# chmod returns Operation not permitted



## marian_cerny (Nov 6, 2013)

When I call chmod on a new FreeBSD 9.2 server with ZFS on a directory that I am *not* an *owner*, I get `Operation not permitted` even when I am setting the *same permissions*.


```
user1@server:~ % uname -srmi
FreeBSD 9.2-RELEASE amd64 GENERIC

user1@server:~ % ls -ld /var/log
drwxr-xr-x  3 root  wheel  27 Nov  4 01:00 /var/log

user1@server:~ % chmod 750 /var/log
chmod: /var/log: Operation not permitted
```

It works fine (no error message is written) on FreeBSD 7.2, 8.2, 9.2-RC4 with UFS as well as on 8.x with ZFS. Has the behavior changed with FreeBSD 9.2+ZFS or is it something specific to my configuration? Thanks for any tips.


----------



## phoenix (Nov 6, 2013)

Are you positive it worked before?  I've never been able to change permissions on files or directories I didn't own.  It goes against the basic principles of file ownership.


----------



## marian_cerny (Nov 6, 2013)

Yes, it worked before. I am not trying to change permissions. I am setting the exact same permissions which was a NOP before but now it somehow tries to change the permissions.

On FreeBSD 7.2:


```
user1@server:~ % chmod -vv 755 /var/log

root@server:~ # chmod -vv 755 /var/log
```

On FreeBSD 9.2:


```
user1@server:~ % chmod -vv 755 /var/log
chmod: /var/log: Operation not permitted

root@server:~ # chmod -vv 755 /var/log
/var/log: 040755 [drwxr-xr-x ] -> 040755 [drwxr-xr-x ]
```

Of course it should not possible to change the permissions of files or directories that are not owned by the user. I am trying to find out why the behavior has changed when setting the exact same permissions (for files or directories that are not owned by the user).


----------



## marian_cerny (Nov 7, 2013)

*Solved*

The reason why it behaves differently is because FreeBSD now support NFSv4 ACLs on ZFS. There is an exception for NFSv4 ACLs in bin/chmod/chmod.c that calls chmod() even when the permissions do not change.


```
/*
                * With NFSv4 ACLs, it is possible that applying a mode
                * identical to the one computed from an ACL will change
                * that ACL.
                */
               if (may_have_nfs4acl(p, hflag) == 0 &&
                   (newmode & ALLPERMS) == (p->fts_statp->st_mode & ALLPERMS))
                               continue;
```


----------

