chmod - Changes permission codes
Absolute Mode
chmod [-fR] absolute_mode file...
Symbolic Mode [Toc] [Back]
chmod [-fR] [who] +permission ... file...
chmod [-fR] [who] -permission ... file...
chmod [-fR] [who] = [permission]... file...
The chmod command modifies the read, write, and execute
permissions of specified files and the search permissions
of specified directories.
Interfaces documented on this reference page conform to
industry standards as follows:
chmod: XCU5.0
Refer to the standards(5) reference page for more information
about industry standards and associated tags.
[Tru64 UNIX] Does not report an error if chmod fails to
change the mode on a file. Causes chmod to recursively
descend its directory arguments, setting the mode for each
file as described in the sections Symbolic Mode and Absolute
Mode. When symbolic links are encountered, their
mode is not changed and they are not traversed.
Pathname of the file that is to have the permission bits
modified. Octal permission_code for setting the file permissions.
This code is formed as described under Absolute
Mode in the DESCRIPTION section. Specifies whether permissions
are being defined for a user, group, or all others.
This operand is more fully described under Symbolic
Mode in the DESCRIPTION Section. Specifies the operation
to be performed on the permissions being defined. This
operand is more fully described under Symbolic Mode in the
DESCRIPTION Section. Specifies the permissions being
defined. This operand is more fully described under Symbolic
Mode in the DESCRIPTION Section.
You can use either symbolic or absolute mode to specify
the desired permission settings.
You can change the permission code of a file or directory
only if you own it or if you have superuser authority.
[Tru64 UNIX] If a named file is a symbolic link, chmod
changes the mode of the link's target file unless the -R
option is used. If the -R option is used, chmod leaves
links and their target files untouched.
Symbolic Mode [Toc] [Back]
A symbolic mode has the form: [who] operation permission
[operation permission] ...
The who argument specifies whether you are defining permissions
for a user, group, or all others, or any combination
of these. The operation argument specifies whether
the permission is being added, taken away, or assigned
absolutely. The permission argument identifies the operation
that the specified users can perform on file.
Valid options for the who argument are as follows: User
(owner) Group All others User, group, and all others (same
effect as the combination ugo)
[Tru64 UNIX] If the who argument is omitted, the default
is a, but the setting of the file creation mask, umask
(see umask(1), csh, ksh, sh), is applied.
Valid options for the operation argument are as follows:
Removes specified permissions. Adds specified permissions.
Clears the selected permission field and sets it
to the code specified. If you do not specify a permission
code following =, chmod removes all permissions from the
selected field.
Valid options for the permission argument are as follows:
Read permission. Write permission. Execute permission
for files, search permission for directories. Execute
permission only if file is a directory or at least one
execute bit is set. Set-user-ID or set-group-ID permission.
This permission bit sets the effective user ID or
group ID to that of the owner or group owner of
file whenever the file is run. Use this permission
setting in combination with the u or g option to
allow temporary or restricted access to files not
normally accessible to other users. An s appears
in the user or group execute position of a long
listing (see ls) to show that the file runs with
set-user-ID or set-group-ID permission. [Tru64
UNIX] Save text permission.
[Tru64 UNIX] In earlier versions of the UNIX system,
setting this permission bit caused the text
segment of a program to remain in virtual memory
after its first use. The system thus avoided having
to transfer the program code of frequently
accessed programs into the paging area. A t
appears in the execute position of the all others
option to indicate that the file has this bit (the
sticky bit) set.
[Tru64 UNIX] If a directory has this bit set, then
deletion in it is restricted. An entry in a sticky
directory can be removed or renamed by a user only
if the user has write permission for the directory
and the user is the owner of the file, the owner of
the directory, or the superuser. [Tru64
UNIX] Mandatory locking.
[Tru64 UNIX] Mandatory file and record locking
refers to a file's ability to have read and write
permissions locked while another program is
accessing that file. It is not possible to permit
group execution and enable a file to be locked on
an execution at the same time. In addition, it is
not possible to turn on the set-group-ID bit and
enable a file to be locked on execution at the same
time. In order to turn on a file's set-group-ID
bit, your own group ID must correspond to the
file's and group execution must be set.
The u, g, and o options indicate that permission is to be
taken from the current mode. Omitting permission is only
useful with = to take away all permissions.
All permission bits not explicitly specified are cleared.
You can specify multiple symbolic modes, separated with
commas. Do not separate items in this list with spaces.
Operations are performed in the order they appear from
left to right.
Absolute Mode [Toc] [Back]
Absolute mode lets you use octal notation to set each bit
in the permission code. The chmod command sets the permissions
to the permission_code you provide. The permission_code
is constructed by combining (logical OR) the
following values: Sets user ID on execution. Sets group
ID on execution. [Tru64 UNIX] Sets the sticky bit, which
does the following: [Tru64 UNIX] Retains memory image
after execution (executable file) [Tru64 UNIX] Restricts
file removal (directory file)
[Tru64 UNIX] You must have appropriate privileges
to set the sticky bit. See chmod(2). Permits read
by owner. Permits write by owner. Permits execute
or search by owner. Permits read by group. Permits
write by group. Permits execute or search by
group. Permits read by others. Permits write by
others. Permits execute or search by others.
System V Compatibility [Toc] [Back]
[Tru64 UNIX] The root of the directory tree that contains
the commands modified for SVID 2 compliance is specified
in the file /etc/svid2_path. You can use /etc/svid2_profile
as the basis for, or to include in, your
/etc/svid2_profile reads /etc/svid2_path and sets the
first entries in the PATH environment variable so that the
modified SVID 2 commands are found first.
[Tru64 UNIX] The SVID 2 compliant version of the chmod
command ignores the umask value if who is not specified in
the symbolic mode of the command (chmod [who] operation
permission). In other words, if you omit who from the
chmod command line, the version of the command that is
compliant with the SVID 2 standard behaves exactly as if
you specified the character a as the value for who. The
version of the chmod command that is SVID 2 compliant also
supports equivalents in absolute mode for the s permission
in symbolic mode. In absolute mode, setting the bits
04000 represents set-user-ID and setting the bits 02000
represents set-group-ID.
The correspondence between octal value and mode bit is
given in the following table.
----------------------------------------------------------
Octal Value Symbolic Mode Meaning
----------------------------------------------------------
S_ISUID 4000 set user id on execution
S_ISGID 2000 set group id on execution
S_IRUSR 0400 read permission: owner
S_IWUSR 0200 write permission: owner
S_IXUSR 0100 execute/search permission:
owner
S_IRGRP 0040 read permission: group
S_IWGRP 0020 write permission: group
S_IXGRP 0010 execute/search permission:
group
S_IROTH 0004 read permission: other
S_IWOTH 0002 write permission: other
S_IXOTH 0001 execute/search permission:
other
----------------------------------------------------------
The following exit values are returned: Successful completion.
An error occurred.
To add a type of permission to several files, enter: chmod
g+w chap1 chap2
This adds write permission for group members to the
files chap1 and chap2. To make several permission
changes at once, enter: chmod go-w+x mydir
This denies group members and others the permission
to create or delete files in mydir (go-w). It
allows them to search mydir or use it in a pathname
(go+x). This is equivalent to the following command
sequence: chmod g-w mydir chmod o-w mydir chmod g+x
mydir chmod o+x mydir To permit only the owner to
use a shell procedure as a command, enter: chmod
u=rwx,go= cmd
This gives read, write, and execute permission to
the user who owns the file (u=rwx). It also denies
the group and others the permission to access cmd
in any way (go=).
If you have permission to execute the cmd shell
command file, you can run it by entering: cmd
or ./cmd To use set-ID modes, enter: chmod ug+s cmd
When cmd is executed, this causes the effective
user and group IDs to be set to those that own the
file cmd. Only the effective IDs associated with
the subprocess that runs cmd are changed. The
effective IDs of the shell session remain
unchanged.
This feature allows you to permit restricted access
to important files. Suppose that the file cmd has
the set-user-ID mode enabled and is owned by a user
called dbms. Although dbms is not actually a person,
it might be associated with a database management
system. The user betty does not have permission
to access any of dbms's data files. However,
she does have permission to execute cmd. When she
does so, her effective user ID is temporarily
changed to dbms, so that the cmd program can access
the data files owned by dbms.
This way betty can use cmd to access the data
files, but she cannot accidentally damage them with
the standard shell commands. To use the absolute
mode form of the chmod command, enter: chmod 644
text
This sets read and write permission for the owner,
and it sets read-only mode for the group and all
others.
ENVIRONMENT VARIABLES [Toc] [Back] The following environment variables affect the execution
of chmod: Provides a default value for the internationalization
variables that are unset or null. If LANG is unset
or null, the corresponding value from the default locale
is used. If any of the internationalization variables
contain an invalid setting, the utility behaves as if none
of the variables had been defined. If set to a non-empty
string value, overrides the values of all the other internationalization
variables. Determines the locale for the
interpretation of sequences of bytes of text data as characters
(for example, single-byte as opposed to multibyte
characters in arguments). Determines the locale for the
format and contents of diagnostic messages written to
standard error. Determines the location of message catalogues
for the processing of LC_MESSAGES.
[Tru64 UNIX] Defines the correspondence between symbolic
codes and octal mode values.
Commands: chgrp(1), chown(1), csh(1), ksh(1), ls(1),
Bourne shell sh(1b), POSIX shell sh(1p), umask(1)
Functions: chown(2), chmod(2), stat(2), umask(2)
Standards: standards(5)
chmod(1)
[ Back ] |
