Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ chmod(1) — DG/UX R4.11MU05

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

ls(1)

chmod(2)

fcntl(2)

flock(3C)

lockf(3C)



chmod(1)                       DG/UX R4.11MU05                      chmod(1)


NAME
       chmod - change file mode

SYNOPSIS
       chmod [ -R ] mode file ...
       chmod [ugoa ]{+ |- |=}[ rwxlstugo ] file ...

DESCRIPTION
       chmod changes or assigns the mode of a file.  The mode of a file
       specifies its permissions and other attributes.  The mode may be
       absolute or symbolic.

       An absolute mode is specified using octal numbers:

              chmod nnnn file ...

       where n is a number from 0 to 7.  An absolute mode is constructed
       from the OR of any of the following modes:

              4000      Set user ID on execution.
              20#0      Set group ID on execution if # is 7, 5, 3, or 1.
                        Enable mandatory locking if # is 6, 4, 2, or 0.
                        If the file is a directory, this bit causes files
                        created in the directory to be created with the
                        group id of the directory itself, rather than the
                        group id of the process creating the file.
                        This bit may be set or cleared only using the
                        symbolic mode.
              1000      Turn on sticky bit [(see chmod(2)].
              0400      Allow read by owner.
              0200      Allow write by owner.
              0100      Allow execute (search in directory) by owner.
              0070      Allow read, write, and execute (search) by group.
              0007      Allow read, write, and execute (search) by others.

       A symbolic mode is specified in the following format:

              chmod [ who ]  operator  [ permission(s) ]   file ...

       who is zero or more of the characters u, g, o, and a specifying whose
       permissions are to be changed or assigned:

              u         user's permissions
              g         group's permissions
              o         others' permissions
              a         all permissions (user, group, and other)

       If who is omitted, it defaults to a.

       operator is one of +, -, or =, signifying how permissions are to be
       changed:

              +         Add permissions.
              -         Take away permissions.
              =         Assign permissions absolutely.

       Unlike other symbolic operations, = has an absolute effect in that it
       resets all other bits.  Omitting permission(s) is useful only with =
       to take away all permissions.

       permission(s) is any compatible combination of the following letters:

              r         read permission
              w         write permission
              x         execute permission
              s         user or group set-ID
              t         sticky bit
              l         mandatory locking
              u, g, o   indicate that permission is to be taken from the
                        current user, group or other mode respectively.

       Permissions to a file may vary depending on your user identification
       number (UID) or group identification number (GID).  Permissions are
       described in three sequences each having three characters:

                               User   Group   Other
                               rwx     rwx     rwx

       This example (user, group, and others all have permission to read,
       write, and execute a given file) demonstrates two categories for
       granting permissions: the access class and the permissions
       themselves.

       Multiple symbolic modes separated by commas may be given, though no
       spaces may intervene between these modes.  Operations are performed
       in the order given.  Multiple symbolic letters following a single
       operator cause the corresponding operations to be performed
       simultaneously.

       The letter s is only meaningful with u or g, and t only works with u.

       Mandatory file and record locking (l) refers to a file's ability to
       have its reading or writing permissions locked while a program is
       accessing that file.  Using mandatory locking forces the kernel to
       verify that a lock is not being violated when a file is accessed
       through the use of an open(2), read(2), or write(2) and should be
       considered as an enforcement-mode lock.

       It is not possible to permit group execution and enable a file to be
       locked on execution at the same time.  In addition, it is not
       possible to turn on the set-group-ID bit and enable a file to be
       locked on execution at the same time.  The following examples,
       therefore, are invalid and elicit error messages:

              chmod g+x,+l file
              chmod g+s,+l file

       The mode bit represented by (l) above is conceptual in that this bit
       is used to represent different settings, such as (g+x) and (l); one
       would not want a file that is group-executable to be mandatory locked
       since many different processes should be allowed to execute the file.

       The decision for the I/O system calls to enforce locks is made at the
       time the I/O calls are made and is influenced by the state of the
       permissions on the file.

       User locking works in the following manner:

              Cooperating processes can use advisory file locking by calling
              lockf(3C), fcntl(2), or flock(3C) (or dgflock(3C)) to
              serialize access to selected extents of a given file.  They
              are vulnerable, though, to non-cooperating processes that
              access the given file without calling any of the lock
              primitives available in DG/UX.

              The same set of processes can lock out non-cooperating
              processes placing the (conceptual) mode bit on the given file
              into the mandatory-file-locking state.  Note however, as with
              advisory locking, a process that wants to lock a file using
              mandatory locking must assert a lock on the file.

       Only the owner of a file or directory (or a user with appropriate
       privilege, unless the file being modified is a remote file) may
       change the mode of that file or directory.  On systems without the
       DG/UX capability option, appropriate privilege means having a UID of
       zero (root). On systems with the DG/UX capability option, appropriate
       privilege means having one or more specific capabilities enabled in
       your effective capability set. See appropriateprivilege(5) for the
       default capabilities needed for this command.

       Only a user with appropriate privilege may set the sticky bit on a
       non-directory file.  If you do not have appropriate privilege, chmod
       will mask the sticky-bit but will not return an error.  In order to
       turn on a file's set-group-ID bit, your own group ID must correspond
       to the file's and group execution must be set.

       The -R option recursively descends through directory arguments,
       setting the mode for each file as described above.

EXAMPLES
       Deny execute permission to everyone:

              chmod a-x file

       Allow read permission to everyone:

              chmod 444 file

       Make a file readable and writable by the group and others:

              chmod go+rw file
              chmod 066 file

       Cause a file to be locked during access:

              chmod +l file

       Allow everyone to read, write, and execute the file and turn on the
       set group-ID.

              chmod =rwx,g+s file
              chmod 2777 file

       Absolute changes don't work for the set-group-ID bit of a directory.
       You must use g+s or g-s.

SEE ALSO
       ls(1).
       chmod(2), fcntl(2), flock(3C), lockf(3C).
       appropriateprivilege(5).
       setacl.

NOTES
       chmod permits you to produce useless modes so long as they are not
       illegal (e.g., making a text file executable).  chmod does not check
       the file type to see if mandatory locking is available.

       chmod is designed to set the standard file permission bits on
       traditional DG/UX Systems. On DG/UX Systems that support the
       discretionary access control (DAC) option, if you use chmod to set
       group permissions, you will only set the permissions of the
       traditional group and not the access control mask that is available
       though DAC. Depending on the permissions allowed by the access
       control mask, the traditional group may have fewer permissions than
       those you set with chmod. As a rule, on DG/UX Systems with the DAC
       option, use setacl rather than chmod to set DAC permissions.



Licensed material--property of copyright holder(s)

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026