chmod
PURPOSE
Changes permission codes.
SYNOPSIS
chmod mode file ...
DESCRIPTION
The chmod command modifies the read, write, execute
(file), or search (directory) permission codes of speci-
fied files or directories. You can use either symbolic
or absolute mode to specify the desired permission set-
tings.
You can change the permission code of a file or directory
only if you own it or if you are operating with superuser
authority.
SYMBOLIC MODE
When you use the symbolic mode to specify permission
codes, the first set of flags selects the permission
field, as follows:
u User (owner)
g Group
o All others
a User, group, and all others (same effect as ugo).
This is the default permission field.
The second set of flags selects whether permissions are
to be taken away, added , or set exactly as specified:
- Removes specified permissions
+ Adds specified permissions
= Clears the selected permission field and sets it to
the code specified. If you do not specify a permis-
sion code following =, chmod removes all permissions
from the selected field.
The third set of flags of the chmod command selects the
permissions as follows:
r Read permission.
w Write permission.
x Execute permission for files; search permission for
directories.
s Set user-ID or set group-ID permission. This per-
mission bit sets the effective user-ID or group-ID
to that of the file whenever the file is run. Use
this permission setting in combination with the u or
g field to allow temporary or restricted access to
files not normally accessible to other users. An s
appears in the user or group execute position of a
long listing (see "ls" or "li"), to show that the
file runs "set user-ID" or "set group-ID."
t The save text permission. Setting this permission
bit causes the text segment of a program to remain
in virtual memory after its first use. The system
thus avoids having to transfer the program code of
frequently-accessed programs into the paging area.
A character special file with this bit set is a mul-
tiplexed file. You can specify this permission only
with the u field. A t appears in the execute posi-
tion of the "all others" field to indicate that the
file has this bit (the sticky bit) set.
You can specify multiple symbolic modes, separated with
commas. Do not separate items in this list with spaces.
Operations are performed in the order they appear from
left to right.
ABSOLUTE MODE
The chmod command also permits you to use octal notation
to set each bit in the permission code. chmod sets the
permissions to the permcode you provide. This permcode
is constructed by combining (the logical OR of) the fol-
lowing values:
4000 Sets user-ID on execution
2000 Sets group-ID on execution
1000 Retains memory image after execution (executable
file)
1000 Indicates multiplexed character special file
0400 Permits read by owner
0200 Permits write by owner
0100 Permits execute or search by owner
0040 Permits read by group
0020 Permits write by group
0010 Permits execute or search by group
0004 Permits read by others
0002 Permits write by others
0001 Permits execute or search by others
All permission bits not explicitly specified are cleared.
EXAMPLES
1. To add a type of permission to several files:
chmod g+w chap1 chap2
This adds write permission for group members to the
files "chap1" and "chap2".
2. To make several permission changes at once:
chmod go-w+x mydir
This denies group members and others the permission
to create or delete files in "mydir" ("go-w"). It
allows them to search "mydir" or use it in a path
name ("go+x"). This is equivalent to the command
sequence:
chmod g-w mydir
chmod o-w mydir
chmod g+x mydir
chmod o+x mydir
3. To permit only the owner to use a shell procedure as
a command:
chmod u=rwx,go= cmd
This gives read, write, and execute permission to the
user who owns the file ("u=rwx"). It also denies the
group and others the permission to access "cmd" in
any way ("go=").
If you have permission to execute the shell command
file "cmd", then you can run it by entering:
cmd
This may not work in some cases, depending on the
value of the shell variable PATH. See page for more
information about PATH.
4. To use "set-ID" modes:
chmod ug+s cmd
When "cmd" is executed, this causes the effective
user and group IDs to be set to those that own the
file "cmd". Only the effective IDs associated with
the subprocess that runs "cmd" are changed. The
effective IDs of the shell session remain unchanged.
This feature allows you to permit restricted access
to important files. Suppose that the file "cmd" has
the set-user-ID mode enabled and is owned by a user
called "dbms". "dbms" is not actually a person, but
might be associated with a database management
system. The user "betty" does not have permission to
access any of "dbms"'s data files. However, she does
have permission to execute "cmd". When she does so,
her effective user ID is temporarily changed to
"dbms", so that the "cmd" program can access the data
files owned by "dbms".
This way "betty" can use "cmd" to access the data
files, but she cannot accidentally damage them with
the standard shell commands.
5. To use the absolute mode form of the chmod command:
chmod 644 text
This sets read and write permission for the owner,
and it sets read-only mode for the group and others.
RELATED INFORMATION
The following commands: "ls," "li," and "umask."