chmod(1) DG/UX R4.11MU05 chmod(1)
NAME
chmod - change file mode
SYNOPSIS
chmod [ -R ] mode file ...
chmod [ugoa ]{+ |- |=}[ rwxlstugo ] file ...
DESCRIPTION
chmod changes or assigns the mode of a file. The mode of a file
specifies its permissions and other attributes. The mode may be
absolute or symbolic.
An absolute mode is specified using octal numbers:
chmod nnnn file ...
where n is a number from 0 to 7. An absolute mode is constructed
from the OR of any of the following modes:
4000 Set user ID on execution.
20#0 Set group ID on execution if # is 7, 5, 3, or 1.
Enable mandatory locking if # is 6, 4, 2, or 0.
If the file is a directory, this bit causes files
created in the directory to be created with the
group id of the directory itself, rather than the
group id of the process creating the file.
This bit may be set or cleared only using the
symbolic mode.
1000 Turn on sticky bit [(see chmod(2)].
0400 Allow read by owner.
0200 Allow write by owner.
0100 Allow execute (search in directory) by owner.
0070 Allow read, write, and execute (search) by group.
0007 Allow read, write, and execute (search) by others.
A symbolic mode is specified in the following format:
chmod [ who ] operator [ permission(s) ] file ...
who is zero or more of the characters u, g, o, and a specifying whose
permissions are to be changed or assigned:
u user's permissions
g group's permissions
o others' permissions
a all permissions (user, group, and other)
If who is omitted, it defaults to a.
operator is one of +, -, or =, signifying how permissions are to be
changed:
+ Add permissions.
- Take away permissions.
= Assign permissions absolutely.
Unlike other symbolic operations, = has an absolute effect in that it
resets all other bits. Omitting permission(s) is useful only with =
to take away all permissions.
permission(s) is any compatible combination of the following letters:
r read permission
w write permission
x execute permission
s user or group set-ID
t sticky bit
l mandatory locking
u, g, o indicate that permission is to be taken from the
current user, group or other mode respectively.
Permissions to a file may vary depending on your user identification
number (UID) or group identification number (GID). Permissions are
described in three sequences each having three characters:
User Group Other
rwx rwx rwx
This example (user, group, and others all have permission to read,
write, and execute a given file) demonstrates two categories for
granting permissions: the access class and the permissions
themselves.
Multiple symbolic modes separated by commas may be given, though no
spaces may intervene between these modes. Operations are performed
in the order given. Multiple symbolic letters following a single
operator cause the corresponding operations to be performed
simultaneously.
The letter s is only meaningful with u or g, and t only works with u.
Mandatory file and record locking (l) refers to a file's ability to
have its reading or writing permissions locked while a program is
accessing that file. Using mandatory locking forces the kernel to
verify that a lock is not being violated when a file is accessed
through the use of an open(2), read(2), or write(2) and should be
considered as an enforcement-mode lock.
It is not possible to permit group execution and enable a file to be
locked on execution at the same time. In addition, it is not
possible to turn on the set-group-ID bit and enable a file to be
locked on execution at the same time. The following examples,
therefore, are invalid and elicit error messages:
chmod g+x,+l file
chmod g+s,+l file
The mode bit represented by (l) above is conceptual in that this bit
is used to represent different settings, such as (g+x) and (l); one
would not want a file that is group-executable to be mandatory locked
since many different processes should be allowed to execute the file.
The decision for the I/O system calls to enforce locks is made at the
time the I/O calls are made and is influenced by the state of the
permissions on the file.
User locking works in the following manner:
Cooperating processes can use advisory file locking by calling
lockf(3C), fcntl(2), or flock(3C) (or dgflock(3C)) to
serialize access to selected extents of a given file. They
are vulnerable, though, to non-cooperating processes that
access the given file without calling any of the lock
primitives available in DG/UX.
The same set of processes can lock out non-cooperating
processes placing the (conceptual) mode bit on the given file
into the mandatory-file-locking state. Note however, as with
advisory locking, a process that wants to lock a file using
mandatory locking must assert a lock on the file.
Only the owner of a file or directory (or a user with appropriate
privilege, unless the file being modified is a remote file) may
change the mode of that file or directory. On systems without the
DG/UX capability option, appropriate privilege means having a UID of
zero (root). On systems with the DG/UX capability option, appropriate
privilege means having one or more specific capabilities enabled in
your effective capability set. See appropriateprivilege(5) for the
default capabilities needed for this command.
Only a user with appropriate privilege may set the sticky bit on a
non-directory file. If you do not have appropriate privilege, chmod
will mask the sticky-bit but will not return an error. In order to
turn on a file's set-group-ID bit, your own group ID must correspond
to the file's and group execution must be set.
The -R option recursively descends through directory arguments,
setting the mode for each file as described above.
EXAMPLES
Deny execute permission to everyone:
chmod a-x file
Allow read permission to everyone:
chmod 444 file
Make a file readable and writable by the group and others:
chmod go+rw file
chmod 066 file
Cause a file to be locked during access:
chmod +l file
Allow everyone to read, write, and execute the file and turn on the
set group-ID.
chmod =rwx,g+s file
chmod 2777 file
Absolute changes don't work for the set-group-ID bit of a directory.
You must use g+s or g-s.
SEE ALSO
ls(1).
chmod(2), fcntl(2), flock(3C), lockf(3C).
appropriateprivilege(5).
setacl.
NOTES
chmod permits you to produce useless modes so long as they are not
illegal (e.g., making a text file executable). chmod does not check
the file type to see if mandatory locking is available.
chmod is designed to set the standard file permission bits on
traditional DG/UX Systems. On DG/UX Systems that support the
discretionary access control (DAC) option, if you use chmod to set
group permissions, you will only set the permissions of the
traditional group and not the access control mask that is available
though DAC. Depending on the permissions allowed by the access
control mask, the traditional group may have fewer permissions than
those you set with chmod. As a rule, on DG/UX Systems with the DAC
option, use setacl rather than chmod to set DAC permissions.
Licensed material--property of copyright holder(s)