1CHOWN(2) Linux Programmer's Manual CHOWN(2)
2
3
4
6 chown, fchown, lchown, fchownat - change ownership of a file
7
9 #include <unistd.h>
10
11 int chown(const char *pathname, uid_t owner, gid_t group);
12 int fchown(int fd, uid_t owner, gid_t group);
13 int lchown(const char *pathname, uid_t owner, gid_t group);
14
15 #include <fcntl.h> /* Definition of AT_* constants */
16 #include <unistd.h>
17
18 int fchownat(int dirfd, const char *pathname,
19 uid_t owner, gid_t group, int flags);
20
21 Feature Test Macro Requirements for glibc (see feature_test_macros(7)):
22
23 fchown(), lchown():
24 /* Since glibc 2.12: */ _POSIX_C_SOURCE >= 200809L
25 || _XOPEN_SOURCE >= 500
26 || /* Glibc versions <= 2.19: */ _BSD_SOURCE
27 fchownat():
28 Since glibc 2.10:
29 _POSIX_C_SOURCE >= 200809L
30 Before glibc 2.10:
31 _ATFILE_SOURCE
32
34 These system calls change the owner and group of a file. The chown(),
35 fchown(), and lchown() system calls differ only in how the file is
36 specified:
37
38 * chown() changes the ownership of the file specified by pathname,
39 which is dereferenced if it is a symbolic link.
40
41 * fchown() changes the ownership of the file referred to by the open
42 file descriptor fd.
43
44 * lchown() is like chown(), but does not dereference symbolic links.
45
46 Only a privileged process (Linux: one with the CAP_CHOWN capability)
47 may change the owner of a file. The owner of a file may change the
48 group of the file to any group of which that owner is a member. A
49 privileged process (Linux: with CAP_CHOWN) may change the group arbi‐
50 trarily.
51
52 If the owner or group is specified as -1, then that ID is not changed.
53
54 When the owner or group of an executable file is changed by an unprivi‐
55 leged user, the S_ISUID and S_ISGID mode bits are cleared. POSIX does
56 not specify whether this also should happen when root does the chown();
57 the Linux behavior depends on the kernel version, and since Linux
58 2.2.13, root is treated like other users. In case of a non-group-exe‐
59 cutable file (i.e., one for which the S_IXGRP bit is not set) the S_IS‐
60 GID bit indicates mandatory locking, and is not cleared by a chown().
61
62 When the owner or group of an executable file is changed (by any user),
63 all capability sets for the file are cleared.
64
65 fchownat()
66 The fchownat() system call operates in exactly the same way as chown(),
67 except for the differences described here.
68
69 If the pathname given in pathname is relative, then it is interpreted
70 relative to the directory referred to by the file descriptor dirfd
71 (rather than relative to the current working directory of the calling
72 process, as is done by chown() for a relative pathname).
73
74 If pathname is relative and dirfd is the special value AT_FDCWD, then
75 pathname is interpreted relative to the current working directory of
76 the calling process (like chown()).
77
78 If pathname is absolute, then dirfd is ignored.
79
80 The flags argument is a bit mask created by ORing together 0 or more of
81 the following values;
82
83 AT_EMPTY_PATH (since Linux 2.6.39)
84 If pathname is an empty string, operate on the file referred to
85 by dirfd (which may have been obtained using the open(2) O_PATH
86 flag). In this case, dirfd can refer to any type of file, not
87 just a directory. If dirfd is AT_FDCWD, the call operates on
88 the current working directory. This flag is Linux-specific; de‐
89 fine _GNU_SOURCE to obtain its definition.
90
91 AT_SYMLINK_NOFOLLOW
92 If pathname is a symbolic link, do not dereference it: instead
93 operate on the link itself, like lchown(). (By default, fchow‐
94 nat() dereferences symbolic links, like chown().)
95
96 See openat(2) for an explanation of the need for fchownat().
97
99 On success, zero is returned. On error, -1 is returned, and errno is
100 set appropriately.
101
103 Depending on the filesystem, errors other than those listed below can
104 be returned.
105
106 The more general errors for chown() are listed below.
107
108 EACCES Search permission is denied on a component of the path prefix.
109 (See also path_resolution(7).)
110
111 EFAULT pathname points outside your accessible address space.
112
113 ELOOP Too many symbolic links were encountered in resolving pathname.
114
115 ENAMETOOLONG
116 pathname is too long.
117
118 ENOENT The file does not exist.
119
120 ENOMEM Insufficient kernel memory was available.
121
122 ENOTDIR
123 A component of the path prefix is not a directory.
124
125 EPERM The calling process did not have the required permissions (see
126 above) to change owner and/or group.
127
128 EPERM The file is marked immutable or append-only. (See
129 ioctl_iflags(2).)
130
131 EROFS The named file resides on a read-only filesystem.
132
133 The general errors for fchown() are listed below:
134
135 EBADF fd is not a valid open file descriptor.
136
137 EIO A low-level I/O error occurred while modifying the inode.
138
139 ENOENT See above.
140
141 EPERM See above.
142
143 EROFS See above.
144
145 The same errors that occur for chown() can also occur for fchownat().
146 The following additional errors can occur for fchownat():
147
148 EBADF dirfd is not a valid file descriptor.
149
150 EINVAL Invalid flag specified in flags.
151
152 ENOTDIR
153 pathname is relative and dirfd is a file descriptor referring to
154 a file other than a directory.
155
157 fchownat() was added to Linux in kernel 2.6.16; library support was
158 added to glibc in version 2.4.
159
161 chown(), fchown(), lchown(): 4.4BSD, SVr4, POSIX.1-2001, POSIX.1-2008.
162
163 The 4.4BSD version can be used only by the superuser (that is, ordinary
164 users cannot give away files).
165
166 fchownat(): POSIX.1-2008.
167
169 Ownership of new files
170 When a new file is created (by, for example, open(2) or mkdir(2)), its
171 owner is made the same as the filesystem user ID of the creating
172 process. The group of the file depends on a range of factors, includ‐
173 ing the type of filesystem, the options used to mount the filesystem,
174 and whether or not the set-group-ID mode bit is enabled on the parent
175 directory. If the filesystem supports the -o grpid (or, synonymously
176 -o bsdgroups) and -o nogrpid (or, synonymously -o sysvgroups) mount(8)
177 options, then the rules are as follows:
178
179 * If the filesystem is mounted with -o grpid, then the group of a new
180 file is made the same as that of the parent directory.
181
182 * If the filesystem is mounted with -o nogrpid and the set-group-ID bit
183 is disabled on the parent directory, then the group of a new file is
184 made the same as the process's filesystem GID.
185
186 * If the filesystem is mounted with -o nogrpid and the set-group-ID bit
187 is enabled on the parent directory, then the group of a new file is
188 made the same as that of the parent directory.
189
190 As at Linux 4.12, the -o grpid and -o nogrpid mount options are sup‐
191 ported by ext2, ext3, ext4, and XFS. Filesystems that don't support
192 these mount options follow the -o nogrpid rules.
193
194 Glibc notes
195 On older kernels where fchownat() is unavailable, the glibc wrapper
196 function falls back to the use of chown() and lchown(). When pathname
197 is a relative pathname, glibc constructs a pathname based on the sym‐
198 bolic link in /proc/self/fd that corresponds to the dirfd argument.
199
200 NFS
201 The chown() semantics are deliberately violated on NFS filesystems
202 which have UID mapping enabled. Additionally, the semantics of all
203 system calls which access the file contents are violated, because
204 chown() may cause immediate access revocation on already open files.
205 Client side caching may lead to a delay between the time where owner‐
206 ship have been changed to allow access for a user and the time where
207 the file can actually be accessed by the user on other clients.
208
209 Historical details
210 The original Linux chown(), fchown(), and lchown() system calls sup‐
211 ported only 16-bit user and group IDs. Subsequently, Linux 2.4 added
212 chown32(), fchown32(), and lchown32(), supporting 32-bit IDs. The
213 glibc chown(), fchown(), and lchown() wrapper functions transparently
214 deal with the variations across kernel versions.
215
216 In versions of Linux prior to 2.1.81 (and distinct from 2.1.46),
217 chown() did not follow symbolic links. Since Linux 2.1.81, chown()
218 does follow symbolic links, and there is a new system call lchown()
219 that does not follow symbolic links. Since Linux 2.1.86, this new call
220 (that has the same semantics as the old chown()) has got the same
221 syscall number, and chown() got the newly introduced number.
222
224 The following program changes the ownership of the file named in its
225 second command-line argument to the value specified in its first com‐
226 mand-line argument. The new owner can be specified either as a numeric
227 user ID, or as a username (which is converted to a user ID by using
228 getpwnam(3) to perform a lookup in the system password file).
229
230 Program source
231 #include <pwd.h>
232 #include <stdio.h>
233 #include <stdlib.h>
234 #include <unistd.h>
235
236 int
237 main(int argc, char *argv[])
238 {
239 uid_t uid;
240 struct passwd *pwd;
241 char *endptr;
242
243 if (argc != 3 || argv[1][0] == '\0') {
244 fprintf(stderr, "%s <owner> <file>\n", argv[0]);
245 exit(EXIT_FAILURE);
246 }
247
248 uid = strtol(argv[1], &endptr, 10); /* Allow a numeric string */
249
250 if (*endptr != '\0') { /* Was not pure numeric string */
251 pwd = getpwnam(argv[1]); /* Try getting UID for username */
252 if (pwd == NULL) {
253 perror("getpwnam");
254 exit(EXIT_FAILURE);
255 }
256
257 uid = pwd->pw_uid;
258 }
259
260 if (chown(argv[2], uid, -1) == -1) {
261 perror("chown");
262 exit(EXIT_FAILURE);
263 }
264
265 exit(EXIT_SUCCESS);
266 }
267
269 chgrp(1), chown(1), chmod(2), flock(2), path_resolution(7), symlink(7)
270
272 This page is part of release 5.10 of the Linux man-pages project. A
273 description of the project, information about reporting bugs, and the
274 latest version of this page, can be found at
275 https://www.kernel.org/doc/man-pages/.
276
277
278
279Linux 2020-06-09 CHOWN(2)