NAME
chmod - change mode of a file
SYNOPSIS
#include <sys/stat.h>
int chmod(const char *path, mode_t mode);
DESCRIPTION
The chmod() function shall change S_ISUID, S_ISGID, S_ISVTX, and the
file permission bits of the file named by the pathname pointed to by
the path argument to the corresponding bits in the mode argument. The
application shall ensure that the effective user ID of the process
matches the owner of the file or the process has appropriate privileges
in order to do this.
S_ISUID, S_ISGID, S_ISVTX, and the file permission bits are
described in <sys/stat.h>.
If the calling process does not have appropriate privileges, and if the
group ID of the file does not match the effective group ID or one of
the supplementary group IDs and if the file is a regular file, bit
S_ISGID (set-group-ID on execution) in the file’s mode shall be cleared
upon successful return from chmod().
Additional implementation-defined restrictions may cause the S_ISUID
and S_ISGID bits in mode to be ignored.
The effect on file descriptors for files open at the time of a call to
chmod() is implementation-defined.
Upon successful completion, chmod() shall mark for update the st_ctime
field of the file.
RETURN VALUE
Upon successful completion, 0 shall be returned; otherwise, -1 shall be
returned and errno set to indicate the error. If -1 is returned, no
change to the file mode occurs.
ERRORS
The chmod() function shall fail if:
EACCES Search permission is denied on a component of the path prefix.
ELOOP A loop exists in symbolic links encountered during resolution of
the path argument.
ENAMETOOLONG
The length of the path argument exceeds {PATH_MAX} or a pathname
component is longer than {NAME_MAX}.
ENOTDIR
A component of the path prefix is not a directory.
ENOENT A component of path does not name an existing file or path is an
empty string.
EPERM The effective user ID does not match the owner of the file and
the process does not have appropriate privileges.
EROFS The named file resides on a read-only file system.
The chmod() function may fail if:
EINTR A signal was caught during execution of the function.
EINVAL The value of the mode argument is invalid.
ELOOP More than {SYMLOOP_MAX} symbolic links were encountered during
resolution of the path argument.
ENAMETOOLONG
As a result of encountering a symbolic link in resolution of the
path argument, the length of the substituted pathname strings
exceeded {PATH_MAX}.
The following sections are informative.
EXAMPLES
Setting Read Permissions for User, Group, and Others
The following example sets read permissions for the owner, group, and
others.
#include <sys/stat.h>
const char *path;
...
chmod(path, S_IRUSR|S_IRGRP|S_IROTH);
Setting Read, Write, and Execute Permissions for the Owner Only
The following example sets read, write, and execute permissions for the
owner, and no permissions for group and others.
#include <sys/stat.h>
const char *path;
...
chmod(path, S_IRWXU);
Setting Different Permissions for Owner, Group, and Other
The following example sets owner permissions for CHANGEFILE to read,
write, and execute, group permissions to read and execute, and other
permissions to read.
#include <sys/stat.h>
#define CHANGEFILE "/etc/myfile"
...
chmod(CHANGEFILE, S_IRWXU|S_IRGRP|S_IXGRP|S_IROTH);
Setting and Checking File Permissions
The following example sets the file permission bits for a file named
/home/cnd/mod1, then calls the stat() function to verify the
permissions.
#include <sys/types.h>
#include <sys/stat.h>
int status;
struct stat buffer
...
chmod("home/cnd/mod1", S_IRWXU|S_IRWXG|S_IROTH|S_IWOTH);
status = stat("home/cnd/mod1", &buffer;);
APPLICATION USAGE
In order to ensure that the S_ISUID and S_ISGID bits are set, an
application requiring this should use stat() after a successful chmod()
to verify this.
Any file descriptors currently open by any process on the file could
possibly become invalid if the mode of the file is changed to a value
which would deny access to that process. One situation where this could
occur is on a stateless file system. This behavior will not occur in a
conforming environment.
RATIONALE
This volume of IEEE Std 1003.1-2001 specifies that the S_ISGID bit is
cleared by chmod() on a regular file under certain conditions. This is
specified on the assumption that regular files may be executed, and the
system should prevent users from making executable setgid() files
perform with privileges that the caller does not have. On
implementations that support execution of other file types, the S_ISGID
bit should be cleared for those file types under the same
circumstances.
Implementations that use the S_ISUID bit to indicate some other
function (for example, mandatory record locking) on non-executable
files need not clear this bit on writing. They should clear the bit for
executable files and any other cases where the bit grants special
powers to processes that change the file contents. Similar comments
apply to the S_ISGID bit.
FUTURE DIRECTIONS
None.
SEE ALSO
chown() , mkdir() , mkfifo() , open() , stat() , statvfs() , the Base
Definitions volume of IEEE Std 1003.1-2001, <sys/stat.h>, <sys/types.h>
COPYRIGHT
Portions of this text are reprinted and reproduced in electronic form
from IEEE Std 1003.1, 2003 Edition, Standard for Information Technology
-- Portable Operating System Interface (POSIX), The Open Group Base
Specifications Issue 6, Copyright (C) 2001-2003 by the Institute of
Electrical and Electronics Engineers, Inc and The Open Group. In the
event of any discrepancy between this version and the original IEEE and
The Open Group Standard, the original IEEE and The Open Group Standard
is the referee document. The original Standard can be obtained online
at http://www.opengroup.org/unix/online.html .