chown(2)

NAME

chown(), fchown(), lchown() — change owner and group of a file

SYNOPSIS

#include <unistd.h>

int chown(const char *path, uid_t owner, gid_t group);

int lchown(const char *path, uid_t owner, gid_t group);

int fchown(int fildes, uid_t owner, gid_t group);

DESCRIPTION

The chown() system call changes the user and group ownership of a file. path points to the path name of a file. chown() sets the owner ID and group ID of the file to the numeric values contained in owner and group respectively. A value of UID_NO_CHANGE or GID_NO_CHANGE can be specified in owner or group to leave unchanged the file's owner ID or group ID, respectively. Note that owner and group should be less than UID_MAX (see limits(5)).

The group ownership of a file can be changed to any group in the current process's access list or to the real or effective group ID of the current process. If privilege groups are supported and the user has the CHOWN privilege, the file can be given to any group.

If the path given to chown() contains a symbolic link as the last element, this link is traversed and path name resolution continues. chown() changes the owner and group of the symbolic link's target, rather than the owner and group of the link.

The fchown() system call functions exactly like chown(), except that it operates on a file descriptor instead of a path name. fildes is a file descriptor.

The lchown() system call sets the owner ID and group ID of the named file just as chown() does, except in the case where the named file is a symbolic link. In this case, lchown() changes the owner and group of the symbolic link file itself.

Access Control Lists - HFS File Systems Only

A user can allow or deny specific individuals and groups access to a file by using the file's access control list (see acl(5)). When using chown() in conjunction with HFS ACLs, if the new owner and/or group does not have an optional ACL entry corresponding to user.% and/or %.group in the file's access control list, the file's access permission bits remain unchanged. However, if the new owner and/or group is already designated by an optional ACL entry of user.% and/or %.group, chown() sets the file's permission bits (and the three basic ACL entries) to the permissions contained in that entry.

Access Control Lists - JFS File Systems Only

A user can allow or deny specific individuals and groups access to a file by using the file's access control list (see aclv(5)). When using chown() in conjunction with JFS ACLs, if the new owner and/or group of a file have optional ACL entries corresponding to user:uid:perm and/or group:gid:perm in the file's access control list, those entries remain in the ACL but no longer have any effect, being superseded by the file's user::perm and/or group::perm entries.

Security Restrictions

Only processes with an effective user ID equal to the file owner or a user with the OWNER privilege can change the ownership of a file. If privilege groups are supported, the owner of a file can change the ownership only as a member of a privilege group allowing CHOWN, as set up by the setprivgrp command (see setprivgrp(1M)). All users get the CHOWN privilege by default.

When a process changes the ownership or group of a file, the file system may clear the set-user-ID and set-group-ID bits.

See privileges(5) for more information about privileged access on systems that support fine-grained privileges.

RETURN VALUE

chown() and fchown() return the following values:

0: Successful completion.
-1: Failure. The owner and group of the file remain unchanged. errno is set to indicate the error.

ERRORS

If chown() or lchown() fails, errno is set to one of the following values:

EACCES

Search permission is denied on a component of the path prefix.

EFAULT

path points outside the allocated address space of the process. The reliable detection of this error is implementation dependent.

ELOOP

Too many symbolic links were encountered in translating path.

ENAMETOOLONG

A component of path exceeds NAME_MAX bytes while _POSIX_NO_TRUNC is in effect, or path exceeds PATH_MAX bytes.

ENOENT

The file named by path does not exist.

ENOTDIR

A component of the path prefix is not a directory.

EINVAL

Either owner or group is greater than or equal to UID_MAX, or is an illegal negative value.

EPERM

The effective user ID is not a user with OWNER privilege and one or more of the following conditions exist:

The effective user ID does not match the owner of the file.
When changing the owner of the file, the owner of the file is not a member of a privilege group allowing the CHOWN privilege.
When changing the group of the file, the owner of the file is not a member of a privilege group allowing the CHOWN privilege and the group number is not in the current process's access list.

EROFS

The named file resides on a read-only file system.

If fchown() fails, errno is set to one of the following values:

EBADF

fildes is not a valid file descriptor.

EINVAL

Either owner or group is greater than or equal to UID_MAX, or is an illegal negative value.

EPERM

The effective user ID is not a user having OWNER privilege and one or more of the following conditions exist:

The effective user ID does not match the owner of the file.
When changing the owner of the file, the owner of the file is not a member of a privilege group allowing the CHOWN privilege.
When changing the group of the file, the owner of the file is not a member of a privilege group allowing the CHOWN privilege and the group number is not in the current process's access list.

EROFS

The named file resides on a read-only file system.

AUTHOR

chown() was developed by AT&T.

fchown() was developed by the University of California, Berkeley.

STANDARDS CONFORMANCE

chown(): AES, SVID2, SVID3, XPG2, XPG3, XPG4, FIPS 151-2, POSIX.1

fchown(): AES, SVID3