>>-fchmod--fd--mode--+----------------------------+------------><
'-setuid--setgid--+--------+-'
'-sticky-'
Function
fchmod invokes the fchmod callable service to change the
mode of a file or directory indicated by a file descriptor. The file
descriptor is specified by a number.
Parameters
- fd
- The file descriptor for the file or directory.
- mode
- A three- or four-digit number, corresponding to the access permission
bits. Each digit must be in the range 0–7,
and at least three digits must be specified. For more information
on permissions, see Setting permissions for files and directories.
- setuid
- Sets the set-user-ID-on-execution permission. Specify 1 to
set this permission on, or 0 to set it off. The default
is 0.
- setgid
- Sets the set-group-ID-on-execution permission. Specify 1 to
set this permission on, or 0 to set it off. The default
is 0.
- sticky
- Sets the sticky bit to indicate where the file should be fetched
from. If the file resides in the link pack area (LPA), link list,
or STEPLIB, specify 1. The default is 0.
Usage notes
- One bit sets permission for set-user-ID on access, set-group-ID
on access, or the sticky bit. You can set
this bit in either of two ways:
- Specifying four digits on the mode parameter; the first
digit sets the bit.
- Specifying the setuid, setgid, or sticky parameters.
- When a chmod or fchmod has occurred for an open
file, fstat reflects the change in mode. However, no change
in access authorization is apparent when the file is accessed through
a previously opened file descriptor.
- For mode bits to be changed, the effective UID of the caller must
match the file's owner UID, or the caller must be a superuser.
- When the mode is changed successfully, the file's change
time is also updated.
- Setting the set-group-ID-on-execution permission means that when
this file is run, through the exec service, the effective GID of the
caller is set to the file's owner GID, so that the caller seems to
be running under the GID of the file, rather than that of the actual
invoker.
The set-group-ID-on-execution permission is set to zero
if both of the following are true:
- The caller does not have appropriate privileges.
- The GID of the file's owner does not match the effective GID or
one of the supplementary GIDs of the caller.
- Setting the set-user-ID-on-execution permission means that when
this file is run, the process's effective UID is set to the file's
owner UID, so that the process seems to be running under the UID of
the file's owner, rather than that of the actual invoker.
Example
In the following example, assume that
fd was assigned
a value earlier in the exec. This changes the mode for the file identified
by the file descriptor so that only a superuser can access the file:
"fchmod (fd) 000"