Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ chmod(1) — AIX/RT 2.2.1

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

ls

li

umask

chmod

PURPOSE

     Changes permission codes.

SYNOPSIS
     chmod mode file ...


DESCRIPTION

     The  chmod  command  modifies the  read,  write,  execute
     (file), or search (directory)  permission codes of speci-
     fied files  or directories.  You can  use either symbolic
     or absolute  mode to specify the  desired permission set-
     tings.

     You can change the permission code of a file or directory
     only if you own it or if you are operating with superuser
     authority.

       SYMBOLIC MODE

     When  you use  the  symbolic mode  to specify  permission
     codes,  the first  set  of flags  selects the  permission
     field, as follows:

     u    User (owner)
     g    Group
     o    All others
     a    User, group,  and all  others (same effect  as ugo).
          This is the default permission field.

     The second  set of flags selects  whether permissions are
     to be taken away, added , or set exactly as specified:

     -    Removes specified permissions
     +    Adds specified permissions
     =    Clears the selected permission  field and sets it to
          the code specified.  If you do not specify a permis-
          sion code following =, chmod removes all permissions
          from the selected field.

     The third set  of flags of the chmod  command selects the
     permissions as follows:

     r    Read permission.
     w    Write permission.
     x    Execute permission for  files; search permission for
          directories.
     s    Set user-ID  or set group-ID permission.   This per-
          mission bit  sets the effective user-ID  or group-ID
          to that of  the file whenever the file  is run.  Use
          this permission setting in combination with the u or
          g field  to allow temporary or  restricted access to
          files not normally accessible  to other users.  An s
          appears in the  user or group execute  position of a
          long listing  (see "ls" or  "li"), to show  that the
          file runs "set user-ID" or "set group-ID."
     t    The save  text permission.  Setting  this permission
          bit causes the  text segment of a  program to remain
          in virtual  memory after its first  use.  The system
          thus avoids  having to transfer the  program code of
          frequently-accessed programs  into the  paging area.
          A character special file with this bit set is a mul-
          tiplexed file.  You can specify this permission only
          with the u field.  A  t appears in the execute posi-
          tion of the "all others"  field to indicate that the
          file has this bit (the sticky bit) set.

     You can  specify multiple symbolic modes,  separated with
     commas.  Do not separate items  in this list with spaces.
     Operations are  performed in  the order they  appear from
     left to right.

       ABSOLUTE MODE

     The chmod command also permits  you to use octal notation
     to set each  bit in the permission code.   chmod sets the
     permissions to  the permcode you provide.   This permcode
     is constructed by combining (the  logical OR of) the fol-
     lowing values:

     4000    Sets user-ID on execution
     2000    Sets group-ID on execution
     1000    Retains memory image  after execution (executable
             file)
     1000    Indicates multiplexed character special file
     0400    Permits read by owner
     0200    Permits write by owner
     0100    Permits execute or search by owner
     0040    Permits read by group
     0020    Permits write by group
     0010    Permits execute or search by group
     0004    Permits read by others
     0002    Permits write by others
     0001    Permits execute or search by others

     All permission bits not explicitly specified are cleared.

EXAMPLES

     1.  To add a type of permission to several files:

           chmod  g+w  chap1 chap2

         This adds  write permission for group  members to the
         files "chap1" and "chap2".
     2.  To make several permission changes at once:

           chmod  go-w+x  mydir

         This denies  group members and others  the permission
         to create  or delete  files in "mydir"  ("go-w").  It
         allows them  to search  "mydir" or use  it in  a path
         name  ("go+x").  This  is equivalent  to the  command
         sequence:

           chmod  g-w  mydir
           chmod  o-w  mydir
           chmod  g+x  mydir
           chmod  o+x  mydir

     3.  To permit only the owner  to use a shell procedure as
         a command:

           chmod  u=rwx,go=  cmd

         This gives read, write, and execute permission to the
         user who owns the file ("u=rwx").  It also denies the
         group and  others the  permission to access  "cmd" in
         any way ("go=").

         If you  have permission to execute  the shell command
         file "cmd", then you can run it by entering:

           cmd

         This may  not work  in some  cases, depending  on the
         value of the shell variable PATH.  See page  for more
         information about PATH.
     4.  To use "set-ID" modes:

           chmod  ug+s  cmd

         When  "cmd" is  executed, this  causes the  effective
         user and  group IDs to be  set to those that  own the
         file "cmd".   Only the effective IDs  associated with
         the  subprocess that  runs  "cmd"  are changed.   The
         effective IDs of the shell session remain unchanged.

         This feature  allows you to permit  restricted access
         to important files.  Suppose  that the file "cmd" has
         the set-user-ID mode  enabled and is owned  by a user
         called "dbms".  "dbms" is  not actually a person, but
         might  be  associated   with  a  database  management
         system.  The user "betty" does not have permission to
         access any of "dbms"'s data files.  However, she does
         have permission to execute  "cmd".  When she does so,
         her  effective  user  ID is  temporarily  changed  to
         "dbms", so that the "cmd" program can access the data
         files owned by "dbms".

         This way  "betty" can  use "cmd"  to access  the data
         files, but  she cannot accidentally damage  them with
         the standard shell commands.
     5.  To use the absolute mode form of the chmod command:

           chmod  644  text

         This sets  read and  write permission for  the owner,
         and it sets read-only mode for the group and others.

RELATED INFORMATION

     The following commands:  "ls,"  "li," and "umask."

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026