1 .\" Copyright (c) 1980, 1991, 1993
2 .\" The Regents of the University of California. All rights reserved.
4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
12 .\" 3. All advertising materials mentioning features or use of this software
13 .\" must display the following acknowledgement:
14 .\" This product includes software developed by the University of
15 .\" California, Berkeley and its contributors.
16 .\" 4. Neither the name of the University nor the names of its contributors
17 .\" may be used to endorse or promote products derived from this software
18 .\" without specific prior written permission.
20 .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 .\" @(#)chmod.2 8.1 (Berkeley) 6/4/93
42 .Nd change mode of file
48 .Fn chmod "const char *path" "mode_t mode"
50 .Fn fchmod "int fd" "mode_t mode"
52 .Fn lchmod "const char *path" "mode_t mode"
54 The file permission bits of the file named specified by
56 or referenced by the file descriptor
62 system call verifies that the process owner (user) either owns
71 system call follows symbolic links to operate on the target of the link
72 rather than the link itself.
76 system call is similar to
78 but does not follow symbolic links.
80 A mode is created from
86 .Bd -literal -offset indent -compact
87 #define S_IRWXU 0000700 /* RWX mask for owner */
88 #define S_IRUSR 0000400 /* R for owner */
89 #define S_IWUSR 0000200 /* W for owner */
90 #define S_IXUSR 0000100 /* X for owner */
92 #define S_IRWXG 0000070 /* RWX mask for group */
93 #define S_IRGRP 0000040 /* R for group */
94 #define S_IWGRP 0000020 /* W for group */
95 #define S_IXGRP 0000010 /* X for group */
97 #define S_IRWXO 0000007 /* RWX mask for other */
98 #define S_IROTH 0000004 /* R for other */
99 #define S_IWOTH 0000002 /* W for other */
100 #define S_IXOTH 0000001 /* X for other */
102 #define S_ISUID 0004000 /* set user id on execution */
103 #define S_ISGID 0002000 /* set group id on execution */
104 #ifndef __BSD_VISIBLE
105 #define S_ISTXT 0001000 /* sticky bit */
111 VM system totally ignores the sticky bit
114 On UFS-based file systems (FFS, LFS) the sticky
115 bit may only be set upon directories.
119 (the `sticky bit') is set on a directory,
120 an unprivileged user may not delete or rename
121 files of other users in that directory.
122 The sticky bit may be
123 set by any user on a directory which the user owns or has appropriate
125 For more details of the properties of the sticky bit, see
128 If mode ISUID (set UID) is set on a directory,
129 and the MNT_SUIDDIR option was used in the mount of the file system,
130 then the owner of any new files and sub-directories
131 created within this directory are set
132 to be the same as the owner of that directory.
133 If this function is enabled, new directories will inherit
134 the bit from their parents.
135 Execute bits are removed from
136 the file, and it will not be given to root.
137 This behavior does not change the
138 requirements for the user to be allowed to write the file, but only the eventual
139 owner after it has been created.
140 Group inheritance is not affected.
142 This feature is designed for use on fileservers serving PC users via
143 ftp, SAMBA, or netatalk.
144 It provides security holes for shell users and as
145 such should not be used on shell machines, especially on home directories.
146 This option requires the SUIDDIR
147 option in the kernel to work.
148 Only UFS file systems support this option.
149 For more details of the suiddir mount option, see
152 Writing or changing the owner of a file
153 turns off the set-user-id and set-group-id bits
154 unless the user is the super-user.
155 This makes the system somewhat more secure
156 by protecting set-user-id (set-group-id) files
157 from remaining set-user-id (set-group-id) if they are modified,
158 at the expense of a degree of compatibility.
165 will fail and the file mode will be unchanged if:
168 A component of the path prefix is not a directory.
169 .It Bq Er ENAMETOOLONG
170 A component of a pathname exceeded 255 characters,
171 or an entire path name exceeded 1023 characters.
173 The named file does not exist.
175 Search permission is denied for a component of the path prefix.
177 Too many symbolic links were encountered in translating the pathname.
179 The effective user ID does not match the owner of the file and
180 the effective user ID is not the super-user.
182 The named file resides on a read-only file system.
187 points outside the process's allocated address space.
189 An I/O error occurred while reading from or writing to the file system.
191 An attempt was made to set the sticky bit upon an executable.
196 system call will fail if:
199 The descriptor is not valid.
204 refers to a socket, not to a file.
206 The file resides on a read-only file system.
208 An I/O error occurred while reading from or writing to the file system.
219 system call is expected to conform to
221 except for the return of
232 system call appeared in
236 system call appeared in