HP-UX Reference (11i v2 07/12) - 2 System Calls (vol 5)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

chmod(2) chmod(2)

NAME

chmod(), fchmod() - change ﬁle mode access permissions

SYNOPSIS

#include <sys/stat.h>

int chmod(const char *path, mode_t mode);

int fchmod(int fildes, mode_t mode);

DESCRIPTION

The chmod() and fchmod() system calls set the access permission portion of the ﬁle’s mode according

to the bit pattern contained in mode. path points to a path name naming a ﬁle. ﬁldes is a ﬁle descriptor.

The following symbolic constants representing the access permission bits are deﬁned with the indicated

values in

<sys/stat.h> and are used to construct the mode argument. The value of mode is the bit-

wise inclusive OR of the values for the desired permissions.

S_ISUID 04000 Set user ID on execution.

S_ISGID 02000 Set group ID on execution.

S_ENFMT 02000 Record locking enforced.

S_ISVTX 01000 Save text image after execution.

S_IRUSR 00400 Read by owner.

S_IWUSR 00200 Write by owner.

S_IXUSR 00100 Execute (search) by owner.

S_IRGRP 00040 Read by group.

S_IWGRP 00020 Write by group.

S_IXGRP 00010 Execute (search) by group.

S_IROTH 00004 Read by others (that is, anybody else).

S_IWOTH 00002 Write by others.

S_IXOTH 00001 Execute (search) by others.

The mode bit S_ENFMT (same as S_ISGID) is used to enforce ﬁle-locking mode (see lockf(2) and fcntl(2))

on ﬁles that are not group executable. This might affect future calls to

open(), creat(), read(), and

write() on such ﬁles (see open(2), creat(2), read(2), and write(2)).

If an executable ﬁle is prepared for sharing, mode bit

S_ISVTX prevents the system from abandoning the

swap-space image of the program-text portion of the ﬁle when its last user terminates. Then, when the

next user of the ﬁle executes it, the text need not be read from the ﬁle system but can simply be swapped

in, thus saving time.

If the path given to chmod() contains a symbolic link as the last element, this link is traversed and path

name resolution continues. chmod() changes the access mode of the symbolic link’s target, rather than

the access mode of the link.

Access Control Lists - HFS File Systems Only

All optional entries in a ﬁle’s access control list are deleted when chmod()

is executed. (This behavior

conforms to the IEEE Standard POSIX 1003.1-1988.) To preserve optional entries in a ﬁle’s access control

list, it is necessary to save and restore them using

getacl() and setacl() (see getacl(2) and setacl(2)).

To set the permission bits of access control list entries, use

setacl() instead of chmod().

Access Control Lists - JFS File Systems Only

The effective permissions granted by optional entries in a ﬁle’s access control list may be changed when

chmod() is executed. In particular, using chmod() to remove read, write and execute permissions from

a ﬁle’s owner, owning group, and all others works as expected, because chmod() affects the class entry

in the ACL, limiting any access that can be granted to additional users or groups via optional ACL entries.

The effect can be veriﬁed by doing a getacl(1) on the ﬁle after the chmod(), and noting that all optional

(non-default) ACL entries with nonzero permissions also have the comment # effective:---

To set the permission bits of access control list entries, use

setacl() instead of chmod().

For more information on access control list entries, see acl(5) and aclv(5).

Security Restrictions

To change the mode of a ﬁle, the effective user ID of the process must match that of the owner of the ﬁle or

a user with the OWNER privilege.

60 Hewlett-Packard Company − 1 − HP-UX 11i Version 2: December 2007 Update