 |
Click this button to go to the index for this section. |
chmod(1)
NAME
chmod - Changes permission codes
SYNOPSIS
Absolute Mode
chmod [-fR] absolute_mode file...
Symbolic Mode
chmod [-fR] [who]+permission ... file...
chmod [-fR] [who]-permission ... file...
chmod [-fR] [who] = [permission]... file...
The chmod command modifies the read, write, and execute permissions of
specified files and the search permissions of specified directories.
STANDARDS
Interfaces documented on this reference page conform to industry standards
as follows:
chmod: XPG4, XPG4-UNIX
Refer to the standards(5) reference page for more information about
industry standards and associated tags.
OPTIONS
-f [DIGITAL] Does not report an error if chmod fails to change the mode
on a file.
-R Causes chmod to recursively descend its directory arguments, setting
the mode for each file as described in the sections Symbolic Mode and
Absolute Mode. When symbolic links are encountered, their mode is not
changed and they are not traversed.
OPERANDS
file
Pathname of the file that is to have the permission bits modified.
absolute_mode
Octal permission_code for setting the file permissions. This code is
formed as described under Absolute Mode in the DESCRIPTION section.
who Specifies whether permissions are being defined for a user, group, or
all others. This operand is more fully described under Symbolic Mode
in the DESCRIPTION Section.
+ | - | =
Specifies the operation to be performed on the permissions being
defined. This operand is more fully described under Symbolic Mode in
the DESCRIPTION Section.
Permission
Specifies the permissions being defined. This operand is more fully
described under Symbolic Mode in the DESCRIPTION Section.
DESCRIPTION
You can use either symbolic or absolute mode to specify the desired
permission settings.
You can change the permission code of a file or directory only if you own
it or if you have superuser authority.
[DIGITAL] If a named file is a symbolic link, chmod changes the mode of
the link's target file unless the -R option is used. If the -R option is
used, chmod leaves links and their target files untouched.
Symbolic Mode
A symbolic mode has the form:
[who] operation permission [operation permission] ...
The who argument specifies whether you are defining permissions for a user,
group, or all others, or any combination of these. The operation argument
specifies whether the permission is being added, taken away, or assigned
absolutely. The permission argument identifies the operation that the
specified users can perform on file.
Valid options for the who argument are as follows:
u User (owner)
g Group
o All others
a User, group, and all others (same effect as the combination ugo)
[DIGITAL] If the who argument is omitted, the default is a, but the
setting of the file creation mask, umask (see umask(1), csh, ksh, sh), is
applied.
Valid options for the operation argument are as follows:
- Removes specified permissions.
+ Adds specified permissions.
= Clears the selected permission field and sets it to the code specified.
If you do not specify a permission code following =, chmod removes all
permissions from the selected field.
Valid options for the permission argument are as follows:
r Read permission.
w Write permission.
x Execute permission for files, search permission for directories.
X Execute permission only if file is a directory or at least one execute
bit is set.
s Set-user-ID or set-group-ID permission.
This permission bit sets the effective user ID or group ID to that of
the owner or group owner of file whenever the file is run. Use this
permission setting in combination with the u or g option to allow
temporary or restricted access to files not normally accessible to
other users. An s appears in the user or group execute position of a
long listing (see ls) to show that the file runs with set-user-ID or
set-group-ID permission.
t [DIGITAL] Save text permission.
[DIGITAL] In earlier versions of the UNIX system, setting this
permission bit caused the text segment of a program to remain in
virtual memory after its first use. The system thus avoided having to
transfer the program code of frequently accessed programs into the
paging area. A t appears in the execute position of the all others
option to indicate that the file has this bit (the sticky bit) set.
[DIGITAL] If a directory has this bit set, then deletion in it is
restricted. An entry in a sticky directory can be removed or renamed
by a user only if the user has write permission for the directory and
the user is the owner of the file, the owner of the directory, or the
superuser.
l [DIGITAL] Mandatory locking.
[DIGITAL] Mandatory file and record locking refers to a file's ability
to have read and write permissions locked while another program is
accessing that file. It is not possible to permit group execution and
enable a file to be locked on an execution at the same time. In
addition, it is not possible to turn on the set-group-ID bit and enable
a file to be locked on execution at the same time. In order to turn on
a file's set-group-ID bit, your own group ID must correspond to the
file's and group execution must be set.
The u, g, and o options indicate that permission is to be taken from the
current mode. Omitting permission is only useful with = to take away all
permissions.
All permission bits not explicitly specified are cleared.
You can specify multiple symbolic modes, separated with commas. Do not
separate items in this list with spaces. Operations are performed in the
order they appear from left to right.
Absolute Mode
Absolute mode lets you use octal notation to set each bit in the permission
code. The chmod command sets the permissions to the permission_code you
provide. The permission_code is constructed by combining (logical OR) the
following values:
4000
Sets user ID on execution.
2000
Sets group ID on execution.
1000
[DIGITAL] Sets the sticky bit, which does the following:
·
[DIGITAL] Retains memory image after execution (executable file)
·
[DIGITAL] Restricts file removal (directory file)
[DIGITAL] You must have appropriate privileges to set the sticky bit.
See chmod(2).
0400
Permits read by owner.
0200
Permits write by owner.
0100
Permits execute or search by owner.
0040
Permits read by group.
0020
Permits write by group.
0010
Permits execute or search by group.
0004
Permits read by others.
0002
Permits write by others.
0001
Permits execute or search by others.
System V Compatibility
[DIGITAL] The root of the directory tree that contains the commands
modified for SVID 2 compliance is specified in the file /etc/svid2_path.
You can use /etc/svid2_profile as the basis for, or to include in, your
.profile. The file /etc/svid2_profile reads /etc/svid2_path and sets the
first entries in the PATH environment variable so that the modified SVID 2
commands are found first.
[DIGITAL] The SVID 2 compliant version of the chmod command ignores the
umask value if who is not specified in the symbolic mode of the command
(chmod [who] operation permission). In other words, if you omit who from
the chmod command line, the version of the command that is compliant with
the SVID 2 standard behaves exactly as if you specified the character a as
the value for who. The version of the chmod command that is SVID 2
compliant also supports equivalents in absolute mode for the s permission
in symbolic mode. In absolute mode, setting the bits 04000 represents
set-user-ID and setting the bits 02000 represents set-group-ID.
NOTES
The correspondence between octal value and mode bit is given in the
following table.
__________________________________________________________
Octal Value Symbolic Mode Meaning
__________________________________________________________
S_ISUID 4000 set user id on execution
S_ISGID 2000 set group id on execution
S_IRUSR 0400 read permission: owner
S_IWUSR 0200 write permission: owner
S_IXUSR 0100
execute/search permission:
owner
S_IRGRP 0040 read permission: group
S_IWGRP 0020 write permission: group
S_IXGRP 0010
execute/search permission:
group
S_IROTH 0004 read permission: other
S_IWOTH 0002 write permission: other
S_IXOTH 0001
execute/search permission:
other
__________________________________________________________
EXIT STATUS
The following exit values are returned:
0 Successful completion.
>0 An error occurred.
EXAMPLES
1. To add a type of permission to several files, enter:
chmod g+w chap1 chap2
This adds write permission for group members to the files chap1 and
chap2.
2. To make several permission changes at once, enter:
chmod go-w+x mydir
This denies group members and others the permission to create or
delete files in mydir (go-w). It allows them to search mydir or use
it in a pathname (go+x). This is equivalent to the following command
sequence:
chmod g-w mydir
chmod o-w mydir
chmod g+x mydir
chmod o+x mydir
3. To permit only the owner to use a shell procedure as a command, enter:
chmod u=rwx,go= cmd
This gives read, write, and execute permission to the user who owns
the file (u=rwx). It also denies the group and others the permission
to access cmd in any way (go=).
If you have permission to execute the cmd shell command file, you can
run it by entering:
cmd
or
./cmd
4. To use set-ID modes, enter:
chmod ug+s cmd
When cmd is executed, this causes the effective user and group IDs to
be set to those that own the file cmd. Only the effective IDs
associated with the subprocess that runs cmd are changed. The
effective IDs of the shell session remain unchanged.
This feature allows you to permit restricted access to important
files. Suppose that the file cmd has the set-user-ID mode enabled and
is owned by a user called dbms. Although dbms is not actually a
person, it might be associated with a database management system. The
user betty does not have permission to access any of dbms's data
files. However, she does have permission to execute cmd. When she
does so, her effective user ID is temporarily changed to dbms, so that
the cmd program can access the data files owned by dbms.
This way betty can use cmd to access the data files, but she cannot
accidentally damage them with the standard shell commands.
5. To use the absolute mode form of the chmod command, enter:
chmod 644 text
This sets read and write permission for the owner, and it sets read-
only mode for the group and all others.
ENVIRONMENT VARIABLES
The following environment variables affect the execution of chmod:
LANG
Provides a default value for the internationalization variables that
are unset or null. If LANG is unset or null, the corresponding value
from the default locale is used. If any of the internationalization
variables contain an invalid setting, the utility behaves as if none of
the variables had been defined.
LC_ALL
If set to a non-empty string value, overrides the values of all the
other internationalization variables.
LC_CTYPE
Determines the locale for the interpretation of sequences of bytes of
text data as characters (for example, single-byte as opposed to
multibyte characters in arguments).
LC_MESSAGES
Determines the locale for the format and contents of diagnostic
messages written to standard error.
NLSPATH
Determines the location of message catalogues for the processing of
LC_MESSAGES.
FILES
usr/include/sys/mode.h
[DIGITAL] Defines the correspondence between symbolic codes and octal
mode values.
SEE ALSO
Commands: chgrp(1), chown(1), csh(1), ksh(1), ls(1), Bourne shell sh(1b),
POSIX shell sh(1p), umask(1)
Functions: chown(2), chmod(2), stat(2), umask(2)
Standards: standards(5)