chown(2) System Calls Manual chown(2)
NAME
chown(), fchown(), lchown() - change owner and group of a file
SYNOPSIS
DESCRIPTION
The system call changes the user and group ownership of a file. path points to the path name of a file. sets the owner ID and group ID of
the file to the numeric values contained in owner and group respectively. A value of or can be specified in owner or group to leave
unchanged the file's owner ID or group ID, respectively. Note that owner and group should be less than (see limits(5)).
The group ownership of a file can be changed to any group in the current process's access list or to the real or effective group ID of the
current process. If privilege groups are supported and the user has the privilege, the file can be given to any group.
If the path given to contains a symbolic link as the last element, this link is traversed and path name resolution continues. changes the
owner and group of the symbolic link's target, rather than the owner and group of the link.
The system call functions exactly like except that it operates on a file descriptor instead of a path name. fildes is a file descriptor.
The system call sets the owner ID and group ID of the named file just as does, except in the case where the named file is a symbolic link.
In this case, changes the owner and group of the symbolic link file itself.
Access Control Lists - HFS File Systems Only
A user can allow or deny specific individuals and groups access to a file by using the file's access control list (see acl(5)). When using
in conjunction with HFS ACLs, if the new owner and/or group does not have an optional ACL entry corresponding to and/or in the file's
access control list, the file's access permission bits remain unchanged. However, if the new owner and/or group is already designated by
an optional ACL entry of and/or %.group, sets the file's permission bits (and the three basic ACL entries) to the permissions contained in
that entry.
Access Control Lists - JFS File Systems Only
A user can allow or deny specific individuals and groups access to a file by using the file's access control list (see aclv(5)). When
using in conjunction with JFS ACLs, if the new owner and/or group of a file have optional ACL entries corresponding to and/or in the file's
access control list, those entries remain in the ACL but no longer have any effect, being superseded by the file's and/or entries.
Security Restrictions
Only processes with an effective user ID equal to the file owner or a user with the privilege can change the ownership of a file. If priv-
ilege groups are supported, the owner of a file can change the ownership only as a member of a privilege group allowing as set up by the
command (see setprivgrp(1M)). All users get the privilege by default.
When a process changes the ownership or group of a file, the file system may clear the set-user-ID and set-group-ID bits.
See privileges(5) for more information about privileged access on systems that support fine-grained privileges.
RETURN VALUE
and return the following values:
Successful completion.
Failure.
The owner and group of the file remain unchanged. is set to indicate the error.
ERRORS
If or fails, is set to one of the following values:
Search permission is denied on a component of the path prefix.
path points outside the allocated address space of the process. The reliable detection of this error is implementation
dependent.
Too many symbolic links were encountered in translating
path.
A component of path exceeds bytes while is in effect, or path exceeds bytes.
The file named by
path does not exist.
A component of the path prefix is not a directory.
Either owner or group is greater than or equal to or is an illegal negative value.
The effective user ID is not a user with
privilege and one or more of the following conditions exist:
o The effective user ID does not match the owner of the file.
o When changing the owner of the file, the owner of the file is not a member of a privilege group allowing the priv-
ilege.
o When changing the group of the file, the owner of the file is not a member of a privilege group allowing the priv-
ilege and the group number is not in the current process's access list.
The named file resides on a read-only file system.
If fails, is set to one of the following values:
fildes is not a valid file descriptor.
Either owner or group is greater than or equal to or is an illegal negative value.
The effective user ID is not a user
having privilege and one or more of the following conditions exist:
o The effective user ID does not match the owner of the file.
o When changing the owner of the file, the owner of the file is not a member of a privilege group allowing the priv-
ilege.
o When changing the group of the file, the owner of the file is not a member of a privilege group allowing the priv-
ilege and the group number is not in the current process's access list.
The named file resides on a read-only file system.
AUTHOR
was developed by AT&T.
was developed by the University of California, Berkeley.
SEE ALSO
chown(1), setprivgrp(1M), chmod(2), setacl(2), acl(5), aclv(5), limits(5), privileges(5).
STANDARDS CONFORMANCE
chown(2)