DESCRIPTION
These system calls change the owner and group of a file. The chown(), fchown(), and lchown() system calls differ only in how the file is specified:
• chown() changes the ownership of the file specified by pathname, which is dereferenced if it is a symbolic link. • fchown() changes the ownership of the file referred to by the open file descriptor fd. • lchown() is like chown(), but does not dereference symbolic links.
Only a privileged process (Linux: one with the CAP_CHOWN capability) may change the owner of a file. The owner of a file may change the group of the file to any group of which that owner is a member. A privileged process (Linux: with CAP_CHOWN) may change the group arbitrarily.
If the owner or group is specified as -1, then that ID is not changed.
When the owner or group of an executable file is changed by an unprivileged user, the S_ISUID and S_ISGID mode bits are cleared. POSIX does not specify whether this also should happen when root does the chown(); the Linux behavior depends on the kernel version, and since Linux 2.2.13, root is treated like other users. In case of a non-group-executable file (i.e., one for which the S_IXGRP bit is not set) the S_ISGID bit indicates mandatory locking, and is not cleared by a chown().
When the owner or group of an executable file is changed (by any user), all capability sets for the file are cleared.
fchownat()
The fchownat() system call operates in exactly the same way as chown(), except for the differences described here.
If the pathname given in pathname is relative, then it is interpreted relative to the directory referred to by the file descriptor dirfd (rather than relative to the current working directory of the calling process, as is done by chown() for a relative pathname).
If pathname is relative and dirfd is the special value AT_FDCWD, then pathname is interpreted relative to the current working directory of the calling process (like chown()).
If pathname is absolute, then dirfd is ignored.
The flags argument is a bit mask created by ORing together 0 or more of the following values;
AT_EMPTY_PATH (since Linux 2.6.39) If pathname is an empty string, operate on the file referred to by dirfd (which may have been obtained using the open(2) O_PATH flag). In this case, dirfd can refer to any type of file, not just a directory. If dirfd is AT_FDCWD, the call operates on the current working directory. This flag is Linux-specific; define _GNU_SOURCE to obtain its definition. AT_SYMLINK_NOFOLLOW If pathname is a symbolic link, do not dereference it: instead operate on the link itself, like lchown(). (By default, fchownat() dereferences symbolic links, like chown().)
See openat(2) for an explanation of the need for fchownat().
RETURN VALUE
On success, zero is returned. On error, -1 is returned, and errno is set to indicate the error.
ERRORS
Depending on the filesystem, errors other than those listed below can be returned.
The more general errors for chown() are listed below.
EACCES Search permission is denied on a component of the path prefix. (See also path_resolution(7).) EBADF (fchown()) fd is not a valid open file descriptor. EBADF (fchownat()) pathname is relative but dirfd is neither AT_FDCWD nor a valid file descriptor. EFAULT pathname points outside your accessible address space. EINVAL (fchownat()) Invalid flag specified in flags. EIO (fchown()) A low-level I/O error occurred while modifying the inode. ELOOP Too many symbolic links were encountered in resolving pathname. ENAMETOOLONG pathname is too long. ENOENT The file does not exist. ENOMEM Insufficient kernel memory was available. ENOTDIR A component of the path prefix is not a directory. ENOTDIR (fchownat()) pathname is relative and dirfd is a file descriptor referring to a file other than a directory. EPERM The calling process did not have the required permissions (see above) to change owner and/or group. EPERM The file is marked immutable or append-only. (See ioctl_iflags(2).) EROFS The named file resides on a read-only filesystem.
VERSIONS
The 4.4BSD version can be used only by the superuser (that is, ordinary users cannot give away files).
STANDARDS
HISTORY
NOTES
Ownership of new files
When a new file is created (by, for example, open(2) or mkdir(2)), its owner is made the same as the filesystem user ID of the creating process. The group of the file depends on a range of factors, including the type of filesystem, the options used to mount the filesystem, and whether or not the set-group-ID mode bit is enabled on the parent directory. If the filesystem supports the -o grpid (or, synonymously -o bsdgroups) and -o nogrpid (or, synonymously -o sysvgroups) mount(8) options, then the rules are as follows:
• If the filesystem is mounted with -o grpid, then the group of a new file is made the same as that of the parent directory. • If the filesystem is mounted with -o nogrpid and the set-group-ID bit is disabled on the parent directory, then the group of a new file is made the same as the process’s filesystem GID. • If the filesystem is mounted with -o nogrpid and the set-group-ID bit is enabled on the parent directory, then the group of a new file is made the same as that of the parent directory.
As at Linux 4.12, the -o grpid and -o nogrpid mount options are supported by ext2, ext3, ext4, and XFS. Filesystems that don’t support these mount options follow the -o nogrpid rules.
glibc notes
On older kernels where fchownat() is unavailable, the glibc wrapper function falls back to the use of chown() and lchown(). When pathname is a relative pathname, glibc constructs a pathname based on the symbolic link in /proc/self/fd that corresponds to the dirfd argument.
NFS
The chown() semantics are deliberately violated on NFS filesystems which have UID mapping enabled. Additionally, the semantics of all system calls which access the file contents are violated, because chown() may cause immediate access revocation on already open files. Client side caching may lead to a delay between the time where ownership have been changed to allow access for a user and the time where the file can actually be accessed by the user on other clients.
Historical details
The original Linux chown(), fchown(), and lchown() system calls supported only 16-bit user and group IDs. Subsequently, Linux 2.4 added chown32(), fchown32(), and lchown32(), supporting 32-bit IDs. The glibc chown(), fchown(), and lchown() wrapper functions transparently deal with the variations across kernel versions.
Before Linux 2.1.81 (except 2.1.46), chown() did not follow symbolic links. Since Linux 2.1.81, chown() does follow symbolic links, and there is a new system call lchown() that does not follow symbolic links. Since Linux 2.1.86, this new call (that has the same semantics as the old chown()) has got the same syscall number, and chown() got the newly introduced number.
EXAMPLES
The following program changes the ownership of the file named in its second command-line argument to the value specified in its first command-line argument. The new owner can be specified either as a numeric user ID, or as a username (which is converted to a user ID by using getpwnam(3) to perform a lookup in the system password file).
Program source
#include #include #include #include int main(int argc, char *argv[]) <
char *endptr;
uid_t uid;
struct passwd *pwd;
if (argc != 3 || argv[1][0] == '\0') <
fprintf(stderr, "%s \n", argv[0]);
exit(EXIT_FAILURE);
>
uid = strtol(argv[1], &endptr, 10); /* Allow a numeric string */
if (*endptr != '\0') < /* Was not pure numeric string */
pwd = getpwnam(argv[1]); /* Try getting UID for username */
if (pwd == NULL) <
perror("getpwnam");
exit(EXIT_FAILURE);
>
uid = pwd->pw_uid;
>
if (chown(argv[2], uid, -1) == -1) <
perror("chown");
exit(EXIT_FAILURE);
>
exit(EXIT_SUCCESS); >
SEE ALSO
Package name: core/man-pages Version: 6.04-1 Upstream: https://www.kernel.org/doc/man-pages/ Licenses: GPL, custom Manuals: /listing/core/man-pages/ Table of contents
Powered by archmanweb, using mandoc for the conversion of manual pages.
The website is available under the terms of the GPL-3.0 license, except for the contents of the manual pages, which have their own license specified in the corresponding Arch Linux package.
chown is not changing symbolic link
But it’s not changing. I’m logged in as root. The current user/group is set to root:root. What went wrong?
Which operating system do you use?Acoording to the manaul page,-h option takes affect only on systems that can change the ownership of symbolic link.
Anything that ends with / is a directory. You mean mysymbolic , which is the symbolic link, not mysymbolic/ which is probably the directory it points to.
10 Answers 10
I was putting a slash in the end of target:
chown -h myuser:mygroup mysymbolic/ just removed the slash in the end and works. Here’s the correct way:
chown -h myuser:mygroup mysymbolic I can’t believe after 4 years, I have bumped into my past self suffereing the same problem, the missin ‘-h’!
I’ve tried this myself and it works for me. If you have the -h it changes the owner of the symbolic link, but if you dont then it changes the owner of the file itself and not the link.
But it doesnt seem to work of the symbolic link is linked to a directory
For what it’s worth, the man page on OS X is a lot clearer on the -h option than the one on (Arch) Linux. “-h If the file is a symbolic link, change the user ID and/or the group ID of the link itself.” vs. “-h, —no-dereference affect symbolic links instead of any referenced file (useful only on systems that can change the ownership of a symlink)”
I was unable to chown a directory even with -h but using the full path worked.
# ls -al drwxr-xr-x 2 deploy deploy 4096 Dec 30 10:29 . drwxr-xr-x 3 deploy deploy 4096 Dec 30 08:59 .. lrwxrwxrwx 1 root root 32 Dec 30 09:02 apps -> /u/apps/ # chown -h deploy:deploy apps # ls -al drwxr-xr-x 2 deploy deploy 4096 Dec 30 10:29 . drwxr-xr-x 3 deploy deploy 4096 Dec 30 08:59 .. lrwxrwxrwx 1 root root 32 Dec 30 09:02 apps -> /u/apps/ # chown -h deploy:deploy apps/ # ls -al drwxr-xr-x 2 deploy deploy 4096 Dec 30 10:29 . drwxr-xr-x 3 deploy deploy 4096 Dec 30 08:59 .. lrwxrwxrwx 1 root root 32 Dec 30 09:02 apps -> /u/apps/ # pwd /var/www/html # chown -h deploy:deploy /var/www/html/apps # ls -al drwxr-xr-x 2 deploy deploy 4096 Dec 30 10:29 . drwxr-xr-x 3 deploy deploy 4096 Dec 30 08:59 .. lrwxrwxrwx 1 deploy deploy 32 Dec 30 09:02 apps -> /u/apps/ Is the target a file or a directory?
If it is a directory then try -H (upper case H)
Sorry for the thread necromancy, but I’d like to point out that the correct syntax is with the lowercase ‘h’.
chown -h myuser:mygroup [without trailing slash] should be enough and work!
Recreate that link by myuser at myuser’s home, and mv this link to the target location by sudo.
For example: (as myuser), ln -s somedir/ linkname (will be a broken link if somedir/ doesn’t exist in user’s directory)
Then, sudo mv linkname targetlocation (will become a valid link provided targetlocation/somedir/ exists)
Your answer is without detail and hard to fully understand. Please consider revising your answer to provide more detail.
I had a similar problem. For me, I could not chmod the symbolic link even as root regardless how I called chmod. To add confusion to this, nautilus was showing the owner/group as nothing. The owner was just blank. So I tried to change the symbolic link using nautilus running as root since chmod wasn’t working and nautilus crashed!!
But I think I figured out the problem. The directory the symbolic link was pointing to had different permissions than the symbolic link. So I chmod’ed the target directory (using -h) to my user/group name. Then chmod’ed the symbolic link to the same and it worked! And viewing the symbolic link’s details in nautilus (with root permissions) now no longer crashes.
So for others having a similar problem, check the permissions of the target directory/file and make sure it is compatible with the permissions you are setting the symbolic link to.