1chown(2)                      System Calls Manual                     chown(2)
2
3
4

NAME

6       chown, fchown, lchown, fchownat - change ownership of a file
7

LIBRARY

9       Standard C library (libc, -lc)
10

SYNOPSIS

12       #include <unistd.h>
13
14       int chown(const char *pathname, uid_t owner, gid_t group);
15       int fchown(int fd, uid_t owner, gid_t group);
16       int lchown(const char *pathname, uid_t owner, gid_t group);
17
18       #include <fcntl.h>           /* Definition of AT_* constants */
19       #include <unistd.h>
20
21       int fchownat(int dirfd, const char *pathname,
22                    uid_t owner, gid_t group, int flags);
23
24   Feature Test Macro Requirements for glibc (see feature_test_macros(7)):
25
26       fchown(), lchown():
27           /* Since glibc 2.12: */ _POSIX_C_SOURCE >= 200809L
28               || _XOPEN_SOURCE >= 500
29               || /* glibc <= 2.19: */ _BSD_SOURCE
30
31       fchownat():
32           Since glibc 2.10:
33               _POSIX_C_SOURCE >= 200809L
34           Before glibc 2.10:
35               _ATFILE_SOURCE
36

DESCRIPTION

38       These  system calls change the owner and group of a file.  The chown(),
39       fchown(), and lchown() system calls differ only  in  how  the  file  is
40       specified:
41
42chown()  changes  the  ownership  of the file specified by pathname,
43          which is dereferenced if it is a symbolic link.
44
45fchown() changes the ownership of the file referred to by  the  open
46          file descriptor fd.
47
48lchown() is like chown(), but does not dereference symbolic links.
49
50       Only  a  privileged  process (Linux: one with the CAP_CHOWN capability)
51       may change the owner of a file.  The owner of a  file  may  change  the
52       group  of  the  file  to  any group of which that owner is a member.  A
53       privileged process (Linux: with CAP_CHOWN) may change the  group  arbi‐
54       trarily.
55
56       If the owner or group is specified as -1, then that ID is not changed.
57
58       When the owner or group of an executable file is changed by an unprivi‐
59       leged user, the S_ISUID and S_ISGID mode bits are cleared.  POSIX  does
60       not specify whether this also should happen when root does the chown();
61       the Linux behavior depends on  the  kernel  version,  and  since  Linux
62       2.2.13,  root is treated like other users.  In case of a non-group-exe‐
63       cutable file (i.e., one for which the S_IXGRP bit is not set) the S_IS‐
64       GID bit indicates mandatory locking, and is not cleared by a chown().
65
66       When the owner or group of an executable file is changed (by any user),
67       all capability sets for the file are cleared.
68
69   fchownat()
70       The fchownat() system call operates in exactly the same way as chown(),
71       except for the differences described here.
72
73       If  the  pathname given in pathname is relative, then it is interpreted
74       relative to the directory referred to  by  the  file  descriptor  dirfd
75       (rather  than  relative to the current working directory of the calling
76       process, as is done by chown() for a relative pathname).
77
78       If pathname is relative and dirfd is the special value  AT_FDCWD,  then
79       pathname  is  interpreted  relative to the current working directory of
80       the calling process (like chown()).
81
82       If pathname is absolute, then dirfd is ignored.
83
84       The flags argument is a bit mask created by ORing together 0 or more of
85       the following values;
86
87       AT_EMPTY_PATH (since Linux 2.6.39)
88              If  pathname is an empty string, operate on the file referred to
89              by dirfd (which may have been obtained using the open(2)  O_PATH
90              flag).   In  this case, dirfd can refer to any type of file, not
91              just a directory.  If dirfd is AT_FDCWD, the  call  operates  on
92              the current working directory.  This flag is Linux-specific; de‐
93              fine _GNU_SOURCE to obtain its definition.
94
95       AT_SYMLINK_NOFOLLOW
96              If pathname is a symbolic link, do not dereference  it:  instead
97              operate  on the link itself, like lchown().  (By default, fchow‐
98              nat() dereferences symbolic links, like chown().)
99
100       See openat(2) for an explanation of the need for fchownat().
101

RETURN VALUE

103       On success, zero is returned.  On error, -1 is returned, and  errno  is
104       set to indicate the error.
105

ERRORS

107       Depending  on  the filesystem, errors other than those listed below can
108       be returned.
109
110       The more general errors for chown() are listed below.
111
112       EACCES Search permission is denied on a component of the  path  prefix.
113              (See also path_resolution(7).)
114
115       EBADF  (fchown()) fd is not a valid open file descriptor.
116
117       EBADF  (fchownat())  pathname is relative but dirfd is neither AT_FDCWD
118              nor a valid file descriptor.
119
120       EFAULT pathname points outside your accessible address space.
121
122       EINVAL (fchownat()) Invalid flag specified in flags.
123
124       EIO    (fchown()) A low-level I/O error occurred  while  modifying  the
125              inode.
126
127       ELOOP  Too many symbolic links were encountered in resolving pathname.
128
129       ENAMETOOLONG
130              pathname is too long.
131
132       ENOENT The file does not exist.
133
134       ENOMEM Insufficient kernel memory was available.
135
136       ENOTDIR
137              A component of the path prefix is not a directory.
138
139       ENOTDIR
140              (fchownat()) pathname is relative and dirfd is a file descriptor
141              referring to a file other than a directory.
142
143       EPERM  The calling process did not have the required  permissions  (see
144              above) to change owner and/or group.
145
146       EPERM  The   file   is   marked   immutable   or   append-only.    (See
147              ioctl_iflags(2).)
148
149       EROFS  The named file resides on a read-only filesystem.
150

VERSIONS

152       The 4.4BSD version can be used only by the superuser (that is, ordinary
153       users cannot give away files).
154

STANDARDS

156       POSIX.1-2008.
157

HISTORY

159       chown()
160       fchown()
161       lchown()
162              4.4BSD, SVr4, POSIX.1-2001.
163
164       fchownat()
165              POSIX.1-2008.  Linux 2.6.16, glibc 2.4.
166

NOTES

168   Ownership of new files
169       When  a new file is created (by, for example, open(2) or mkdir(2)), its
170       owner is made the same as  the  filesystem  user  ID  of  the  creating
171       process.   The group of the file depends on a range of factors, includ‐
172       ing the type of filesystem, the options used to mount  the  filesystem,
173       and  whether  or not the set-group-ID mode bit is enabled on the parent
174       directory.  If the filesystem supports the -o grpid  (or,  synonymously
175       -o bsdgroups)  and -o nogrpid (or, synonymously -o sysvgroups) mount(8)
176       options, then the rules are as follows:
177
178       •  If the filesystem is mounted with -o grpid, then the group of a  new
179          file is made the same as that of the parent directory.
180
181       •  If  the  filesystem  is mounted with -o nogrpid and the set-group-ID
182          bit is disabled on the parent directory, then the  group  of  a  new
183          file is made the same as the process's filesystem GID.
184
185       •  If  the  filesystem  is mounted with -o nogrpid and the set-group-ID
186          bit is enabled on the parent directory, then the group of a new file
187          is made the same as that of the parent directory.
188
189       As  at  Linux  4.12, the -o grpid and -o nogrpid mount options are sup‐
190       ported by ext2, ext3, ext4, and XFS.  Filesystems  that  don't  support
191       these mount options follow the -o nogrpid rules.
192
193   glibc notes
194       On  older  kernels  where  fchownat() is unavailable, the glibc wrapper
195       function falls back to the use of chown() and lchown().  When  pathname
196       is  a  relative pathname, glibc constructs a pathname based on the sym‐
197       bolic link in /proc/self/fd that corresponds to the dirfd argument.
198
199   NFS
200       The chown() semantics are  deliberately  violated  on  NFS  filesystems
201       which  have  UID  mapping  enabled.  Additionally, the semantics of all
202       system calls which access  the  file  contents  are  violated,  because
203       chown()  may  cause  immediate access revocation on already open files.
204       Client side caching may lead to a delay between the time  where  owner‐
205       ship  have  been  changed to allow access for a user and the time where
206       the file can actually be accessed by the user on other clients.
207
208   Historical details
209       The original Linux chown(), fchown(), and lchown()  system  calls  sup‐
210       ported  only  16-bit user and group IDs.  Subsequently, Linux 2.4 added
211       chown32(), fchown32(), and  lchown32(),  supporting  32-bit  IDs.   The
212       glibc  chown(),  fchown(), and lchown() wrapper functions transparently
213       deal with the variations across kernel versions.
214
215       Before Linux 2.1.81 (except 2.1.46), chown() did  not  follow  symbolic
216       links.   Since  Linux  2.1.81,  chown() does follow symbolic links, and
217       there is a new system call  lchown()  that  does  not  follow  symbolic
218       links.   Since Linux 2.1.86, this new call (that has the same semantics
219       as the old chown()) has got the same syscall number,  and  chown()  got
220       the newly introduced number.
221

EXAMPLES

223       The  following  program  changes the ownership of the file named in its
224       second command-line argument to the value specified in its  first  com‐
225       mand-line argument.  The new owner can be specified either as a numeric
226       user ID, or as a username (which is converted to a  user  ID  by  using
227       getpwnam(3) to perform a lookup in the system password file).
228
229   Program source
230       #include <pwd.h>
231       #include <stdio.h>
232       #include <stdlib.h>
233       #include <unistd.h>
234
235       int
236       main(int argc, char *argv[])
237       {
238           char           *endptr;
239           uid_t          uid;
240           struct passwd  *pwd;
241
242           if (argc != 3 || argv[1][0] == '\0') {
243               fprintf(stderr, "%s <owner> <file>\n", argv[0]);
244               exit(EXIT_FAILURE);
245           }
246
247           uid = strtol(argv[1], &endptr, 10);  /* Allow a numeric string */
248
249           if (*endptr != '\0') {         /* Was not pure numeric string */
250               pwd = getpwnam(argv[1]);   /* Try getting UID for username */
251               if (pwd == NULL) {
252                   perror("getpwnam");
253                   exit(EXIT_FAILURE);
254               }
255
256               uid = pwd->pw_uid;
257           }
258
259           if (chown(argv[2], uid, -1) == -1) {
260               perror("chown");
261               exit(EXIT_FAILURE);
262           }
263
264           exit(EXIT_SUCCESS);
265       }
266

SEE ALSO

268       chgrp(1), chown(1), chmod(2), flock(2), path_resolution(7), symlink(7)
269
270
271
272Linux man-pages 6.05              2023-05-03                          chown(2)
Impressum