chmod(1) chmod(1)
chmod - change the permissions mode of a file or directory
chmod [-R] mode file ...
chmod [-R] [ugoa]{+|-|=}[rwxXstl] file ...
The permissions of the named files or directories are changed according
to mode, which may be symbolic or absolute. Absolute changes to
permissions are stated using octal numbers:
chmod nnn file(s)
where n is a number from 0 to 7. Symbolic changes are stated using
mnemonic characters:
chmod a operator b file(s)
where a is one or more characters corresponding to user, group, or other;
where operator is +, -, and =, signifying assignment of permissions; and
where b is one or more characters corresponding to type of permission.
An absolute mode is given as an octal number constructed from the OR of
the following modes:
04000 set user ID on execution
020#0 set group ID on execution if # is 7, 5, 3, or 1
enable mandatory locking if # is 6, 4, 2, or 0
This applies only to regular files. See discussion below
for effect on directories.
01000 sticky bit (see discussion below)
0400 read by owner
0200 write by owner
0100 execute (search in directory) by owner
0070 read, write, execute (search) by group
0007 read, write, execute (search) by others
Symbolic changes are stated using letters that correspond both to access
classes and to the individual permissions themselves. Permissions to a
file may vary depending on your user identification number (UID) or group
identification number (GID). Permissions are described in three
sequences each having three characters:
User Group Other
rwx rwx rwx
This example (meaning that user, group, and others all have reading,
writing, and execution permission to a given file) demonstrates two
categories for granting permissions: the access class and the
Page 1
chmod(1) chmod(1)
permissions themselves.
Thus, to change the mode of a file's (or directory's) permissions using
chmod's symbolic method, use the following syntax for mode:
[ who ] operator [ permission(s) ], ...
A command line using the symbolic method would appear as follows:
chmod g+rw file(s)
This command would make file readable and writable by the group.
The who part can be stated as one or more of the following letters:
u user's permissions
g group's permissions
o others permissions
The letter a (all) is equivalent to ugo.
If who is omitted, the operation applies to all permissions except those
set in the user's umask.
Operator can be + to add permission to the file's mode, - to take away
permission, or = to assign permission absolutely. (Unlike other symbolic
operations, = has an absolute effect in that it resets all other bits.)
Omitting permission is only useful with = to take away all permissions.
Permission is any compatible combination of the following letters:
r reading permission
w writing permission
x execution permission
X execution permission (see below)
s user or group set-ID is turned on
t sticky bit is turned on
l mandatory locking will occur during access
When X appears in permission it is identical to x if the target file is a
directory, or if the file is of any other type but already has at least
one execution bit (user, group, or other) set. In all other cases, X is
silently ignored.
Multiple symbolic modes separated by commas may be given, though no
spaces may intervene between these modes. Operations are performed in
the order given. Multiple symbolic letters following a single operator
cause the corresponding operations to be performed simultaneously. The
letter s is only meaningful with u or g, and t only works with u.
Mandatory file and record locking (l) refers to a file's ability to have
its reading or writing permissions locked while a program is accessing
that file. It is not possible to permit group execution and enable a
Page 2
chmod(1) chmod(1)
file to be locked on execution at the same time. In addition, it is not
possible to turn on the set-group-ID and enable a file to be locked on
execution at the same time. The following examples,
chmod g+x,+l file(s)
chmod g+s,+l file(s)
are, therefore, illegal usages and will elicit error messages.
Only the owner of a file or directory (or the superuser) may change a
file's mode. In order to turn on a file's set-group-ID, your own group
ID must correspond to the file's, and group execution must be set.
If a directory is writable and the sticky bit, (t), is set on the
directory, a process may remove or rename files within that directory
only if one or more of the following is true (see unlink(2) and
rename(2)):
the effective user ID of the process is the same as that of the
owner ID of the file
the effective user ID of the process is the same as that of the
owner ID of the directory
the process is a superuser.
Note that the group id of the process and file are not taken into account
by the rules above. A process will only be able to remove a file in a
sticky directory based upon its effective user ID, not its group ID.
In releases of IRIX before 6.2, a process could also remove or rename
files within a directory with the sticky bit set if the process had write
permission for the file. This has been changed in accordance with the
X/Open XPG4.2 standard, but the old behavior can be enabled via the
xpg4_sticky_dir kernel tunable variable.
If the sticky bit, (t), is set on a file that is a dynamic loader for an
ELF executable, then when the executable is execed the old process's read
only address spaces will be made available to the dynamic loader in the
new process. This can improve program start up time considerably.
The setting of the sticky bit on any other file has no effect.
If the set-group-ID flag is set on a directory, then files created in
that directory will have their group ID set to the group ID of the
directory, otherwise the group ID of the file is set to the effective
group ID of the creating process (see chmod(2)]. The set-group-ID flag
can only be set on a directory by using the symbolic mode: that is,
Page 3
chmod(1) chmod(1)
chmod g+s directory
mount(1) provides an alternate way to set this behavior for an entire
filesystem (see mount(1) and fstab(4)].
The -R option recursively descends through directory arguments, setting
the mode for each file as described above. If a symbolic link is
encountered whose target is a directory, the permission of the directory
is changed. That directory's contents are not recursively traversed.
chmod a-x file
chmod 444 file
The first examples deny execution permission to all. The absolute
(octal) example permits only reading permissions.
chmod go+rw file
chmod 066 file
These examples make a file readable and writable by the group and others.
chmod +l file
This causes a file to be locked during access.
chmod =rwx,g+s file
chmod 2777 file
These last two examples enable all to read, write, and execute the file;
and they turn on the set group-ID.
ls(1), mount(1), umask(1), chmod(2), unlink(2).
P�P�P�Pa�a�a�ag�g�g�ge�e�e�e 4�4�4�4 [ Back ]
|
