Skip to content

fchown

Intro

fchown - changes the owner and group of the specified file descriptor.

Description

fchown changes the owner of the file referred to by the open file descriptor fd to owner and the group to group. The effective user ID of the calling process must match the owner of the file, or the caller must be privileged. Note that in order to change the owner of a file, the caller must have the CAP_CHOWN capability in the user namespace that governs its execution.

fchown can be used instead of chown if it is necessary to work with an existing open file descriptor instead of relying on a file path.

Arguments

  • fd:int - file descriptor referring to the file to change ownership.
  • owner:uid_t - the user ID of the new owner.
  • group:gid_t - the group ID of the new group.

Available Tags

  • K - Originated from kernel-space.
  • U - Originated from user space (for example, pointer to user space memory used to get it)
  • TOCTOU - Vulnerable to TOCTOU (time of check, time of use)
  • OPT - Optional argument - might not always be available (passed with null value)

Hooks

sys_chown

Type

Kprobe

Purpose

To track changes of file ownership.

Example Use Case

An application that provides file access control has the need to track changes of the owner of files, in order to update the access control list accordingly. By hooking fchown, this application can capture this information with ease.

Issues

No known issues.

  • chown: Similar event, based on a file name instead of a file descriptor.
  • fchmod: Changes the mode of the file referred to by the open file descriptor fd. Might be related since permissions rely on owner and group of a file.

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.