fchmodat - change permissions of a file in a given directory
fchmodat system call is used to change the file mode (file-permission bits) of a given file relative to a directory file descriptor. The
fchmodat takes four arguments:
- A directory file descriptor (
- A relative pathname of the file to be modified (
- An octal
mode value corresponding to the desired file permission bits
- A flag (
flags) indicating whether the file permission should follow symlinks or not
mode argument is a set of permission bits defined by POSIX and assigns read, write and execute permissions to the file's owner, file's group and other users respectively. The
flags argument allows the caller to specify whether the file permission should follow symbolic links or not.
int[K] - The directory file descriptor.
const char*[K] - The relative pathname of the file to be modified.
mode_t[K] - An octal number containing the desired permission bits for the file.
int[K] - Flag specifying whether the file permission should follow symlinks or not.
- K - Originated from kernel-space.
Monitor changes to file permissions in a given directory.
Example Use Case¶
An application that needs to audit changes in file system permissions in a given directory. By hooking the
fchmodat system call, changes in the file permissions can be monitored in real-time and useful information such as the process ID that initiated the changes can be quickly extracted.
pathname argument is a relative pathname, it is vulnerable to the TOCTOU (Time-of-check, Time-of-use) bug and the behavior is undefined if a file described by the
pathname is changed after the system call is initiated.
- fchmod - change permissions of a file by its pathname.
- umask - Set file mode creation mask.
This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.