224 lines
7.1 KiB
Groff
224 lines
7.1 KiB
Groff
.\" Copyright (c) 1980, 1991, 1993
|
|
.\" The Regents of the University of California. All rights reserved.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\" 3. All advertising materials mentioning features or use of this software
|
|
.\" must display the following acknowledgement:
|
|
.\" This product includes software developed by the University of
|
|
.\" California, Berkeley and its contributors.
|
|
.\" 4. Neither the name of the University nor the names of its contributors
|
|
.\" may be used to endorse or promote products derived from this software
|
|
.\" without specific prior written permission.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
.\" SUCH DAMAGE.
|
|
.\"
|
|
.\" @(#)chmod.2 8.1 (Berkeley) 6/4/93
|
|
.\" $Id: chmod.2,v 1.13 1999/07/30 10:08:21 mpp Exp $
|
|
.\"
|
|
.Dd June 4, 1993
|
|
.Dt CHMOD 2
|
|
.Os BSD 4
|
|
.Sh NAME
|
|
.Nm chmod ,
|
|
.Nm fchmod ,
|
|
.Nm lchmod
|
|
.Nd change mode of file
|
|
.Sh SYNOPSIS
|
|
.Fd #include <sys/stat.h>
|
|
.Ft int
|
|
.Fn chmod "const char *path" "mode_t mode"
|
|
.Ft int
|
|
.Fn fchmod "int fd" "mode_t mode"
|
|
.Ft int
|
|
.Fn lchmod "const char *path" "mode_t mode"
|
|
.Sh DESCRIPTION
|
|
The file permission bits of the file named specified by
|
|
.Fa path
|
|
or referenced by the file descriptor
|
|
.Fa fd
|
|
are changed to
|
|
.Fa mode .
|
|
The
|
|
.Fn chmod
|
|
function verifies that the process owner (user) either owns
|
|
the file specified by
|
|
.Fa path
|
|
(or
|
|
.Fa fd ) ,
|
|
or
|
|
is the super-user.
|
|
The
|
|
.Fn chmod
|
|
function follows symbolic links to operate on the target of the link
|
|
rather than the link itself.
|
|
.Pp
|
|
The
|
|
.Fa lchmod
|
|
function is similar to
|
|
.Fn chmod
|
|
but does not follow symbolic links.
|
|
.Pp
|
|
A mode is created from
|
|
.Em or'd
|
|
permission bit masks
|
|
defined in
|
|
.Aq Pa sys/stat.h :
|
|
.Pp
|
|
.Bd -literal -offset indent -compact
|
|
#define S_IRWXU 0000700 /* RWX mask for owner */
|
|
#define S_IRUSR 0000400 /* R for owner */
|
|
#define S_IWUSR 0000200 /* W for owner */
|
|
#define S_IXUSR 0000100 /* X for owner */
|
|
|
|
#define S_IRWXG 0000070 /* RWX mask for group */
|
|
#define S_IRGRP 0000040 /* R for group */
|
|
#define S_IWGRP 0000020 /* W for group */
|
|
#define S_IXGRP 0000010 /* X for group */
|
|
|
|
#define S_IRWXO 0000007 /* RWX mask for other */
|
|
#define S_IROTH 0000004 /* R for other */
|
|
#define S_IWOTH 0000002 /* W for other */
|
|
#define S_IXOTH 0000001 /* X for other */
|
|
|
|
#define S_ISUID 0004000 /* set user id on execution */
|
|
#define S_ISGID 0002000 /* set group id on execution */
|
|
#define S_ISVTX 0001000 /* sticky bit */
|
|
#ifndef _POSIX_SOURCE
|
|
#define S_ISTXT 0001000
|
|
#endif
|
|
.Ed
|
|
.Pp
|
|
The
|
|
.Tn FreeBSD
|
|
VM system totally ignores the sticky bit
|
|
.Pf ( Dv ISVTX
|
|
) for executables. On UFS-based filesystems (FFS, MFS, LFS) the sticky
|
|
bit may only be set upon directories.
|
|
.Pp
|
|
If mode
|
|
.Dv ISVTX
|
|
(the `sticky bit') is set on a directory,
|
|
an unprivileged user may not delete or rename
|
|
files of other users in that directory. The sticky bit may be
|
|
set by any user on a directory which the user owns or has appropriate
|
|
permissions.
|
|
For more details of the properties of the sticky bit, see
|
|
.Xr sticky 8 .
|
|
.Pp
|
|
If mode ISUID (set UID) is set on a directory,
|
|
and the MNT_SUIDDIR option was used in the mount of the filesystem,
|
|
then the owner of any new files and sub-directories
|
|
created within this directory are set
|
|
to be the same as the owner of that directory.
|
|
If this function is enabled, new directories will inherit
|
|
the bit from their parents. Execute bits are removed from
|
|
the file, and it will not be given to root. This behavior does not change the
|
|
requirements for the user to be allowed to write the file, but only the eventual
|
|
owner after it has been created. Group inheritance is not effected.
|
|
.Pp
|
|
This feature is designed for use on fileservers serving PC users via
|
|
ftp, SAMBA, or netatalk. It provides security holes for shell users and as
|
|
such should not be used on shell machines, especially on home directories.
|
|
This option requires the SUIDDIR
|
|
option in the kernel to work. Only UFS filesystems support this option.
|
|
For more details of the suiddir mount option, see
|
|
.Xr mount 8 .
|
|
.Pp
|
|
Writing or changing the owner of a file
|
|
turns off the set-user-id and set-group-id bits
|
|
unless the user is the super-user.
|
|
This makes the system somewhat more secure
|
|
by protecting set-user-id (set-group-id) files
|
|
from remaining set-user-id (set-group-id) if they are modified,
|
|
at the expense of a degree of compatibility.
|
|
.Sh RETURN VALUES
|
|
Upon successful completion, a value of 0 is returned.
|
|
Otherwise, a value of -1 is returned and
|
|
.Va errno
|
|
is set to indicate the error.
|
|
.Sh ERRORS
|
|
.Fn Chmod
|
|
will fail and the file mode will be unchanged if:
|
|
.Bl -tag -width Er
|
|
.It Bq Er ENOTDIR
|
|
A component of the path prefix is not a directory.
|
|
.It Bq Er ENAMETOOLONG
|
|
A component of a pathname exceeded 255 characters,
|
|
or an entire path name exceeded 1023 characters.
|
|
.It Bq Er ENOENT
|
|
The named file does not exist.
|
|
.It Bq Er EACCES
|
|
Search permission is denied for a component of the path prefix.
|
|
.It Bq Er ELOOP
|
|
Too many symbolic links were encountered in translating the pathname.
|
|
.It Bq Er EPERM
|
|
The effective user ID does not match the owner of the file and
|
|
the effective user ID is not the super-user.
|
|
.It Bq Er EROFS
|
|
The named file resides on a read-only file system.
|
|
.It Bq Er EFAULT
|
|
.Fa Path
|
|
points outside the process's allocated address space.
|
|
.It Bq Er EIO
|
|
An I/O error occurred while reading from or writing to the file system.
|
|
.It Bq Er EFTYPE
|
|
An attempt was made to set the sticky bit upon an executable.
|
|
.El
|
|
.Pp
|
|
.Fn Fchmod
|
|
will fail if:
|
|
.Bl -tag -width Er
|
|
.It Bq Er EBADF
|
|
The descriptor is not valid.
|
|
.It Bq Er EINVAL
|
|
.Fa Fd
|
|
refers to a socket, not to a file.
|
|
.It Bq Er EROFS
|
|
The file resides on a read-only file system.
|
|
.It Bq Er EIO
|
|
An I/O error occurred while reading from or writing to the file system.
|
|
.El
|
|
.Sh SEE ALSO
|
|
.Xr chmod 1 ,
|
|
.Xr chown 2 ,
|
|
.Xr open 2 ,
|
|
.Xr stat 2 ,
|
|
.Xr sticky 8
|
|
.Sh STANDARDS
|
|
The
|
|
.Fn chmod
|
|
function call is expected to conform to
|
|
.St -p1003.1-90 ,
|
|
except for the return of EFTYPE and the use of S_ISTXT.
|
|
.Sh HISTORY
|
|
A
|
|
.Fn chmod
|
|
function call appeared in
|
|
.At v7 .
|
|
The
|
|
.Fn fchmod
|
|
function call
|
|
appeared in
|
|
.Bx 4.2 .
|
|
The
|
|
.Fn lchmod
|
|
function call appeared in
|
|
.Fx 3.0 .
|