CHMOD(1) —
NAME
chmod − change mode (includes AFS extensions)
SYNOPSIS
chmod [ −Rf ] mode file ...
DESCRIPTION
The mode of each named file is changed according to mode, which may be absolute or symbolic. An absolute mode is an octal number constructed from the OR of the following modes:
4000 set user ID on execution
2000 set group ID on execution
1000 sticky bit, see chmod(2)
0400 read by owner
0200 write by owner
0100 execute (search in directory) by owner
0070 read, write, execute (search) by group
0007 read, write, execute (search) by others
A symbolic mode has the form:
[who] op permission [op permission] ...
The who part is a combination of the letters u (for user’s permissions), g (group) and o (other). The letter a stands for all, or ugo. If who is omitted, the default is a but the setting of the file creation mask (see umask(2)) is taken into account.
Op can be + to add permission to the file’s mode, − to take away permission and = to assign permission absolutely (all other bits will be reset).
Permission is any combination of the letters r (read), w (write), x (execute), X (set execute only if file is a directory or some other execute bit is set), s (set owner or group id) and t (save text − sticky). Letters u, g, or o indicate that permission is to be taken from the current mode. Omitting permission is only useful with = to take away all permissions.
When the −R option is given, chmod recursively descends its directory arguments setting the mode for each file as described above. When symbolic links are encountered, their mode is not changed and they are not traversed.
If the −f option is given, chmod will not complain if it fails to change the mode on a file.
FILE SYSTEM PERMISSIONS
Only the owner or a super-user can change the permissions on a file or directory.
A user with write permission to a directory has permission to remove any file in that directory, even if the user does not have write permission to the file. Exception: if the sticky-bit is set on the directory.
Changing the permissions does not change the date of the file or directory.
CHMOD ON THE ANDREW FILE SYSTEM
The effect of chmod has been changed somewhat to work with the Andrew File System’s protection scheme. Although all 12 mode bits for a file are implemented and can be set by chmod, for nearly all operations, the low order six protection bits (the "group" and "world" protection bits) are completely ignored. All protection is governed by the "owner" rwx bits and the access control list associated with the file’s immediate parent directory. (For information about access control lists in the Andrew File System, see the file "libal.vdoc" in /usr/andrew/doc/vdoc.) There is one exception: if a file is to be made executable, it must have all the "x" bits turned on, and if it is not to be executable, it should have none of them turned on.
When accessing a file on Andrew, first the access control list is consulted, resulting in certain rights being granted to the user. Next, the owner mode bits are checked. If the "r" bit is not set in the owner mode bits, read access is removed from the rights granted via the access control list. Similary, if the owner’s "w" bit is not set, the write access is removed from the rights granted via the access control list. All other mode bits operate as described below.
A user who has write access to the file on the access list is considered the owner of the file and is allowed to change the mode bits. Therefore, if the "r" and "w" bits are not set in the owner mode bits, a person who has write access to the file on the access list can use chmod to change the owner bits and enable himself to read or write the file.
EXAMPLES
The first example denies write permission to others, the second makes a file executable by all if it is executable by anyone:
chmod o−w file
chmod +X file
Multiple symbolic modes separated by commas may be given. Operations are performed in the order specified. The letter s is only useful with u or g.
Only the owner of a file (or the super-user) may change its mode.
SEE ALSO
ls(1), chmod(2), stat(2), umask(2), chown(8)
/usr/andrew/doc/vdoc/libal.vdoc This page intentionally left blank.
PRPQs 5799-WZQ/5799-PFF: IBM/4.3 — Sept 1988