lchown16¶

Intro¶

lchown16 - the lchown16() function changes the ownership and group of the file referenced by pathname to the numeric uid and gid.

Description¶

The lchown16() function is a system call used to change the user ID and group ID of the file referenced by pathname. This can only be done by the user who owns the file or by the superuser. It does not affect symbolic links. This system call does not dereference pathname, so the ownership of a symbolic link itself is modified rather than the file referenced.

This system call applies to Linux systems with an old 32-bit user ID space and should not be used on current systems.

Arguments¶

pathname:const char*[K] - Path of the file to change the owner and group.
owner:old_uid_t[K] - Numeric ID of the owner.
group:old_gid_t[K] - Numeric ID of the group.

Available Tags¶

K - Originated from kernel-space.

Hooks¶

sys_lchown16¶

Type¶

Kprobes.

Purpose¶

Hook this function to monitor ownership changes of files on the system.

Example Use Case¶

This system call can be used by an application to make sure that a file or directory has the expected user and group ownership before it is created.

Issues¶

The lchown16() system call should not be used on current systems with the new 64-bit user ID and group ID spaces.

chown() - similar system call for files in the current ID space.
stat() - used to get file and ownership information.
geteuid() - used to get the effective user ID.

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.