z/OS Using REXX and z/OS UNIX System Services
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


fchmod

z/OS Using REXX and z/OS UNIX System Services
SA23-2283-00 

Read syntax diagramSkip visual syntax diagram
>>-fchmod--fd--mode--+----------------------------+------------><
                     '-setuid--setgid--+--------+-'   
                                       '-sticky-'     

Function

fchmod invokes the fchmod callable service to change the mode of a file or directory indicated by a file descriptor. The file descriptor is specified by a number.

Parameters

fd
The file descriptor for the file or directory.
mode
A three- or four-digit number, corresponding to the access permission bits. Each digit must be in the range 07, and at least three digits must be specified. For more information on permissions, see Setting permissions for files and directories.
setuid
Sets the set-user-ID-on-execution permission. Specify 1 to set this permission on, or 0 to set it off. The default is 0.
setgid
Sets the set-group-ID-on-execution permission. Specify 1 to set this permission on, or 0 to set it off. The default is 0.
sticky
Sets the sticky bit to indicate where the file should be fetched from. If the file resides in the link pack area (LPA), link list, or STEPLIB, specify 1. The default is 0.

Usage notes

  1. One bit sets permission for set-user-ID on access, set-group-ID on access, or the sticky bit. You can set this bit in either of two ways:
    • Specifying four digits on the mode parameter; the first digit sets the bit.
    • Specifying the setuid, setgid, or sticky parameters.
  2. When a chmod or fchmod has occurred for an open file, fstat reflects the change in mode. However, no change in access authorization is apparent when the file is accessed through a previously opened file descriptor.
  3. For mode bits to be changed, the effective UID of the caller must match the file's owner UID, or the caller must be a superuser.
  4. When the mode is changed successfully, the file's change time is also updated.
  5. Setting the set-group-ID-on-execution permission means that when this file is run, through the exec service, the effective GID of the caller is set to the file's owner GID, so that the caller seems to be running under the GID of the file, rather than that of the actual invoker.
    The set-group-ID-on-execution permission is set to zero if both of the following are true:
    • The caller does not have appropriate privileges.
    • The GID of the file's owner does not match the effective GID or one of the supplementary GIDs of the caller.
  6. Setting the set-user-ID-on-execution permission means that when this file is run, the process's effective UID is set to the file's owner UID, so that the process seems to be running under the UID of the file's owner, rather than that of the actual invoker.

Example

In the following example, assume that fd was assigned a value earlier in the exec. This changes the mode for the file identified by the file descriptor so that only a superuser can access the file: 
"fchmod (fd) 000"
Parent topic: Syscall command descriptions

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014