Skip to content



chown - changes the owner and group of a file or directory


The chown() function changes the user and/or group ownership of a given file or directory. It is only available to users with appropriate permissions or with elevated privileges. The owner and group are changed to the numeric values provided.


  • pathname:const char* - the pathname of the file or directory whose ownership is to be changed.
  • owner:uid_t - the numerical user ID of the new owner. A value of -1 will not change the owner of the file.
  • group:gid_t - the numerical group ID of the new group. A value of -1 will not change the group of the file.

Available Tags

  • K - Originated from kernel-space.
  • U - Originated from user space (for example, pointer to user space memory used to get it)
  • TOCTOU - Vulnerable to TOCTOU (time of check, time of use)
  • OPT - Optional argument - might not always be available (passed with null value)






Hooking this function allows to monitor the chown() system call and its parameters in order to track changes in file and directory ownership.

Example Use Case

An example of when chown() might be useful is when a privileged user needs to change ownership of a directory or its files to a different user.


Care should be taken when using chown() with setuid programs as the file ownership can be changed in an unexpected way.

  • chmod - changes the permissions of a file or directory.

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.