chmod(2) System Calls Manual chmod(2)
NAME
chmod(), fchmod() - change file mode access permissions
SYNOPSIS
DESCRIPTION
The and system calls set the access permission portion of the file's mode according to the bit pattern contained in mode. path points to a
path name naming a file. fildes is a file descriptor.
The following symbolic constants representing the access permission bits are defined with the indicated values in and are used to construct
the mode argument. The value of mode is the bit-wise inclusive OR of the values for the desired permissions.
The mode bit (same as is used to enforce file-locking mode (see lockf(2), fcntl(2), and flock(2)) on files that are not group executable.
This might affect future calls to and on such files (see open(2), creat(2), read(2), write(2), and truncate(2)).
The mode bit (sticky bit) has no significance when set on a regular file.
If the path given to contains a symbolic link as the last element, this link is traversed and path name resolution continues. changes the
access mode of the symbolic link's target, rather than the access mode of the link.
Access Control Lists - HFS File Systems Only
All optional entries in a file's access control list are deleted when is executed. (This behavior conforms to the IEEE Standard POSIX
1003.1-1988.) To preserve optional entries in a file's access control list, it is necessary to save and restore them using and (see
getacl(2) and setacl(2)).
To set the permission bits of access control list entries, use instead of
Access Control Lists - JFS File Systems Only
The effective permissions granted by optional entries in a file's access control list may be changed when is executed. In particular,
using to remove read, write and execute permissions from a file's owner, owning group, and all others works as expected, because affects
the entry in the ACL, limiting any access that can be granted to additional users or groups via optional ACL entries. The effect can be
verified by doing a on the file after the and noting that all optional (non-default) ACL entries with nonzero permissions also have the
comment
To set the permission bits of access control list entries, use instead of
For more information on access control list entries, see acl(5) and aclv(5).
Security Restrictions
To change the mode of a file, the effective user ID of the process must match that of the owner of the file or the process must have the
privilege.
If the process does not have the privilege, mode bit is cleared.
If the process does not have privilege, and the effective group ID of the process does not match the group ID of the file, and none of the
group IDs in the supplementary groups list match the group ID of the file, mode bit is cleared.
If the mode bit (sticky bit) is set on a directory, files inside the directory can be renamed or removed only by the owner of the file, the
owner of the directory, or a process with the privilege (even if the modes of the directory would otherwise allow such an operation).
See privileges(5) for more information about privileged access on systems that support fine-grained privileges.
RETURN VALUE
returns the following values:
Successful completion.
Failure.
is set to indicate the error.
ERRORS
If fails, the file mode is unchanged. is set to one of the following values:
Search permission is denied on a component of the path prefix.
path points outside the allocated address space of the process. The reliable detection of this error is implementa-
tion dependent.
path or fildes descriptor does not refer to an appropriate file.
Too many symbolic links were encountered in translating
path.
A component of path exceeds bytes while is in effect or path exceeds bytes.
A component of path or the file named by path does not exist.
A component of the path prefix is not a directory.
The effective user ID does not match that of
the owner of the file or the process does not have privilege.
The named file resides on a read-only file system.
If fails, the file mode is unchanged. is set to one of the following values:
fildes is not a valid file descriptor.
path or fildes descriptor does not refer to an appropriate file.
The effective user ID does not match that of the owner of the file,
and the effective user ID is not that of a user with appropriate privileges.
The named file resides on a read-only file system.
AUTHOR
was developed by AT&T, the University of California, Berkeley, and HP.
was developed by the University of California, Berkeley.
SEE ALSO
chmod(1), getacl(1), chown(2), creat(2), fcntl(2), flock(2), getacl(2), lockf(2), mknod(2), open(2), read(2), setacl(2), truncate(2),
write(2), acl(5), aclv(5), privileges(5).
STANDARDS CONFORMANCE
chmod(2)