Next: Testing Permission to Access a File, Previous: How Your Access to a File is Decided, Up: File Attributes [Contents][Index]
The primitive functions for creating files (for example, open
or
mkdir
) take a mode argument, which specifies the file
permissions to give the newly created file. This mode is modified by
the process’s file creation mask, or umask, before it is
used.
The bits that are set in the file creation mask identify permissions that are always to be disabled for newly created files. For example, if you set all the “other” access bits in the mask, then newly created files are not accessible at all to processes in the “other” category, even if the mode argument passed to the create function would permit such access. In other words, the file creation mask is the complement of the ordinary access permissions you want to grant.
Programs that create files typically specify a mode argument that includes all the permissions that make sense for the particular file. For an ordinary file, this is typically read and write permission for all classes of users. These permissions are then restricted as specified by the individual user’s own file creation mask.
To change the permission of an existing file given its name, call
chmod
. This function uses the specified permission bits and
ignores the file creation mask.
In normal use, the file creation mask is initialized by the user’s login
shell (using the umask
shell command), and inherited by all
subprocesses. Application programs normally don’t need to worry about
the file creation mask. It will automatically do what it is supposed to
do.
When your program needs to create a file and bypass the umask for its
access permissions, the easiest way to do this is to use fchmod
after opening the file, rather than changing the umask. In fact,
changing the umask is usually done only by shells. They use the
umask
function.
The functions in this section are declared in sys/stat.h.
Preliminary: | MT-Safe | AS-Safe | AC-Safe | See POSIX Safety Concepts.
The umask
function sets the file creation mask of the current
process to mask, and returns the previous value of the file
creation mask.
Here is an example showing how to read the mask with umask
without changing it permanently:
mode_t read_umask (void) { mode_t mask = umask (0); umask (mask); return mask; }
However, on GNU/Hurd systems it is better to use getumask
if
you just want to read the mask value, because it is reentrant.
Preliminary: | MT-Safe | AS-Safe | AC-Safe | See POSIX Safety Concepts.
Return the current value of the file creation mask for the current process. This function is a GNU extension and is only available on GNU/Hurd systems.
Preliminary: | MT-Safe | AS-Safe | AC-Safe | See POSIX Safety Concepts.
The chmod
function sets the access permission bits for the file
named by filename to mode.
If filename is a symbolic link, chmod
changes the
permissions of the file pointed to by the link, not those of the link
itself.
This function returns 0
if successful and -1
if not. In
addition to the usual file name errors (see File Name Errors), the following errno
error conditions are defined for
this function:
ENOENT
The named file doesn’t exist.
EPERM
This process does not have permission to change the access permissions of this file. Only the file’s owner (as judged by the effective user ID of the process) or a privileged user can change them.
EROFS
The file resides on a read-only file system.
EFTYPE
mode has the S_ISVTX
bit (the “sticky bit”) set,
and the named file is not a directory. Some systems do not allow setting the
sticky bit on non-directory files, and some do (and only some of those
assign a useful meaning to the bit for non-directory files).
You only get EFTYPE
on systems where the sticky bit has no useful
meaning for non-directory files, so it is always safe to just clear the
bit in mode and call chmod
again. See The Mode Bits for Access Permission,
for full details on the sticky bit.
Preliminary: | MT-Safe | AS-Safe | AC-Safe | See POSIX Safety Concepts.
This is like chmod
, except that it changes the permissions of the
currently open file given by filedes.
The return value from fchmod
is 0
on success and -1
on failure. The following errno
error codes are defined for this
function:
EBADF
The filedes argument is not a valid file descriptor.
EINVAL
The filedes argument corresponds to a pipe or socket, or something else that doesn’t really have access permissions.
EPERM
This process does not have permission to change the access permissions of this file. Only the file’s owner (as judged by the effective user ID of the process) or a privileged user can change them.
EROFS
The file resides on a read-only file system.
Next: Testing Permission to Access a File, Previous: How Your Access to a File is Decided, Up: File Attributes [Contents][Index]