NAME
chmod - Changes permission codes
SYNOPSIS
chmod [-fR] absolute_mode file ...
chmod [-fR] [who] +permission ... file ...
chmod [-fR] [who] -permission ... file ...
chmod [-fR] [who] =[permission ...] file ...
The chmod command modifies the read, write, and execute per-
missions of specified files and the search permissions of
specified directories.
FLAGS
-f Does not report an error if chmod fails to change the
mode on a file.
-R Causes chmod to recursively descend its directory argu-
ments, setting the mode for each file as described in
the sections Symbolic Mode and Absolute Mode. When sym-
bolic links are encountered, their mode is not changed
and they are not traversed.
DESCRIPTION
You can use either symbolic or absolute mode to specify the
desired permission settings. You can change the permission
code of a file or directory only if you own it or if you
have superuser authority.
Symbolic Mode
A symbolic mode has the form:
[who] operation permission [operation permission] ...
The who argument specifies whether you are defining permis-
sions for a user, group, or all others, or any combination
of these. The operation argument specifies whether the per-
mission is being added, taken away, or assigned absolutely.
The permission argument identifies the operation that the
specified users can perform on file.
Valid options for the who argument are as follows:
u User (owner)
g Group
o All others
a User, group, and all others (same effect as the combina-
tion ugo)
If the who argument is omitted, the default is a, but the
setting of the file creation mask, umask (see csh, ksh, sh),
is applied.
Valid options for the operation argument are as follows:
- Removes specified permissions.
+ Adds specified permissions.
= Clears the selected permission field and sets it to the
code specified. If you do not specify a permission code
following =, chmod removes all permissions from the
selected field.
Valid options for the permission argument are as follows:
r Read permission.
w Write permission.
x Execute permission for files, search permission for
directories.
X Execute permission only if file is a directory or at
least one execute bit is set.
s Set-user-ID or set-group-ID permission.
This permission bit sets the effective user ID or group
ID to that of the owner or group owner of file whenever
the file is run. Use this permission setting in combi-
nation with the u or g option to allow temporary or res-
tricted access to files not normally accessible to other
users. An s appears in the user or group execute posi-
tion of a long listing (see ls) to show that the file
runs with set-user-ID or set-group-ID permission.
t Save text permission.
In earlier versions of the UNIX system, setting this
permission bit caused the text segment of a program to
remain in virtual memory after its first use. The
system thus avoided having to transfer the program code
of frequently accessed programs into the paging area.
You can specify this permission, but in OSF/1 it has no
effect. A t appears in the execute position of the all
others option to indicate that the file has this bit
(the sticky bit) set.
If a directory has this bit set, then deletion in it is
restricted. An entry in a sticky directory can only be
removed or renamed by a user if the user has write per-
mission for the directory and the user is the owner of
the file, the owner of the directory, or the superuser.
The u, g, and o options indicate that permission is to be
taken from the current mode. Omitting permission is only
useful with = to take away all permissions.
All permission bits not explicitly specified are cleared.
You can specify multiple symbolic modes, separated with com-
mas. Do not separate items in this list with spaces.
Operations are performed in the order they appear from left
to right.
Absolute Mode
Absolute mode lets you use octal notation to set each bit in
the permission code. The chmod command sets the permissions
to the permission_code you provide. permission_code is con-
structed by combining (the logical OR of) the following
values:
4000
Sets user ID on execution.
2000
Sets group ID on execution.
1000
Sets sticky bit (see chmod(2)):
o Retains memory image after execution (executable
file). Has no effect in OSF/1.
o Restricts file removal (directory).
0400
Permits read by owner.
0200
Permits write by owner.
0100
Permits execute or search by owner.
0040
Permits read by group.
0020
Permits write by group.
0010
Permits execute or search by group.
0004
Permits read by others.
0002
Permits write by others.
0001
Permits execute or search by others.
EXAMPLES
1. To add a type of permission to several files, enter:
chmod g+w chap1 chap2
This adds write permission for group members to the
files chap1 and chap2.
2. To make several permission changes at once, enter:
chmod go-w+x mydir
This denies group members and others the permission to
create or delete files in mydir (go-w). It allows them
to search mydir or use it in a pathname (go+x). This
is equivalent to the following command sequence:
chmod g-w mydir
chmod o-w mydir
chmod g+x mydir
chmod o+x mydir
3. To permit only the owner to use a shell procedure as a
command, enter:
chmod u=rwx,go= cmd
This gives read, write, and execute permission to the
user who owns the file (u=rwx). It also denies the
group and others the permission to access cmd in any
way (go=).
If you have permission to execute the cmd shell command
file, you can run it by entering:
cmd
or
./cmd
4. To use set-ID modes, enter:
chmod ug+s cmd
When cmd is executed, this causes the effective user
and group IDs to be set to those that own the file cmd.
Only the effective IDs associated with the subprocess
that runs cmd are changed. The effective IDs of the
shell session remain unchanged.
This feature allows you to permit restricted access to
important files. Suppose that the file cmd has the
set-user-ID mode enabled and is owned by a user called
dbms. dbms is not actually a person, but might be
associated with a database management system. The user
betty does not have permission to access any of dbms's
data files. However, she does have permission to exe-
cute cmd. When she does so, her effective user ID is
temporarily changed to dbms, so that the cmd program
can access the data files owned by dbms.
This way betty can use cmd to access the data files,
but she cannot accidentally damage them with the stan-
dard shell commands.
5. To use the absolute mode form of the chmod command,
enter:
chmod 644 text
This sets read and write permission for the owner, and
it sets read-only mode for the group and all others.
RELATED INFORMATION
Commands: chgrp(1), chown(1), csh(1), ksh(1), ls(1), sh(1).
Functions: chown(2), chmod(2), stat(2), umask(2).
Acknowledgement and Disclaimer