7cfc04 |
not have appropriate privileges, the set-user-ID (S_ISUID) and
|
|
Packit |
7cfc04 |
set-group-ID (S_ISGID) bits of the file mode shall be cleared upon
|
|
Packit |
7cfc04 |
successful return from
|
|
Packit |
7cfc04 |
\fIchown\fR().
|
|
Packit |
7cfc04 |
If the specified file is a regular file, one or more of the S_IXUSR,
|
|
Packit |
7cfc04 |
S_IXGRP, or S_IXOTH bits of the file mode are set, and the process has
|
|
Packit |
7cfc04 |
appropriate privileges, it is implementation-defined whether the
|
|
Packit |
7cfc04 |
set-user-ID and set-group-ID bits are altered. If the
|
|
Packit |
7cfc04 |
\fIchown\fR()
|
|
Packit |
7cfc04 |
function is successfully invoked on a file that is not a regular file
|
|
Packit |
7cfc04 |
and one or more of the S_IXUSR, S_IXGRP, or S_IXOTH bits of the file
|
|
Packit |
7cfc04 |
mode are set, the set-user-ID and set-group-ID bits may be cleared.
|
|
Packit |
7cfc04 |
.P
|
|
Packit |
7cfc04 |
If
|
|
Packit |
7cfc04 |
.IR owner
|
|
Packit |
7cfc04 |
or
|
|
Packit |
7cfc04 |
.IR group
|
|
Packit |
7cfc04 |
is specified as (\c
|
|
Packit |
7cfc04 |
.BR uid_t )\(mi1
|
|
Packit |
7cfc04 |
or (\c
|
|
Packit |
7cfc04 |
.BR gid_t )\(mi1,
|
|
Packit |
7cfc04 |
respectively, the corresponding ID of the file shall not be changed.
|
|
Packit |
7cfc04 |
If both owner and group are \(mi1, the times need not be updated.
|
|
Packit |
7cfc04 |
.P
|
|
Packit |
7cfc04 |
Upon successful completion,
|
|
Packit |
7cfc04 |
\fIchown\fR()
|
|
Packit |
7cfc04 |
shall mark for update the last file status change timestamp of the file.
|
|
Packit |
7cfc04 |
.P
|
|
Packit |
7cfc04 |
The
|
|
Packit |
7cfc04 |
\fIfchownat\fR()
|
|
Packit |
7cfc04 |
function shall be equivalent to the
|
|
Packit |
7cfc04 |
\fIchown\fR()
|
|
Packit |
7cfc04 |
and
|
|
Packit |
7cfc04 |
\fIlchown\fR()
|
|
Packit |
7cfc04 |
functions except in the case where
|
|
Packit |
7cfc04 |
.IR path
|
|
Packit |
7cfc04 |
specifies a relative path. In this case the file to be changed is
|
|
Packit |
7cfc04 |
determined relative to the directory associated with the file
|
|
Packit |
7cfc04 |
descriptor
|
|
Packit |
7cfc04 |
.IR fd
|
|
Packit |
7cfc04 |
instead of the current working directory. If the file descriptor was
|
|
Packit |
7cfc04 |
opened without O_SEARCH, the function shall check whether directory
|
|
Packit |
7cfc04 |
searches are permitted using the current permissions of the directory
|
|
Packit |
7cfc04 |
underlying the file descriptor. If the file descriptor was opened with
|
|
Packit |
7cfc04 |
O_SEARCH, the function shall not perform the check.
|
|
Packit |
7cfc04 |
.P
|
|
Packit |
7cfc04 |
Values for
|
|
Packit |
7cfc04 |
.IR flag
|
|
Packit |
7cfc04 |
are constructed by a bitwise-inclusive OR of flags from the following
|
|
Packit |
7cfc04 |
list, defined in
|
|
Packit |
7cfc04 |
.IR <fcntl.h> :
|
|
Packit |
7cfc04 |
.IP AT_SYMLINK_NOFOLLOW 6
|
|
Packit |
7cfc04 |
.br
|
|
Packit |
7cfc04 |
If
|
|
Packit |
7cfc04 |
.IR path
|
|
Packit |
7cfc04 |
names a symbolic link, ownership of the symbolic link is changed.
|
|
Packit |
7cfc04 |
.P
|
|
Packit |
7cfc04 |
If
|
|
Packit |
7cfc04 |
\fIfchownat\fR()
|
|
Packit |
7cfc04 |
is passed the special value AT_FDCWD in the
|
|
Packit |
7cfc04 |
.IR fd
|
|
Packit |
7cfc04 |
parameter, the current working directory shall be used and the behavior
|
|
Packit |
7cfc04 |
shall be identical to a call to
|
|
Packit |
7cfc04 |
\fIchown\fR()
|
|
Packit |
7cfc04 |
or
|
|
Packit |
7cfc04 |
\fIlchown\fR()
|
|
Packit |
7cfc04 |
respectively, depending on whether or not the AT_SYMLINK_NOFOLLOW bit
|
|
Packit |
7cfc04 |
is set in the
|
|
Packit |
7cfc04 |
.IR flag
|
|
Packit |
7cfc04 |
argument.
|
|
Packit |
7cfc04 |
.SH "RETURN VALUE"
|
|
Packit |
7cfc04 |
Upon successful completion, these functions shall return 0.
|
|
Packit |
7cfc04 |
Otherwise, these functions shall return \(mi1 and set
|
|
Packit |
7cfc04 |
.IR errno
|
|
Packit |
7cfc04 |
to indicate the error. If \(mi1 is returned, no changes are
|
|
Packit |
7cfc04 |
made in the user ID and group ID of the file.
|
|
Packit |
7cfc04 |
.SH ERRORS
|
|
Packit |
7cfc04 |
These functions shall fail if:
|
|
Packit |
7cfc04 |
.TP
|
|
Packit |
7cfc04 |
.BR EACCES
|
|
Packit |
7cfc04 |
Search permission is denied on a component of the path prefix.
|
|
Packit |
7cfc04 |
.TP
|
|
Packit |
7cfc04 |
.BR ELOOP
|
|
Packit |
7cfc04 |
A loop exists in symbolic links encountered during resolution of the
|
|
Packit |
7cfc04 |
.IR path
|
|
Packit |
7cfc04 |
argument.
|
|
Packit |
7cfc04 |
.TP
|
|
Packit |
7cfc04 |
.BR ENAMETOOLONG
|
|
Packit |
7cfc04 |
.br
|
|
Packit |
7cfc04 |
The length of a component of a pathname is longer than
|
|
Packit |
7cfc04 |
{NAME_MAX}.
|
|
Packit |
7cfc04 |
.TP
|
|
Packit |
7cfc04 |
.BR ENOENT
|
|
Packit |
7cfc04 |
A component of
|
|
Packit |
7cfc04 |
.IR path
|
|
Packit |
7cfc04 |
does not name an existing file or
|
|
Packit |
7cfc04 |
.IR path
|
|
Packit |
7cfc04 |
is an empty string.
|
|
Packit |
7cfc04 |
.TP
|
|
Packit |
7cfc04 |
.BR ENOTDIR
|
|
Packit |
7cfc04 |
A component of the path prefix names an existing file that is neither
|
|
Packit |
7cfc04 |
a directory nor a symbolic link to a directory, or the
|
|
Packit |
7cfc04 |
.IR path
|
|
Packit |
7cfc04 |
argument contains at least one non-\c
|
|
Packit |
7cfc04 |
<slash>
|
|
Packit |
7cfc04 |
character and ends with one or more trailing
|
|
Packit |
7cfc04 |
<slash>
|
|
Packit |
7cfc04 |
characters and the last pathname component names an existing file
|
|
Packit |
7cfc04 |
that is neither a directory nor a symbolic link to a directory.
|
|
Packit |
7cfc04 |
.TP
|
|
Packit |
7cfc04 |
.BR EPERM
|
|
Packit |
7cfc04 |
The effective user ID does not match the owner of the file, or the
|
|
Packit |
7cfc04 |
calling process does not have appropriate privileges and
|
|
Packit |
7cfc04 |
_POSIX_CHOWN_RESTRICTED indicates that such privilege is required.
|
|
Packit |
7cfc04 |
.TP
|
|
Packit |
7cfc04 |
.BR EROFS
|
|
Packit |
7cfc04 |
The named file resides on a read-only file system.
|
|
Packit |
7cfc04 |
.P
|
|
Packit |
7cfc04 |
The
|
|
Packit |
7cfc04 |
\fIfchownat\fR()
|
|
Packit |
7cfc04 |
function shall fail if:
|
|
Packit |
7cfc04 |
.TP
|
|
Packit |
7cfc04 |
.BR EACCES
|
|
Packit |
7cfc04 |
.IR fd
|
|
Packit |
7cfc04 |
was not opened with O_SEARCH and the permissions of the directory
|
|
Packit |
7cfc04 |
underlying
|
|
Packit |
7cfc04 |
.IR fd
|
|
Packit |
7cfc04 |
do not permit directory searches.
|
|
Packit |
7cfc04 |
.TP
|
|
Packit |
7cfc04 |
.BR EBADF
|
|
Packit |
7cfc04 |
The
|
|
Packit |
7cfc04 |
.IR path
|
|
Packit |
7cfc04 |
argument does not specify an absolute path and the
|
|
Packit |
7cfc04 |
.IR fd
|
|
Packit |
7cfc04 |
argument is neither AT_FDCWD nor a valid file descriptor open
|
|
Packit |
7cfc04 |
for reading or searching.
|
|
Packit |
7cfc04 |
.TP
|
|
Packit |
7cfc04 |
.BR ENOTDIR
|
|
Packit |
7cfc04 |
The
|
|
Packit |
7cfc04 |
.IR path
|
|
Packit |
7cfc04 |
argument is not an absolute path and
|
|
Packit |
7cfc04 |
.IR fd
|
|
Packit |
7cfc04 |
is a file descriptor associated with a non-directory file.
|
|
Packit |
7cfc04 |
.P
|
|
Packit |
7cfc04 |
These functions may fail if:
|
|
Packit |
7cfc04 |
.TP
|
|
Packit |
7cfc04 |
.BR EIO
|
|
Packit |
7cfc04 |
An I/O error occurred while reading or writing to the file system.
|
|
Packit |
7cfc04 |
.TP
|
|
Packit |
7cfc04 |
.BR EINTR
|
|
Packit |
7cfc04 |
The
|
|
Packit |
7cfc04 |
\fIchown\fR()
|
|
Packit |
7cfc04 |
function was interrupted by a signal which was caught.
|
|
Packit |
7cfc04 |
.TP
|
|
Packit |
7cfc04 |
.BR EINVAL
|
|
Packit |
7cfc04 |
The owner or group ID supplied is not a value supported by the
|
|
Packit |
7cfc04 |
implementation.
|
|
Packit |
7cfc04 |
.TP
|
|
Packit |
7cfc04 |
.BR ELOOP
|
|
Packit |
7cfc04 |
More than
|
|
Packit |
7cfc04 |
{SYMLOOP_MAX}
|
|
Packit |
7cfc04 |
symbolic links were encountered during resolution of the
|
|
Packit |
7cfc04 |
.IR path
|
|
Packit |
7cfc04 |
argument.
|
|
Packit |
7cfc04 |
.TP
|
|
Packit |
7cfc04 |
.BR ENAMETOOLONG
|
|
Packit |
7cfc04 |
.br
|
|
Packit |
7cfc04 |
The length of a pathname exceeds
|
|
Packit |
7cfc04 |
{PATH_MAX},
|
|
Packit |
7cfc04 |
or pathname resolution of a symbolic link produced an intermediate
|
|
Packit |
7cfc04 |
result with a length that exceeds
|
|
Packit |
7cfc04 |
{PATH_MAX}.
|
|
Packit |
7cfc04 |
.br
|
|
Packit |
7cfc04 |
.P
|
|
Packit |
7cfc04 |
The
|
|
Packit |
7cfc04 |
\fIfchownat\fR()
|
|
Packit |
7cfc04 |
function may fail if:
|
|
Packit |
7cfc04 |
.TP
|
|
Packit |
7cfc04 |
.BR EINVAL
|
|
Packit |
7cfc04 |
The value of the
|
|
Packit |
7cfc04 |
.IR flag
|
|
Packit |
7cfc04 |
argument is not valid.
|
|
Packit |
7cfc04 |
.LP
|
|
Packit |
7cfc04 |
.IR "The following sections are informative."
|
|
Packit |
7cfc04 |
.SH EXAMPLES
|
|
Packit |
7cfc04 |
None.
|
|
Packit |
7cfc04 |
.SH "APPLICATION USAGE"
|
|
Packit |
7cfc04 |
Although
|
|
Packit |
7cfc04 |
\fIchown\fR()
|
|
Packit |
7cfc04 |
can be used on some implementations by the file owner to change the owner
|
|
Packit |
7cfc04 |
and group to any desired values, the only portable use of this function
|
|
Packit |
7cfc04 |
is to change the group of a file to the effective GID of the calling
|
|
Packit |
7cfc04 |
process or to a member of its group set.
|
|
Packit |
7cfc04 |
.SH RATIONALE
|
|
Packit |
7cfc04 |
System III and System V allow a user to give away files;
|
|
Packit |
7cfc04 |
that is, the owner of a file may change its user ID to anything. This
|
|
Packit |
7cfc04 |
is a serious problem for implementations that are intended to meet
|
|
Packit |
7cfc04 |
government security regulations.
|
|
Packit |
7cfc04 |
Version 7 and 4.3 BSD permit only the superuser
|
|
Packit |
7cfc04 |
to change the user ID of a file. Some government agencies (usually not
|
|
Packit |
7cfc04 |
ones concerned directly with security) find this limitation too
|
|
Packit |
7cfc04 |
confining. This volume of POSIX.1\(hy2008 uses \fImay\fP to permit secure implementations
|
|
Packit |
7cfc04 |
while not disallowing System V.
|
|
Packit |
7cfc04 |
.P
|
|
Packit |
7cfc04 |
System III and System V allow the owner of a file to change the
|
|
Packit |
7cfc04 |
group ID to anything. Version 7 permits only the superuser to change
|
|
Packit |
7cfc04 |
the group ID of a file.
|
|
Packit |
7cfc04 |
4.3 BSD permits the owner to change the group ID of a file
|
|
Packit |
7cfc04 |
to its effective group ID
|
|
Packit |
7cfc04 |
or to any of the groups in the list of supplementary group IDs, but to
|
|
Packit |
7cfc04 |
no others.
|
|
Packit |
7cfc04 |
.P
|
|
Packit |
7cfc04 |
The POSIX.1\(hy1990 standard requires that the
|
|
Packit |
7cfc04 |
\fIchown\fR()
|
|
Packit |
7cfc04 |
function invoked by a non-appropriate privileged process clear the
|
|
Packit |
7cfc04 |
S_ISGID and the S_ISUID bits for regular files, and permits them to be
|
|
Packit |
7cfc04 |
cleared for other types of files. This is so that changes in
|
|
Packit |
7cfc04 |
accessibility do not accidentally cause files to become security holes.
|
|
Packit |
7cfc04 |
Unfortunately, requiring these bits to be cleared on non-executable
|
|
Packit |
7cfc04 |
data files also clears the mandatory file locking bit (shared with
|
|
Packit |
7cfc04 |
S_ISGID), which is an extension on many implementations (it first
|
|
Packit |
7cfc04 |
appeared in System V). These bits should only be required to be
|
|
Packit |
7cfc04 |
cleared on regular files that have one or more of their execute bits
|
|
Packit |
7cfc04 |
set.
|
|
Packit |
7cfc04 |
.P
|
|
Packit |
7cfc04 |
The purpose of the
|
|
Packit |
7cfc04 |
\fIfchownat\fR()
|
|
Packit |
7cfc04 |
function is to enable changing ownership of files in directories other
|
|
Packit |
7cfc04 |
than the current working directory without exposure to race
|
|
Packit |
7cfc04 |
conditions. Any part of the path of a file could be changed in
|
|
Packit |
7cfc04 |
parallel to a call to
|
|
Packit |
7cfc04 |
\fIchown\fR()
|
|
Packit |
7cfc04 |
or
|
|
Packit |
7cfc04 |
\fIlchown\fR(),
|
|
Packit |
7cfc04 |
resulting in unspecified behavior. By opening a file descriptor for
|
|
Packit |
7cfc04 |
the target directory and using the
|
|
Packit |
7cfc04 |
\fIfchownat\fR()
|
|
Packit |
7cfc04 |
function it can be guaranteed that the changed file is located relative
|
|
Packit |
7cfc04 |
to the desired directory.
|
|
Packit |
7cfc04 |
.SH "FUTURE DIRECTIONS"
|
|
Packit |
7cfc04 |
None.
|
|
Packit |
7cfc04 |
.SH "SEE ALSO"
|
|
Packit |
7cfc04 |
.IR "\fIchmod\fR\^(\|)",
|
|
Packit |
7cfc04 |
.IR "\fIfpathconf\fR\^(\|)",
|
|
Packit |
7cfc04 |
.IR "\fIlchown\fR\^(\|)"
|
|
Packit |
7cfc04 |
.P
|
|
Packit |
7cfc04 |
The Base Definitions volume of POSIX.1\(hy2008,
|
|
Packit |
7cfc04 |
.IR "\fB<fcntl.h>\fP",
|
|
Packit |
7cfc04 |
.IR "\fB<sys_types.h>\fP",
|
|
Packit |
7cfc04 |
.IR "\fB<unistd.h>\fP"
|
|
Packit |
7cfc04 |
.SH COPYRIGHT
|
|
Packit |
7cfc04 |
Portions of this text are reprinted and reproduced in electronic form
|
|
Packit |
7cfc04 |
from IEEE Std 1003.1, 2013 Edition, Standard for Information Technology
|
|
Packit |
7cfc04 |
-- Portable Operating System Interface (POSIX), The Open Group Base
|
|
Packit |
7cfc04 |
Specifications Issue 7, Copyright (C) 2013 by the Institute of
|
|
Packit |
7cfc04 |
Electrical and Electronics Engineers, Inc and The Open Group.
|
|
Packit |
7cfc04 |
(This is POSIX.1-2008 with the 2013 Technical Corrigendum 1 applied.) In the
|
|
Packit |
7cfc04 |
event of any discrepancy between this version and the original IEEE and
|
|
Packit |
7cfc04 |
The Open Group Standard, the original IEEE and The Open Group Standard
|
|
Packit |
7cfc04 |
is the referee document. The original Standard can be obtained online at
|
|
Packit |
7cfc04 |
http://www.unix.org/online.html .
|
|
Packit |
7cfc04 |
|
|
Packit |
7cfc04 |
Any typographical or formatting errors that appear
|
|
Packit |
7cfc04 |
in this page are most likely
|
|
Packit |
7cfc04 |
to have been introduced during the conversion of the source files to
|
|
Packit |
7cfc04 |
man page format. To report such errors, see
|
|
Packit |
7cfc04 |
https://www.kernel.org/doc/man-pages/reporting_bugs.html .
|