fchown¶

Intro¶

fchown - change the owner and group of a file, using a file descriptor.

Description¶

The fchown() system call is used to change the owner and group of a specified file or directory, using a file descriptor to identify the file or directory. The new owner and group are specified by the owner and group arguments respectively.

Arguments¶

fd:int[K] - The file descriptor of the file or directory whose owner and group are to be changed.
owner:uid_t[K] - User identifier of the new owner.
group:gid_t[K] - Group identifier of the new group.

Available Tags¶

K - Originated from kernel-space.
U - Originated from user space.
TOCTOU - Vulnerable to TOCTOU (time of check, time of use).
OPT - Optional argument - might not always be available (passed with null value).

Hooks¶

sys_fchown¶

Type¶

Tracepoint (through sys_enter).

Purpose¶

To observe and trace when the fchown() system call is performed, collecting information about the file or directory, and the new owner and group.

Example Use Case¶

Monitoring changes in file or directory ownership in a system, especially in scenarios where file descriptors are used instead of file pathnames.

Issues¶

Unlike chown(), the fchown() system call uses a file descriptor, which can provide a level of safety against TOCTOU (time of check, time of use) issues as the file descriptor references the actual object and not the pathname.

chown()
fchownat()
lchown()

This document was automatically generated by OpenAI and reviewed by a Human.