1chown(2) System Calls Manual chown(2)
2
3
4
6 chown, fchown, lchown, fchownat - change ownership of a file
7
9 Standard C library (libc, -lc)
10
12 #include <unistd.h>
13
14 int chown(const char *pathname, uid_t owner, gid_t group);
15 int fchown(int fd, uid_t owner, gid_t group);
16 int lchown(const char *pathname, uid_t owner, gid_t group);
17
18 #include <fcntl.h> /* Definition of AT_* constants */
19 #include <unistd.h>
20
21 int fchownat(int dirfd, const char *pathname,
22 uid_t owner, gid_t group, int flags);
23
24 Feature Test Macro Requirements for glibc (see feature_test_macros(7)):
25
26 fchown(), lchown():
27 /* Since glibc 2.12: */ _POSIX_C_SOURCE >= 200809L
28 || _XOPEN_SOURCE >= 500
29 || /* glibc <= 2.19: */ _BSD_SOURCE
30
31 fchownat():
32 Since glibc 2.10:
33 _POSIX_C_SOURCE >= 200809L
34 Before glibc 2.10:
35 _ATFILE_SOURCE
36
38 These system calls change the owner and group of a file. The chown(),
39 fchown(), and lchown() system calls differ only in how the file is
40 specified:
41
42 • chown() changes the ownership of the file specified by pathname,
43 which is dereferenced if it is a symbolic link.
44
45 • fchown() changes the ownership of the file referred to by the open
46 file descriptor fd.
47
48 • lchown() is like chown(), but does not dereference symbolic links.
49
50 Only a privileged process (Linux: one with the CAP_CHOWN capability)
51 may change the owner of a file. The owner of a file may change the
52 group of the file to any group of which that owner is a member. A
53 privileged process (Linux: with CAP_CHOWN) may change the group arbi‐
54 trarily.
55
56 If the owner or group is specified as -1, then that ID is not changed.
57
58 When the owner or group of an executable file is changed by an unprivi‐
59 leged user, the S_ISUID and S_ISGID mode bits are cleared. POSIX does
60 not specify whether this also should happen when root does the chown();
61 the Linux behavior depends on the kernel version, and since Linux
62 2.2.13, root is treated like other users. In case of a non-group-exe‐
63 cutable file (i.e., one for which the S_IXGRP bit is not set) the S_IS‐
64 GID bit indicates mandatory locking, and is not cleared by a chown().
65
66 When the owner or group of an executable file is changed (by any user),
67 all capability sets for the file are cleared.
68
69 fchownat()
70 The fchownat() system call operates in exactly the same way as chown(),
71 except for the differences described here.
72
73 If the pathname given in pathname is relative, then it is interpreted
74 relative to the directory referred to by the file descriptor dirfd
75 (rather than relative to the current working directory of the calling
76 process, as is done by chown() for a relative pathname).
77
78 If pathname is relative and dirfd is the special value AT_FDCWD, then
79 pathname is interpreted relative to the current working directory of
80 the calling process (like chown()).
81
82 If pathname is absolute, then dirfd is ignored.
83
84 The flags argument is a bit mask created by ORing together 0 or more of
85 the following values;
86
87 AT_EMPTY_PATH (since Linux 2.6.39)
88 If pathname is an empty string, operate on the file referred to
89 by dirfd (which may have been obtained using the open(2) O_PATH
90 flag). In this case, dirfd can refer to any type of file, not
91 just a directory. If dirfd is AT_FDCWD, the call operates on
92 the current working directory. This flag is Linux-specific; de‐
93 fine _GNU_SOURCE to obtain its definition.
94
95 AT_SYMLINK_NOFOLLOW
96 If pathname is a symbolic link, do not dereference it: instead
97 operate on the link itself, like lchown(). (By default, fchow‐
98 nat() dereferences symbolic links, like chown().)
99
100 See openat(2) for an explanation of the need for fchownat().
101
103 On success, zero is returned. On error, -1 is returned, and errno is
104 set to indicate the error.
105
107 Depending on the filesystem, errors other than those listed below can
108 be returned.
109
110 The more general errors for chown() are listed below.
111
112 EACCES Search permission is denied on a component of the path prefix.
113 (See also path_resolution(7).)
114
115 EBADF (fchown()) fd is not a valid open file descriptor.
116
117 EBADF (fchownat()) pathname is relative but dirfd is neither AT_FDCWD
118 nor a valid file descriptor.
119
120 EFAULT pathname points outside your accessible address space.
121
122 EINVAL (fchownat()) Invalid flag specified in flags.
123
124 EIO (fchown()) A low-level I/O error occurred while modifying the
125 inode.
126
127 ELOOP Too many symbolic links were encountered in resolving pathname.
128
129 ENAMETOOLONG
130 pathname is too long.
131
132 ENOENT The file does not exist.
133
134 ENOMEM Insufficient kernel memory was available.
135
136 ENOTDIR
137 A component of the path prefix is not a directory.
138
139 ENOTDIR
140 (fchownat()) pathname is relative and dirfd is a file descriptor
141 referring to a file other than a directory.
142
143 EPERM The calling process did not have the required permissions (see
144 above) to change owner and/or group.
145
146 EPERM The file is marked immutable or append-only. (See
147 ioctl_iflags(2).)
148
149 EROFS The named file resides on a read-only filesystem.
150
152 The 4.4BSD version can be used only by the superuser (that is, ordinary
153 users cannot give away files).
154
156 POSIX.1-2008.
157
159 chown()
160 fchown()
161 lchown()
162 4.4BSD, SVr4, POSIX.1-2001.
163
164 fchownat()
165 POSIX.1-2008. Linux 2.6.16, glibc 2.4.
166
168 Ownership of new files
169 When a new file is created (by, for example, open(2) or mkdir(2)), its
170 owner is made the same as the filesystem user ID of the creating
171 process. The group of the file depends on a range of factors, includ‐
172 ing the type of filesystem, the options used to mount the filesystem,
173 and whether or not the set-group-ID mode bit is enabled on the parent
174 directory. If the filesystem supports the -o grpid (or, synonymously
175 -o bsdgroups) and -o nogrpid (or, synonymously -o sysvgroups) mount(8)
176 options, then the rules are as follows:
177
178 • If the filesystem is mounted with -o grpid, then the group of a new
179 file is made the same as that of the parent directory.
180
181 • If the filesystem is mounted with -o nogrpid and the set-group-ID
182 bit is disabled on the parent directory, then the group of a new
183 file is made the same as the process's filesystem GID.
184
185 • If the filesystem is mounted with -o nogrpid and the set-group-ID
186 bit is enabled on the parent directory, then the group of a new file
187 is made the same as that of the parent directory.
188
189 As at Linux 4.12, the -o grpid and -o nogrpid mount options are sup‐
190 ported by ext2, ext3, ext4, and XFS. Filesystems that don't support
191 these mount options follow the -o nogrpid rules.
192
193 glibc notes
194 On older kernels where fchownat() is unavailable, the glibc wrapper
195 function falls back to the use of chown() and lchown(). When pathname
196 is a relative pathname, glibc constructs a pathname based on the sym‐
197 bolic link in /proc/self/fd that corresponds to the dirfd argument.
198
199 NFS
200 The chown() semantics are deliberately violated on NFS filesystems
201 which have UID mapping enabled. Additionally, the semantics of all
202 system calls which access the file contents are violated, because
203 chown() may cause immediate access revocation on already open files.
204 Client side caching may lead to a delay between the time where owner‐
205 ship have been changed to allow access for a user and the time where
206 the file can actually be accessed by the user on other clients.
207
208 Historical details
209 The original Linux chown(), fchown(), and lchown() system calls sup‐
210 ported only 16-bit user and group IDs. Subsequently, Linux 2.4 added
211 chown32(), fchown32(), and lchown32(), supporting 32-bit IDs. The
212 glibc chown(), fchown(), and lchown() wrapper functions transparently
213 deal with the variations across kernel versions.
214
215 Before Linux 2.1.81 (except 2.1.46), chown() did not follow symbolic
216 links. Since Linux 2.1.81, chown() does follow symbolic links, and
217 there is a new system call lchown() that does not follow symbolic
218 links. Since Linux 2.1.86, this new call (that has the same semantics
219 as the old chown()) has got the same syscall number, and chown() got
220 the newly introduced number.
221
223 The following program changes the ownership of the file named in its
224 second command-line argument to the value specified in its first com‐
225 mand-line argument. The new owner can be specified either as a numeric
226 user ID, or as a username (which is converted to a user ID by using
227 getpwnam(3) to perform a lookup in the system password file).
228
229 Program source
230 #include <pwd.h>
231 #include <stdio.h>
232 #include <stdlib.h>
233 #include <unistd.h>
234
235 int
236 main(int argc, char *argv[])
237 {
238 char *endptr;
239 uid_t uid;
240 struct passwd *pwd;
241
242 if (argc != 3 || argv[1][0] == '\0') {
243 fprintf(stderr, "%s <owner> <file>\n", argv[0]);
244 exit(EXIT_FAILURE);
245 }
246
247 uid = strtol(argv[1], &endptr, 10); /* Allow a numeric string */
248
249 if (*endptr != '\0') { /* Was not pure numeric string */
250 pwd = getpwnam(argv[1]); /* Try getting UID for username */
251 if (pwd == NULL) {
252 perror("getpwnam");
253 exit(EXIT_FAILURE);
254 }
255
256 uid = pwd->pw_uid;
257 }
258
259 if (chown(argv[2], uid, -1) == -1) {
260 perror("chown");
261 exit(EXIT_FAILURE);
262 }
263
264 exit(EXIT_SUCCESS);
265 }
266
268 chgrp(1), chown(1), chmod(2), flock(2), path_resolution(7), symlink(7)
269
270
271
272Linux man-pages 6.04 2023-03-30 chown(2)