chown(2) — Linux manual page

NAME | LIBRARY | SYNOPSIS | DESCRIPTION | RETURN VALUE | ERRORS | VERSIONS | STANDARDS | HISTORY | NOTES | EXAMPLES | SEE ALSO | COLOPHON

chown(2)                   System Calls Manual                  chown(2)

NAME         top

       chown, fchown, lchown, fchownat - change ownership of a file

LIBRARY         top

       Standard C library (libc, -lc)

SYNOPSIS         top

       #include <unistd.h>

       int chown(const char *pathname, uid_t owner, gid_t group);
       int fchown(int fd, uid_t owner, gid_t group);
       int lchown(const char *pathname, uid_t owner, gid_t group);

       #include <fcntl.h>           /* Definition of AT_* constants */
       #include <unistd.h>

       int fchownat(int dirfd, const char *pathname,
                    uid_t owner, gid_t group, int flags);

   Feature Test Macro Requirements for glibc (see
   feature_test_macros(7)):

       fchown(), lchown():
           /* Since glibc 2.12: */ _POSIX_C_SOURCE >= 200809L
               || _XOPEN_SOURCE >= 500
               || /* glibc <= 2.19: */ _BSD_SOURCE

       fchownat():
           Since glibc 2.10:
               _POSIX_C_SOURCE >= 200809L
           Before glibc 2.10:
               _ATFILE_SOURCE

DESCRIPTION         top

       These system calls change the owner and group of a file.  The
       chown(), fchown(), and lchown() system calls differ only in how
       the file is specified:

       •  chown() changes the ownership of the file specified by
          pathname, which is dereferenced if it is a symbolic link.

       •  fchown() changes the ownership of the file referred to by the
          open file descriptor fd.

       •  lchown() is like chown(), but does not dereference symbolic
          links.

       Only a privileged process (Linux: one with the CAP_CHOWN
       capability) may change the owner of a file.  The owner of a file
       may change the group of the file to any group of which that owner
       is a member.  A privileged process (Linux: with CAP_CHOWN) may
       change the group arbitrarily.

       If the owner or group is specified as -1, then that ID is not
       changed.

       When the owner or group of an executable file is changed by an
       unprivileged user, the S_ISUID and S_ISGID mode bits are cleared.
       POSIX does not specify whether this also should happen when root
       does the chown(); the Linux behavior depends on the kernel
       version, and since Linux 2.2.13, root is treated like other
       users.  In case of a non-group-executable file (i.e., one for
       which the S_IXGRP bit is not set) the S_ISGID bit indicates
       mandatory locking, and is not cleared by a chown().

       When the owner or group of an executable file is changed (by any
       user), all capability sets for the file are cleared.

   fchownat()
       The fchownat() system call operates in exactly the same way as
       chown(), except for the differences described here.

       If the pathname given in pathname is relative, then it is
       interpreted relative to the directory referred to by the file
       descriptor dirfd (rather than relative to the current working
       directory of the calling process, as is done by chown() for a
       relative pathname).

       If pathname is relative and dirfd is the special value AT_FDCWD,
       then pathname is interpreted relative to the current working
       directory of the calling process (like chown()).

       If pathname is absolute, then dirfd is ignored.

       The flags argument is a bit mask created by ORing together 0 or
       more of the following values;

       AT_EMPTY_PATH (since Linux 2.6.39)
              If pathname is an empty string, operate on the file
              referred to by dirfd (which may have been obtained using
              the open(2) O_PATH flag).  In this case, dirfd can refer
              to any type of file, not just a directory.  If dirfd is
              AT_FDCWD, the call operates on the current working
              directory.  This flag is Linux-specific; define
              _GNU_SOURCE to obtain its definition.

       AT_SYMLINK_NOFOLLOW
              If pathname is a symbolic link, do not dereference it:
              instead operate on the link itself, like lchown().  (By
              default, fchownat() dereferences symbolic links, like
              chown().)

       See openat(2) for an explanation of the need for fchownat().

RETURN VALUE         top

       On success, zero is returned.  On error, -1 is returned, and
       errno is set to indicate the error.

ERRORS         top

       Depending on the filesystem, errors other than those listed below
       can be returned.

       The more general errors for chown() are listed below.

       EACCES Search permission is denied on a component of the path
              prefix.  (See also path_resolution(7).)

       EBADF  (fchown()) fd is not a valid open file descriptor.

       EBADF  (fchownat()) pathname is relative but dirfd is neither
              AT_FDCWD nor a valid file descriptor.

       EFAULT pathname points outside your accessible address space.

       EINVAL (fchownat()) Invalid flag specified in flags.

       EIO    (fchown()) A low-level I/O error occurred while modifying
              the inode.

       ELOOP  Too many symbolic links were encountered in resolving
              pathname.

       ENAMETOOLONG
              pathname is too long.

       ENOENT The file does not exist.

       ENOMEM Insufficient kernel memory was available.

       ENOTDIR
              A component of the path prefix is not a directory.

       ENOTDIR
              (fchownat()) pathname is relative and dirfd is a file
              descriptor referring to a file other than a directory.

       EPERM  The calling process did not have the required permissions
              (see above) to change owner and/or group.

       EPERM  The file is marked immutable or append-only.  (See
              FS_IOC_SETFLAGS(2const).)

       EROFS  The named file resides on a read-only filesystem.

VERSIONS         top

       The 4.4BSD version can be used only by the superuser (that is,
       ordinary users cannot give away files).

STANDARDS         top

       POSIX.1-2008.

HISTORY         top

       chown()
       fchown()
       lchown()
              4.4BSD, SVr4, POSIX.1-2001.

       fchownat()
              POSIX.1-2008.  Linux 2.6.16, glibc 2.4.

NOTES         top

   Ownership of new files
       When a new file is created (by, for example, open(2) or
       mkdir(2)), its owner is made the same as the filesystem user ID
       of the creating process.  The group of the file depends on a
       range of factors, including the type of filesystem, the options
       used to mount the filesystem, and whether or not the set-group-ID
       mode bit is enabled on the parent directory.  If the filesystem
       supports the -o grpid (or, synonymously -o bsdgroups) and
       -o nogrpid (or, synonymously -o sysvgroups) mount(8) options,
       then the rules are as follows:

       •  If the filesystem is mounted with -o grpid, then the group of
          a new file is made the same as that of the parent directory.

       •  If the filesystem is mounted with -o nogrpid and the set-
          group-ID bit is disabled on the parent directory, then the
          group of a new file is made the same as the process's
          filesystem GID.

       •  If the filesystem is mounted with -o nogrpid and the set-
          group-ID bit is enabled on the parent directory, then the
          group of a new file is made the same as that of the parent
          directory.

       As at Linux 4.12, the -o grpid and -o nogrpid mount options are
       supported by ext2, ext3, ext4, and XFS.  Filesystems that don't
       support these mount options follow the -o nogrpid rules.

   glibc notes
       On older kernels where fchownat() is unavailable, the glibc
       wrapper function falls back to the use of chown() and lchown().
       When pathname is a relative pathname, glibc constructs a pathname
       based on the symbolic link in /proc/self/fd that corresponds to
       the dirfd argument.

   NFS
       The chown() semantics are deliberately violated on NFS
       filesystems which have UID mapping enabled.  Additionally, the
       semantics of all system calls which access the file contents are
       violated, because chown() may cause immediate access revocation
       on already open files.  Client side caching may lead to a delay
       between the time where ownership have been changed to allow
       access for a user and the time where the file can actually be
       accessed by the user on other clients.

   Historical details
       The original Linux chown(), fchown(), and lchown() system calls
       supported only 16-bit user and group IDs.  Subsequently, Linux
       2.4 added chown32(), fchown32(), and lchown32(), supporting
       32-bit IDs.  The glibc chown(), fchown(), and lchown() wrapper
       functions transparently deal with the variations across kernel
       versions.

       Before Linux 2.1.81 (except 2.1.46), chown() did not follow
       symbolic links.  Since Linux 2.1.81, chown() does follow symbolic
       links, and there is a new system call lchown() that does not
       follow symbolic links.  Since Linux 2.1.86, this new call (that
       has the same semantics as the old chown()) has got the same
       syscall number, and chown() got the newly introduced number.

EXAMPLES         top

       The following program changes the ownership of the file named in
       its second command-line argument to the value specified in its
       first command-line argument.  The new owner can be specified
       either as a numeric user ID, or as a username (which is converted
       to a user ID by using getpwnam(3) to perform a lookup in the
       system password file).

   Program source
       #include <pwd.h>
       #include <stdio.h>
       #include <stdlib.h>
       #include <sys/types.h>
       #include <unistd.h>

       int
       main(int argc, char *argv[])
       {
           char           *endptr;
           uid_t          uid;
           struct passwd  *pwd;

           if (argc != 3 || argv[1][0] == '\0') {
               fprintf(stderr, "%s <owner> <file>\n", argv[0]);
               exit(EXIT_FAILURE);
           }

           uid = strtol(argv[1], &endptr, 10);  /* Allow a numeric string */

           if (*endptr != '\0') {         /* Was not pure numeric string */
               pwd = getpwnam(argv[1]);   /* Try getting UID for username */
               if (pwd == NULL) {
                   perror("getpwnam");
                   exit(EXIT_FAILURE);
               }

               uid = pwd->pw_uid;
           }

           if (chown(argv[2], uid, -1) == -1) {
               perror("chown");
               exit(EXIT_FAILURE);
           }

           exit(EXIT_SUCCESS);
       }

SEE ALSO         top

       chgrp(1), chown(1), chmod(2), flock(2), path_resolution(7),
       symlink(7)

COLOPHON         top

       This page is part of the man-pages (Linux kernel and C library
       user-space interface documentation) project.  Information about
       the project can be found at 
       ⟨https://www.kernel.org/doc/man-pages/⟩.  If you have a bug report
       for this manual page, see
       ⟨https://git.kernel.org/pub/scm/docs/man-pages/man-pages.git/tree/CONTRIBUTING⟩.
       This page was obtained from the tarball man-pages-6.9.1.tar.gz
       fetched from
       ⟨https://mirrors.edge.kernel.org/pub/linux/docs/man-pages/⟩ on
       2024-06-26.  If you discover any rendering problems in this HTML
       version of the page, or you believe there is a better or more up-
       to-date source for the page, or you have corrections or
       improvements to the information in this COLOPHON (which is not
       part of the original manual page), send a mail to
       man-pages@man7.org

Linux man-pages 6.9.1          2024-06-15                       chown(2)

Pages that refer to this page: chgrp(1)chown(1)access(2)chmod(2)fcntl(2)mkdir(2)mknod(2)mount_setattr(2)open(2)open_by_handle_at(2)stat(2)statx(2)symlink(2)syscalls(2)euidaccess(3)fpathconf(3)id_t(3type)shm_open(3)systemd.exec(5)capabilities(7)inode(7)inotify(7)landlock(7)shm_overview(7)signal-safety(7)spufs(7)symlink(7)unix(7)