Provided by: manpages-posix-dev_2017a-2_all bug

PROLOG

       This  manual  page  is part of the POSIX Programmer's Manual.  The Linux implementation of
       this interface may differ (consult the corresponding Linux  manual  page  for  details  of
       Linux behavior), or the interface may not be implemented on Linux.

NAME

       chown, fchownat — change owner and group of a file

SYNOPSIS

       #include <unistd.h>

       int chown(const char *path, uid_t owner, gid_t group);

       #include <fcntl.h>

       int fchownat(int fd, const char *path, uid_t owner, gid_t group,
           int flag);

DESCRIPTION

       The chown() function shall change the user and group ownership of a file.

       The  path  argument  points  to  a pathname naming a file. The user ID and group ID of the
       named file shall be set to the numeric values contained in owner and group, respectively.

       Only processes with an effective user ID equal  to  the  user  ID  of  the  file  or  with
       appropriate  privileges  may change the ownership of a file. If _POSIX_CHOWN_RESTRICTED is
       in effect for path:

        *  Changing the user ID is restricted to processes with appropriate privileges.

        *  Changing the group ID is permitted to a process with an effective user ID equal to the
           user ID of the file, but without appropriate privileges, if and only if owner is equal
           to the file's user ID or (uid_t)-1 and group is equal either to the  calling  process'
           effective group ID or to one of its supplementary group IDs.

       If  the  specified file is a regular file, one or more of the S_IXUSR, S_IXGRP, or S_IXOTH
       bits of the file mode are set, and the process does not have appropriate  privileges,  the
       set-user-ID  (S_ISUID)  and  set-group-ID (S_ISGID) bits of the file mode shall be cleared
       upon successful return from chown().  If the specified file is a regular file, one or more
       of  the  S_IXUSR,  S_IXGRP,  or S_IXOTH bits of the file mode are set, and the process has
       appropriate privileges, it is implementation-defined  whether  the  set-user-ID  and  set-
       group-ID  bits are altered. If the chown() function is successfully invoked on a file that
       is not a regular file and one or more of the S_IXUSR, S_IXGRP, or S_IXOTH bits of the file
       mode are set, the set-user-ID and set-group-ID bits may be cleared.

       If  owner or group is specified as (uid_t)-1 or (gid_t)-1, respectively, the corresponding
       ID of the file shall not be changed.

       Upon successful completion, chown() shall mark for update  the  last  file  status  change
       timestamp  of the file, except that if owner is (uid_t)-1 and group is (gid_t)-1, the file
       status change timestamp need not be marked for update.

       The fchownat() function shall be equivalent to the chown() and lchown()  functions  except
       in  the  case where path specifies a relative path. In this case the file to be changed is
       determined relative to the directory associated with the file descriptor fd instead of the
       current working directory. If the access mode of the open file description associated with
       the file descriptor is not O_SEARCH, the function shall check whether  directory  searches
       are  permitted  using  the  current  permissions  of  the  directory  underlying  the file
       descriptor. If the access mode is O_SEARCH, the function shall not perform the check.

       Values for flag are constructed by a bitwise-inclusive OR  of  flags  from  the  following
       list, defined in <fcntl.h>:

       AT_SYMLINK_NOFOLLOW
             If path names a symbolic link, ownership of the symbolic link is changed.

       If  fchownat()  is  passed  the  special  value  AT_FDCWD in the fd parameter, the current
       working directory shall be used and the behavior shall be identical to a call  to  chown()
       or  lchown()  respectively, depending on whether or not the AT_SYMLINK_NOFOLLOW bit is set
       in the flag argument.

RETURN VALUE

       Upon successful completion, these functions shall return 0.   Otherwise,  these  functions
       shall  return  -1  and  set errno to indicate the error. If -1 is returned, no changes are
       made in the user ID and group ID of the file.

ERRORS

       These functions shall fail if:

       EACCES Search permission is denied on a component of the path prefix.

       ELOOP  A loop exists in symbolic links encountered during resolution of the path argument.

       ENAMETOOLONG
              The length of a component of a pathname is longer than {NAME_MAX}.

       ENOENT A component of path does not name an existing file or path is an empty string.

       ENOTDIR
              A component of the path prefix names an existing file that is neither  a  directory
              nor  a  symbolic  link  to  a directory, or the path argument contains at least one
              non-<slash> character and ends with one or more trailing <slash> characters and the
              last  pathname  component  names an existing file that is neither a directory nor a
              symbolic link to a directory.

       EPERM  The effective user ID does not match the owner of the file, or the calling  process
              does  not  have  appropriate  privileges and _POSIX_CHOWN_RESTRICTED indicates that
              such privilege is required.

       EROFS  The named file resides on a read-only file system.

       The fchownat() function shall fail if:

       EACCES The access mode of the open file description associated with fd is not O_SEARCH and
              the permissions of the directory underlying fd do not permit directory searches.

       EBADF  The  path argument does not specify an absolute path and the fd argument is neither
              AT_FDCWD nor a valid file descriptor open for reading or searching.

       ENOTDIR
              The path argument is not an absolute path and fd is a  file  descriptor  associated
              with a non-directory file.

       These functions may fail if:

       EIO    An I/O error occurred while reading or writing to the file system.

       EINTR  The chown() function was interrupted by a signal which was caught.

       EINVAL The owner or group ID supplied is not a value supported by the implementation.

       ELOOP  More  than  {SYMLOOP_MAX}  symbolic links were encountered during resolution of the
              path argument.

       ENAMETOOLONG
              The length of a pathname exceeds {PATH_MAX}, or pathname resolution of  a  symbolic
              link produced an intermediate result with a length that exceeds {PATH_MAX}.

       The fchownat() function may fail if:

       EINVAL The value of the flag argument is not valid.

       The following sections are informative.

EXAMPLES

       None.

APPLICATION USAGE

       Although chown() can be used on some implementations by the file owner to change the owner
       and group to any desired values, the only portable use of this function is to  change  the
       group  of  a  file to the effective GID of the calling process or to a member of its group
       set.

RATIONALE

       System III and System V allow a user to give away files; that is, the owner of a file  may
       change  its  user  ID  to anything. This is a serious problem for implementations that are
       intended to meet government security regulations.  Version 7 and 4.3 BSD permit  only  the
       superuser  to  change  the  user  ID of a file. Some government agencies (usually not ones
       concerned directly with security) find this  limitation  too  confining.  This  volume  of
       POSIX.1‐2017 uses may to permit secure implementations while not disallowing System V.

       System  III  and  System  V  allow the owner of a file to change the group ID to anything.
       Version 7 permits only the superuser to change the group ID of a file.   4.3  BSD  permits
       the  owner  to  change  the  group ID of a file to its effective group ID or to any of the
       groups in the list of supplementary group IDs, but to no others.

       The POSIX.1‐1990 standard requires that the chown() function invoked by a  non-appropriate
       privileged  process  clear the S_ISGID and the S_ISUID bits for regular files, and permits
       them to be cleared for other types of files. This is so that changes in  accessibility  do
       not  accidentally  cause  files  to become security holes.  Unfortunately, requiring these
       bits to be cleared on non-executable data files also clears the mandatory file locking bit
       (shared with S_ISGID), which is an extension on many implementations (it first appeared in
       System V). These bits should only be required to be cleared on regular files that have one
       or more of their execute bits set.

       The  purpose  of  the  fchownat()  function  is  to  enable changing ownership of files in
       directories other than the current working directory without exposure to race  conditions.
       Any  part  of  the  path  of  a  file could be changed in parallel to a call to chown() or
       lchown(), resulting in unspecified behavior. By opening a file descriptor for  the  target
       directory  and using the fchownat() function it can be guaranteed that the changed file is
       located relative to the desired directory.

FUTURE DIRECTIONS

       None.

SEE ALSO

       chmod(), fpathconf(), lchown()

       The Base Definitions volume of POSIX.1‐2017, <fcntl.h>, <sys_types.h>, <unistd.h>

COPYRIGHT

       Portions of this text are reprinted and  reproduced  in  electronic  form  from  IEEE  Std
       1003.1-2017,  Standard  for  Information Technology -- Portable Operating System Interface
       (POSIX), The Open Group Base Specifications Issue 7, 2018 Edition, Copyright (C)  2018  by
       the  Institute  of  Electrical  and Electronics Engineers, Inc and The Open Group.  In the
       event of any discrepancy between this version and the original IEEE  and  The  Open  Group
       Standard,  the  original  IEEE  and  The  Open Group Standard is the referee document. The
       original Standard can be obtained online at http://www.opengroup.org/unix/online.html .

       Any typographical or formatting errors that appear in this page are most  likely  to  have
       been  introduced  during  the conversion of the source files to man page format. To report
       such errors, see https://www.kernel.org/doc/man-pages/reporting_bugs.html .