svcadm(1M)을 검색하려면 섹션에서 1M 을 선택하고, 맨 페이지 이름에 svcadm을 입력하고 검색을 누른다.
chmod(2)
chmod(2) System Calls chmod(2)
NAME
chmod, fchmod, fchmodat - change access permission mode of file
SYNOPSIS
#include <sys/stat.h>
int chmod(const char *path, mode_t mode);
int fchmod(int fildes, mode_t mode);
int fchmodat(int fd, const char *path, mode_t mode, int flag);
DESCRIPTION
The chmod(), fchmod(), and fchmodat() functions set the access permis‐
sion portion of the mode of the file whose name is given by path or
referenced by the open file descriptor fildes to the bit pattern con‐
tained in mode. Access permission bits are interpreted as follows:
tab(); lw(1.01i) lw(0.69i) lw(3.79i) S_ISUID04000Set user ID on execu‐
tion. S_ISGID020#0T{ Set group ID on execution if # is 7, 5, 3, or 1.
Enable mandatory file/record locking if # is 6, 4, 2, or 0. T}
S_ISVTX01000Sticky bit. S_IRWXU00700Read, write, execute by owner.
S_IRUSR00400Read by owner. S_IWUSR00200Write by owner. S_IXUSR00100T{
Execute (search if a directory) by owner. T} S_IRWXG00070Read, write,
execute by group. S_IRGRP00040Read by group. S_IWGRP00020Write by
group. S_IXGRP00010Execute by group. S_IRWXO00007Read, write, execute
(search) by others. S_IROTH00004Read by others. S_IWOTH00002Write by
others. S_IXOTH00001Execute by others.
Modes are constructed by the bitwise OR operation of the access permis‐
sion bits.
The effective user ID of the process must match the owner of the file
or the process must have the appropriate privilege to change the mode
of a file.
If the process is not a privileged process and the file is not a direc‐
tory, mode bit 01000 (S_ISVTX, the sticky bit) is cleared.
If neither the process is privileged nor the file's group is a member
of the process's supplementary group list, and the effective group ID
of the process does not match the group ID of the file, mode bit 02000
(set group ID on execution) is cleared.
If a directory is writable and has S_ISVTX (the sticky bit) set, files
within that directory can be removed or renamed only if one or more of
the following is true (see unlink(2) and rename(2)):
o the user owns the file
o the user owns the directory
o the file is writable by the user
o the user is a privileged user
If a regular file is not executable and has S_ISVTX set, the file is
assumed to be a swap file. In this case, the system's page cache will
not be used to hold the file's data. If the S_ISVTX bit is set on any
other file, the results are unspecified.
If a directory has the set group ID bit set, a given file created
within that directory will have the same group ID as the directory.
Otherwise, the newly created file's group ID will be set to the effec‐
tive group ID of the creating process.
If the mode bit 02000 (set group ID on execution) is set and the mode
bit 00010 (execute or search by group) is not set, mandatory
file/record locking will exist on a regular file, possibly affecting
future calls to open(2), creat(2), read(2), and write(2) on this file.
If fildes references a shared memory object, fchmod() need only affect
the S_IRUSR, S_IRGRP, S_IROTH, S_IWUSR, S_IWGRP, S_IWOTH, S_IXUSR,
S_IXGRP, and S_IXOTH file permission bits.
If fildes refers to a socket, fchmod() does not fail but no action is
taken.
If fildes refers to a stream that is attached to an object in the file
system name space with fattach(3C), the fchmod() call performs no
action and returns successfully.
Upon successful completion, chmod(), fchmod(), and fchmodat() mark for
update the st_ctime field of the file.
The fchmodat() function is equivalent to chmod() except in the case
where path specifies a relative path. In this case the file to be
changed is determined relative to the directory associated with the
file descriptor fd instead of the current working directory. If the
file descriptor was opened without O_SEARCH, the function checks
whether directory searches are permitted using the current permissions
of the directory underlying the file descriptor. If the file descriptor
was opened with O_SEARCH, the function does not perform the check. If
fchmodat() is passed the special value AT_FDCWD in the fd parameter,
the current working directory is used.
Values for flag are constructed by a bitwise-inclusive OR of flags from
the following list, defined in <fcntl.h>
AT_SYMLINK_NOFOLLOW If path names a symbolic link, then the mode of
the symbolic link is changed.
If flag is 0, the behavior shall be identical to a call to chmod().
RETURN VALUES
Upon successful completion, 0 is returned. Otherwise, −1 is returned,
the file mode is unchanged, and errno is set to indicate the error.
ERRORS
The chmod(), fchmod(), and fchmodat() functions will fail if:
EPERM The effective user ID does not match the owner of the file and
the process does not have appropriate privilege.
The {PRIV_FILE_OWNER} privilege overrides constraints on own‐
ership when changing permissions on a file.
The {PRIV_FILE_SETID} privilege overrides constraints on own‐
ership when adding the setuid or setgid bits to an executable
file or a directory. When adding the setuid bit to a root
owned executable, additional restrictions apply. See privi‐
leges(7).
EROFS The file referred to by path resides on a read-only file sys‐
tem.
The chmod() and fchmod() functions will fail if:
EIO An I/O error occurred while reading from or writing to the file
system.
The chmod() and fchmodat()functions will fail if:
EACCES Search permission is denied on a component of the path
prefix of path. The privilege {FILE_DAC_SEARCH} over‐
rides file permissions restrictions in that case.
ELOOP A loop exists in symbolic links encountered during the
resolution of the path argument.
ENAMETOOLONG The length of the path argument exceeds PATH_MAX, or
the length of a path component exceeds NAME_MAX while
_POSIX_NO_TRUNC is in effect.
ENOENT Either a component of the path prefix or the file
referred to by path does not exist or is a null path‐
name.
ENOTDIR A component of the prefix of path is not a directory.
The chmod() function will fail if:
EFAULT The path argument points to an illegal address.
ENOLINK The fildes argument points to a remote machine and the link
to that machine is no longer active.
The fchmod() function will fail if:
EBADF The fildes argument is not an open file descriptor
ENOLINK The path argument points to a remote machine and the link to
that machine is no longer active.
The fchmodat() function will fail if:
EACCES fd was not opened with O_SEARCH and the permissions of the
directory underlying fd do not permit directory searches.
EBADF The path argument does not specify an absolute path and the
fd argument is neither AT_FDCWD nor a valid file descriptor
open for reading or searching.
The chmod(), fchmod(), and fchmodat() functions may fail if:
EINTR A signal was caught during execution of the function.
EINVAL The value of the mode argument is invalid.
The chmod() and fchmodat() functions may fail if:
ELOOP More than {SYMLOOP_MAX} symbolic links were encountered
during the resolution of the path argument.
ENAMETOOLONG As a result of encountering a symbolic link in resolu‐
tion of the path argument, the length of the substi‐
tuted pathname strings exceeds {PATH_MAX}.
The fchmod() function may fail if:
EINVAL The fildes argument refers to a pipe and the system disallows
execution of this function on a pipe.
The fchmodat() function may fail if:
EINVAL The value of the flag argument is invalid
ENOTDIR The path argument is not an absolute path and fd is nei‐
ther AT_FDCWD nor a file descriptor associated with a
directory
EOPNOTSUPP The AT_SYMLINK_NOFOLLOW bit is set in the flag argument,
path names a symbolic link, and the system does not sup‐
port changing the mode of a symbolic link.
EXAMPLES
Example 1 Set Read Permissions for User, Group, and Others
The following example sets read permissions for the owner, group, and
others.
#include <sys/stat.h>
const char *path;
...
chmod(path, S_IRUSR|S_IRGRP|S_IROTH);
Example 2 Set Read, Write, and Execute Permissions for the Owner Only
The following example sets read, write, and execute permissions for the
owner, and no permissions for group and others.
#include <sys/stat.h>
const char *path;
...
chmod(path, S_IRWXU);
Example 3 Set Different Permissions for Owner, Group, and Other
The following example sets owner permissions for CHANGEFILE to read,
write, and execute, group permissions to read and execute, and other
permissions to read.
#include <sys/stat.h>
#define CHANGEFILE "/etc/myfile"
...
chmod(CHANGEFILE, S_IRWXU|S_IRGRP|S_IXGRP|S_IROTH);
Example 4 Set and Check File Permissions
The following example sets the file permission bits for a file named
/home/cnd/mod1, then calls the stat(2) function to verify the permis‐
sions.
#include <sys/stat.h>
int status;
struct stat buffer;
...
chmod("/home/cnd/mod1", S_IRWXU|S_IRWXG|S_IROTH|S_IWOTH);
status = stat("/home/cnd/mod1", &buffer);
if (status != 0) {
perror("stat: /home/cnd/mod1");
} else if ((buffer.st_mode & S_IAMB)
!= (S_IRWXU|S_IRWXG|S_IROTH|S_IWOTH)) {
/* Handle failure */
}
USAGE
If chmod(), fchmod(), or fchmodat() is used to change the file group
owner permissions on a file with non-trivial ACL entries, only the ACL
mask is set to the new permissions and the group owner permission bits
in the file's mode field (defined in mknod(2)) are unchanged. A non-
trivial ACL entry is one whose meaning cannot be represented in the
file's mode field alone. The new ACL mask permissions might change the
effective permissions for additional users and groups that have ACL
entries on the file.
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
tab() box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) ATTRIBUTE TYPEAT‐
TRIBUTE VALUE _ Interface StabilityCommitted _ MT-LevelAsync-Signal-
Safe _ StandardSee standards(7).
SEE ALSO
chmod(1), chown(2), creat(2), fcntl(2), mknod(2), open(2), read(2),
rename(2), stat(2), write(2), fattach(3C), mkfifo(3C), stat.h(3HEAD),
attributes(7), privileges(7), standards(7)
HISTORY
The chmod() and fchmod() functions have been included in all Sun and
Oracle releases of Solaris.
The fchmodat() function was added to Solaris in the Solaris 11.0
release.
Oracle Solaris 11.4 2 Mar 2021 chmod(2)