chown(3p)

1CHOWN(P)                   POSIX Programmer's Manual                  CHOWN(P)
2
3
4

NAME

6       chown - change owner and group of a file
7

SYNOPSIS

9       #include <unistd.h>
10
11       int chown(const char *path, uid_t owner, gid_t group);
12
13

DESCRIPTION

15       The  chown()  function  shall  change the user and group ownership of a
16       file.
17
18       The path argument points to a pathname naming a file. The user  ID  and
19       group ID of the named file shall be set to the numeric values contained
20       in owner and group, respectively.
21
22       Only processes with an effective user ID equal to the user  ID  of  the
23       file or with appropriate privileges may change the ownership of a file.
24       If _POSIX_CHOWN_RESTRICTED is in effect for path:
25
26        * Changing the user ID is restricted  to  processes  with  appropriate
27          privileges.
28
29        * Changing  the  group  ID is permitted to a process with an effective
30          user ID equal to the user ID of the file,  but  without  appropriate
31          privileges, if and only if owner is equal to the file's user ID or (
32          uid_t)-1 and group is equal either to the calling process' effective
33          group ID or to one of its supplementary group IDs.
34
35       If  the  specified  file is a regular file, one or more of the S_IXUSR,
36       S_IXGRP, or S_IXOTH bits of the file mode are set, and the process does
37       not  have  appropriate  privileges,  the set-user-ID (S_ISUID) and set-
38       group-ID (S_ISGID) bits of the file mode shall be cleared upon success‐
39       ful  return  from chown(). If the specified file is a regular file, one
40       or more of the S_IXUSR, S_IXGRP, or S_IXOTH bits of the file  mode  are
41       set,  and the process has appropriate privileges, it is implementation-
42       defined whether the set-user-ID and set-group-ID bits are  altered.  If
43       the  chown()  function  is successfully invoked on a file that is not a
44       regular file and one or more of the S_IXUSR, S_IXGRP, or  S_IXOTH  bits
45       of  the file mode are set, the set-user-ID and set-group-ID bits may be
46       cleared.
47
48       If owner or group is specified as ( uid_t)-1  or  (  gid_t)-1,  respec‐
49       tively,  the corresponding ID of the file shall not be changed. If both
50       owner and group are -1, the times need not be updated.
51
52       Upon successful completion, chown() shall mark for update the  st_ctime
53       field of the file.
54

RETURN VALUE

56       Upon successful completion, 0 shall be returned; otherwise, -1 shall be
57       returned and errno set to indicate the error. If  -1  is  returned,  no
58       changes are made in the user ID and group ID of the file.
59

ERRORS

61       The chown() function shall fail if:
62
63       EACCES Search permission is denied on a component of the path prefix.
64
65       ELOOP  A loop exists in symbolic links encountered during resolution of
66              the path argument.
67
68       ENAMETOOLONG
69              The length of the path argument exceeds {PATH_MAX} or a pathname
70              component is longer than {NAME_MAX}.
71
72       ENOTDIR
73              A component of the path prefix is not a directory.
74
75       ENOENT A component of path does not name an existing file or path is an
76              empty string.
77
78       EPERM  The effective user ID does not match the owner of the  file,  or
79              the  calling  process  does  not have appropriate privileges and
80              _POSIX_CHOWN_RESTRICTED  indicates  that   such   privilege   is
81              required.
82
83       EROFS  The named file resides on a read-only file system.
84
85
86       The chown() function may fail if:
87
88       EIO    An  I/O error occurred while reading or writing to the file sys‐
89              tem.
90
91       EINTR  The chown() function was  interrupted  by  a  signal  which  was
92              caught.
93
94       EINVAL The  owner  or group ID supplied is not a value supported by the
95              implementation.
96
97       ELOOP  More than {SYMLOOP_MAX} symbolic links were  encountered  during
98              resolution of the path argument.
99
100       ENAMETOOLONG
101              As a result of encountering a symbolic link in resolution of the
102              path argument, the length of  the  substituted  pathname  string
103              exceeded {PATH_MAX}.
104
105
106       The following sections are informative.
107

EXAMPLES

109       None.
110

APPLICATION USAGE

112       Although  chown() can be used on some implementations by the file owner
113       to change the owner and group to any desired values, the only  portable
114       use  of this function is to change the group of a file to the effective
115       GID of the calling process or to a member of its group set.
116

RATIONALE

118       System III and System V allow a user to give away files; that  is,  the
119       owner  of  a file may change its user ID to anything. This is a serious
120       problem for implementations that are intended to meet government  secu‐
121       rity  regulations.  Version  7 and 4.3 BSD permit only the superuser to
122       change the user ID of a file. Some  government  agencies  (usually  not
123       ones concerned directly with security) find this limitation too confin‐
124       ing. This volume of IEEE Std 1003.1-2001  uses  may  to  permit  secure
125       implementations while not disallowing System V.
126
127       System  III  and System V allow the owner of a file to change the group
128       ID to anything. Version 7 permits only  the  superuser  to  change  the
129       group ID of a file. 4.3 BSD permits the owner to change the group ID of
130       a file to its effective group ID or to any of the groups in the list of
131       supplementary group IDs, but to no others.
132
133       The POSIX.1-1990 standard requires that the chown() function invoked by
134       a non-appropriate privileged process clear the S_ISGID and the  S_ISUID
135       bits  for regular files, and permits them to be cleared for other types
136       of files. This is so that changes in accessibility do not  accidentally
137       cause  files  to become security holes.  Unfortunately, requiring these
138       bits to be cleared on non-executable data files also clears the  manda‐
139       tory  file  locking bit (shared with S_ISGID), which is an extension on
140       many implementations (it first appeared in System V). These bits should
141       only  be  required to be cleared on regular files that have one or more
142       of their execute bits set.
143

FUTURE DIRECTIONS

145       None.
146

COPYRIGHT

152       Portions  of  this text are reprinted and reproduced in electronic form
153       from IEEE Std 1003.1, 2003 Edition, Standard for Information Technology
154       --  Portable  Operating  System  Interface (POSIX), The Open Group Base
155       Specifications Issue 6, Copyright (C) 2001-2003  by  the  Institute  of
156       Electrical  and  Electronics  Engineers, Inc and The Open Group. In the
157       event of any discrepancy between this version and the original IEEE and
158       The  Open Group Standard, the original IEEE and The Open Group Standard
159       is the referee document. The original Standard can be  obtained  online
160       at http://www.opengroup.org/unix/online.html .
161
162
163
164IEEE/The Open Group                  2003                             CHOWN(P)