Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ chmod(1) — Reliant UNIX 5.44c4

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

chgrp(1)

ls(1)

newgrp(1)

umask(1)

chmod(2)

chown(2)

lockf(3C)

passwd(4)

chmod(1)                                                           chmod(1)

NAME
     chmod - change file mode

SYNOPSIS
     chmod [-R] [--] mode file ...

DESCRIPTION
     chmod is used to change the permissions of a file (its protection
     mode).

     Only the owner or the system administrator is authorized to change the
     permissions of a file. A file's set-group-id bit can only be set by a
     user whose current group ID is the same as the file's group ID [see
     chgrp(1) and newgrp(1)].

OPTIONS
     -R   (recursive) chmod recursively descends through the specified
          directories, changing the mode for each file it encounters.

     --   If mode begins with a dash (-), the end of the command line
          options must be marked with --.

     mode In mode you specify how the permissions for one or more named
          files are to be changed. There are two forms of mode specifica-
          tion:

          -  symbolic

          -  absolute

          Symbolic form: [who]op[permission][,[who]op[permission]]...

          who  In who you say who the file permissions apply to.

               The choices for who are:

               u  for the owner (user)

               g  for the group

               o  for others

               a  for ugo, i.e. all users.

               or any combination of the letters u, g, o.

               who not specified:

               chmod behaves in the same way as if ugo or a had been speci-
               fied. The access rights are changed for owner, group, and
               other, with the exception of the bits protected by umask(1)
               (see EXAMPLES, 2nd table).



Page 1                       Reliant UNIX 5.44                Printed 11/98

chmod(1)                                                           chmod(1)

          op   In op you specify whether permissions are to be granted,
               left unchanged, or revoked.

               The choices for op are:

               +  to add (grant) permissions,

               -  to take away (revoke) permissions,

               =  to assign permissions absolutely, i.e. only the listed
                  permissions are granted are granted, all others are
                  revoked.

          permission
               In permission you specify which permission(s) you wish to
               grant or revoke.

               The choices for permission are:

               r  for read permission

               w  for write permission

               x  for execute permission or for permission to search in a
                  directory.

               X  (X - execute) for execute permission or for permission to
                  search in directories. X only works in opposition to x in
                  the case of directories or if x access permissions are
                  already set for file.

               s  for the set-user-ID or set-group-ID bit.

                  Entering s in a chmod command is only useful in conjunc-
                  tion with u, g, or ug (if who is not specified, it
                  defaults to ug). Set-user-ID and set-group-ID bits only
                  apply to executable binary files (not to shell scripts)
                  (see The s bits below).

               t  for sticky bit (t bit).

                  Only the system administrator is able to set the sticky
                  bit. Attempts by non-privileged users to set the sticky
                  bit are ignored. Entering t in a chmod command is useful
                  only in combination with u or a or if who is not defined.
                  A set sticky bit only applies to executable files (see
                  The sticky bit below). If you change the mode of a file
                  which has the sticky bit set, the sticky bit is cleared
                  automatically.





Page 2                       Reliant UNIX 5.44                Printed 11/98

chmod(1)                                                           chmod(1)

               l  (lock) for mandatory locking of files, directories or
                  records, referring to a file's ability to have its read
                  or write permissions locked while a program is accessing
                  it. file's l bit can be set only if

                  -  its group execute permission is not set and

                  -  its set-group-id bit is set.

                  Thus the following examples are not correct and would
                  result in error messages:

                       chmod g+x,+l file
                       chmod g+s,+l file

               u  Use the permissions of the current owner.

               g  Use the permissions of the current group.

               o  Use the permissions of the current "others" mode.

               permission not specified:

               This is only useful in combination with the = operator; all
               permissions are then revoked for the who in question.

          As indicated above, you can specify several "who-op-permission"
          arguments in a row, provided they are separated by commas as fol-
          lows:

          chmod g-w,o-rw file

          The string you specify for mode is processed by chmod from left
          to right. For instance, a-w,u+w grants write permission to the
          owner, revoking it for all others.

          Absolute form

          An absolute mode is a three or four digit octal number. The
          admissible octal values are obtained by logically ORing (in
          binary) the octal modes shown below. The effect is the same as
          adding the modes in octal or decimal. A leading zero (neither the
          s bit nor the sticky bit set) may be omitted.

          The specified permissions are granted; all other permissions are
          revoked.








Page 3                       Reliant UNIX 5.44                Printed 11/98

chmod(1)                                                           chmod(1)

          4000   Set user ID on execution

          20#0   Set group ID on execution if # is 7, 5, 3 or 1. Set manda-
                 tory locking if # is 6, 4, 2 or 0. The value of # is
                 ignored if file is a directory. In this case you can only
                 use the symbolic form for mode.

          1000   sticky bit (t bit)

          0400   read permission for owner

          0200   write permission for owner

          0100   execute permission (or directory search permission) for
                 owner

          0040   read permission for group

          0020   write permission for group

          0010   execute permission (or directory search permission) for
                 group

          0004   read permission for others

          0002   write permission for others

          0001   execute permission (or directory search permission) for
                 others

          Example:  To grant read, write, and execute permission to the
                    owner and read and execute permission to the group, you
                    would enter a value of 750 for mode:

                    400 + 200 + 100 + 40 + 10 = 750

                    The file then has the permissions rwxr-x---

     file Name of the file for which you wish to define or alter the per-
          missions. file may also be a directory. Multiple names are also
          allowed.

SPECIAL PERMISSIONS
   The s bit

     When an executable program which has the set-user-ID bit set is
     called, the effective user ID of the associated process is the same as
     the user ID of the owner of the file (and not that of the caller). In
     other words, the process runs under the user ID of the program owner
     and can therefore also access files for which the caller of the pro-
     gram does not have explicit access permission. The real user ID of the
     process remains that of the program caller.


Page 4                       Reliant UNIX 5.44                Printed 11/98

chmod(1)                                                           chmod(1)

     If the set-group-ID bit is set, the effective group ID of the process
     is the same as the group ID of the program owner. This means that the
     process runs under the group ID of the program owner. The real group
     ID of the process remains that of the program caller.

     The s bits are only useful for executable binary files (executable
     programs) and not for shell scripts. Although chmod can be used to set
     the s bits for files that contain a shell script, the setting will
     essentially have no effect.

     When changes are made to a file, the s bits are reset for security
     reasons.

     Caution:
          If the system administrator sets the s bit for a program which he
          or she owns, all users who can call the program are thereby
          authorized to carry out any operations that the system adminis-
          trator is allowed to perform using the program. Hence the system
          administrator should not set the s bit unless it is certain that
          security will not be compromised, leading to loss of data, for
          example.

     One example of an s bit application is the passwd command (/bin direc-
     tory). As a normal user, you are not granted write permission for the
     password file /etc/passwd. However, since the set-user-ID bit for root
     has been set for the passwd command, you can use this command to give
     yourself a new password in the /etc/passwd file.

   The sticky bit (t bit)

     Only the system administrator can set the sticky bit (t bit). Attempts
     by non-privileged users to set the sticky bit are ignored.

     The sticky bit only works on directories and executable files. It is
     possible to use chmod to set it on other files, but it will have no
     effect.

     If the sticky bit is set on an executable file, the overhead typically
     involved in reading a program in from the disk file again every time
     the program is started can be reduced somewhat.

     If a directory is write enabled and has the sticky bit set, files
     within the directory cannot be removed, renamed or linked to unless
     one or more of the following conditions apply:

     -  the file belongs to the user

     -  the directory belongs to the user

     -  the user has write permission for the file

     -  the user is a privileged user


Page 5                       Reliant UNIX 5.44                Printed 11/98

chmod(1)                                                           chmod(1)

     In the output of the ls -l command, the sticky bit if set appears in
     the last position of the listed permissions. If the x bit has simul-
     taneously been set for "other users", a t appears; if not, a T.

   The l bit

     The lockf() function allows a program to place a lock on a file which
     it is accessing. If this file has its l bit set, the function call
     results in mandatory locking of the file [see lockf(3C)].

ERROR MESSAGES

     chmod: ERROR: Invalid mode

          You have defined an illegal set of permissions for chmod.

     chmod: WARNING: Locking not permitted on file, a group executable file

          Files with group execute permission cannot also have the l bit set.

     chmod: WARNING: Execute permission required for set-ID on execution
     for file

          In order to turn on a file's set-user-ID bit you need to have
          execute permission for the file.

LOCALE
     The LCMESSAGES environment variable governs the language in which mes-
     sage texts are displayed. If LCMESSAGES is undefined or is defined as
     the null string, it defaults to the value of LANG. If LANG is likewise
     undefined or null, the system acts as if it were not internationalized.

     The LCALL environment variable governs the entire locale. LCALL
     takes precedence over all the other environment variables which affect
     internationalization.

EXAMPLES
     The first table shows examples of which symbolic entries correspond to
     which absolute entries.
     _________________________________
    | Symbolic form |  Absolute form |
    |_______________|________________|
    | u-w           |        400     |
    | -w            |        400     |
    | +rx           |        755     |
    | =r            |        444     |
    | ug=rw,o=r     |        664     |
    | u=rwx,g=rx,o= |        750     |
    | +x,u+s        |       4711     |
    | +xt           |       1711     |
    |_______________|________________|



Page 6                       Reliant UNIX 5.44                Printed 11/98

chmod(1)                                                           chmod(1)

     Note: The sticky bit (last example) can only be set by the system
     administrator. Attempts by non-privileged users to set the sticky bit
     are ignored.

     The following examples all refer to a file with the permissions
     rw-------.

     The second table shows the different results with symbolic entries
     without who being specified, depending on which file-creation mode
     mask is set with umask(1).
     ______________________________________
    | Symbolic form |  umask |    Result  |
    |_______________|________|____________|
    | +w            |   022  |  rw------- |
    | +w            |   000  |  rw--w--w- |
    |               |        |            |
    | =rw           |   022  |  rw-r--r-- |
    | =rw           |   000  |  rw-rw-rw- |
    |_______________|________|____________|

     The third table shows results of symbolic or absolute entries where
     the file-creation mode mask set with umask(1) does not play a role.
     _______________________________________________________
    | Symbolic form |  Absolute form |  umask |    Result  |
    |_______________|________________|________|____________|
    | go+r          |       644      |    -   |  rw-r--r-- |
    | go=r          |       644      |    -   |  rw-r--r-- |
    | go+rw         |       666      |    -   |  rw-rw-rw- |
    |_______________|________________|________|____________|

SEE ALSO
     chgrp(1), ls(1), newgrp(1), umask(1), chmod(2), chown(2), lockf(3C),
     passwd(4).





















Page 7                       Reliant UNIX 5.44                Printed 11/98

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026