chown(2)chown(2)NAMEchown(), fchown(), lchown() - change owner and group of a file
SYNOPSISDESCRIPTION
The system call changes the user and group ownership of a file. path
points to the path name of a file. sets the owner ID and group ID of
the file to the numeric values contained in owner and group respec‐
tively. A value of or can be specified in owner or group to leave
unchanged the file's owner ID or group ID, respectively. Note that
owner and group should be less than (see limits(5)).
The group ownership of a file can be changed to any group in the cur‐
rent process's access list or to the real or effective group ID of the
current process. If privilege groups are supported and the user has
the privilege, the file can be given to any group.
If the path given to contains a symbolic link as the last element, this
link is traversed and path name resolution continues. changes the
owner and group of the symbolic link's target, rather than the owner
and group of the link.
The system call functions exactly like except that it operates on a
file descriptor instead of a path name. fildes is a file descriptor.
The system call sets the owner ID and group ID of the named file just
as does, except in the case where the named file is a symbolic link.
In this case, changes the owner and group of the symbolic link file
itself.
Access Control Lists - HFS File Systems Only
A user can allow or deny specific individuals and groups access to a
file by using the file's access control list (see acl(5)). When using
in conjunction with HFS ACLs, if the new owner and/or group does not
have an optional ACL entry corresponding to and/or in the file's access
control list, the file's access permission bits remain unchanged. How‐
ever, if the new owner and/or group is already designated by an
optional ACL entry of and/or %.group, sets the file's permission bits
(and the three basic ACL entries) to the permissions contained in that
entry.
Access Control Lists - JFS File Systems Only
A user can allow or deny specific individuals and groups access to a
file by using the file's access control list (see aclv(5)). When using
in conjunction with JFS ACLs, if the new owner and/or group of a file
have optional ACL entries corresponding to and/or in the file's access
control list, those entries remain in the ACL but no longer have any
effect, being superseded by the file's and/or entries.
Security Restrictions
Only processes with an effective user ID equal to the file owner or a
user with the privilege can change the ownership of a file. If privi‐
lege groups are supported, the owner of a file can change the ownership
only as a member of a privilege group allowing as set up by the command
(see setprivgrp(1M)). All users get the privilege by default.
When a process changes the ownership or group of a file, the file sys‐
tem may clear the set-user-ID and set-group-ID bits.
See privileges(5) for more information about privileged access on sys‐
tems that support fine-grained privileges.
RETURN VALUE
and return the following values:
Successful completion.
Failure.
The owner and group of the file remain unchanged. is set
to indicate the error.
ERRORS
If or fails, is set to one of the following values:
Search permission is denied on a component of the path prefix.
path points outside the allocated address space of the
process. The reliable detection of this error is
implementation dependent.
Too many symbolic links were encountered in translating
path.
A component of path exceeds bytes while is in effect, or path
exceeds bytes.
The file named by
path does not exist.
A component of the path prefix is not a directory.
Either owner or group is greater than or equal to or is
an illegal negative value.
The effective user ID is not a user with
privilege and one or more of the following condi‐
tions exist:
· The effective user ID does not match the owner
of the file.
· When changing the owner of the file, the owner
of the file is not a member of a privilege
group allowing the privilege.
· When changing the group of the file, the owner
of the file is not a member of a privilege
group allowing the privilege and the group
number is not in the current process's access
list.
The named file resides on a read-only file system.
If fails, is set to one of the following values:
fildes is not a valid file descriptor.
Either owner or group is greater than or equal to or is
an illegal negative value.
The effective user ID is not a user
having privilege and one or more of the following
conditions exist:
· The effective user ID does not match the owner
of the file.
· When changing the owner of the file, the owner
of the file is not a member of a privilege
group allowing the privilege.
· When changing the group of the file, the owner
of the file is not a member of a privilege
group allowing the privilege and the group
number is not in the current process's access
list.
The named file resides on a read-only file system.
AUTHOR
was developed by AT&T.
was developed by the University of California, Berkeley.
SEE ALSOchown(1), setprivgrp(1M), chmod(2), setacl(2), acl(5), aclv(5), lim‐
its(5), privileges(5).
STANDARDS CONFORMANCEchown(2)