Chmod

In Unix-like operating systems, chmod is the command and system call which may change the access permissions to file system objects (files and directories). It may also alter special mode flags. The request is filtered by the umask. The name is an abbreviation of change mode.[1]

History

A chmod command first appeared in AT&T Unix version 1.

As systems grew in number and types of users, access control lists[2] were added to many file systems in addition to these most basic modes to increase flexibility.

Command syntax

Throughout this document user refers to the owner of the file as a reminder that the symbolic form of the command uses u.

chmod [options] mode[,mode] file1 [file2 ...][3]

Usual implemented options include:

  • -R Recursive, i.e. include objects in subdirectories
  • -f force processing to continue if errors occur
  • -v verbose, show objects changed (unchanged objects are not shown)

If a symbolic link is specified, the target object is affected. File modes directly associated with symbolic links themselves are typically not used.

To view the file mode, the ls or stat commands may be used:

$ ls -l findPhoneNumbers.sh
-rwxr-xr--  1 dgerman  staff  823 Dec 16 15:03 findPhoneNumbers.sh
$ stat -c %a findPhoneNumbers.sh
754

The r, w, and x specify the read, write, and execute access. The first character of the ls display denotes the object type; a hyphen represents a plain file. This script can be read, written to, and executed by the dgerman, read and executed by members of the staff group and can be read by others.

Octal modes

The main parts of the chmod permissions:

Example: drwxrwx---

To the right of the "d":

the left three characters rwx define permissions of the user(i.e. the owner).

the middle three characters rwx define permissions of the Group.

the right three characters --- define permissions of Others. In this example users Other than the owning user and members of the Group has no permission to access the file.

Numerical permissions

The chmod numerical format accepts up to four octal digits. The three rightmost digits refer to permissions for the file user, the group, and others. The optional leading digit, when 4 digits are given, specifies the special setuid, setgid, and sticky flags. Each digit of the three rightmost digits represent a binary value, which it's bits control the read, write and execute respectively, where 1 means allow and 0 means don't. This is similar to the octal notation, but represented in decimal numbers.

# Permission rwx Binary
7 read, write and execute rwx 111
6 read and write rw- 110
5 read and execute r-x 101
4 read only r-- 100
3 write and execute -wx 011
2 write only -w- 010
1 execute only --x 001
0 none --- 000

For example, 754 would allow:

read, write, and execute for the user, as the binary value of 7 is 111, meaning all bits are on.

read and execute for the Group, as the binary value of 5 is 101, meaning read and execute are on but write is off.

read only for Others, as the binary value of 4 is 100, meaning that only read is on.

Numeric example

Change permissions to permit members of the programmers group to update a file.

$ ls -l sharedFile
-rw-r--r--  1 jsmith programmers 57 Jul  3 10:13  sharedFile
$ chmod 664 sharedFile
$ ls -l sharedFile
-rw-rw-r--  1 jsmith programmers 57 Jul  3 10:13  sharedFile

Since the setuid, setgid and sticky bits are not specified, this is equivalent to:

$ chmod 0664 sharedFile

Symbolic modes

The chmod command also accepts a finer-grained symbolic notation,[4] which allows modifying specific modes while leaving other modes untouched. The symbolic mode is composed of three components, which are combined to form a single string of text:

$ chmod [references][operator][modes] file ...

Classes of users are used to distinguish to whom the permissions apply. If no classes are specified "all" is implied. The classes are represented by one or more of the following letters:

Reference Class Description
u user file's owner
g group members of the file's group
o others users who are neither the file's owner nor members of the file's group
a all all three of the above, same as ugo

The chmod program uses an operator to specify how the modes of a file should be adjusted. The following operators are accepted:

Operator Description
+ adds the specified modes to the specified classes
- removes the specified modes from the specified classes
= the modes specified are to be made the exact modes for the specified classes

The modes indicate which permissions are to be granted or removed from the specified classes. There are three basic modes which correspond to the basic permissions:

Mode Name Description
r read read a file or list a directory's contents
w write write to a file or directory
x execute execute a file or recurse a directory tree
X special execute which is not a permission in itself but rather can be used instead of x. It applies execute permissions to directories regardless of their current permissions and applies execute permissions to a file which already has at least one execute permission bit already set (either user, group or other). It is only really useful when used with '+' and usually in combination with the -R option for giving group or other access to a big directory tree without setting execute permission on normal files (such as text files), which would normally happen if you just used "chmod -R a+rx .", whereas with 'X' you can do "chmod -R a+rX ." instead
s setuid/gid details in Special modes section
t sticky details in Special modes section

Multiple changes can be specified by separating multiple symbolic modes with commas (without spaces). If a user is not specified, chmod will check the umask and the effect will be as if "a" was specified except bits that are set in the umask are not affected.[5]

Symbolic examples

Add write permission (w) to the group's(g) access modes of a directory, allowing users in the same group to add files:

$ ls -ld shared_dir # show access modes before chmod
drwxr-xr-x   2 teamleader  usguys 96 Apr 8 12:53 shared_dir
$ chmod  g+w shared_dir
$ ls -ld shared_dir  # show access modes after chmod
drwxrwxr-x   2 teamleader  usguys 96 Apr 8 12:53 shared_dir

Remove write permissions (w) for all classes (a), preventing anyone from writing to the file:

$ ls -l ourBestReferenceFile
-rw-rw-r--   2 teamleader  usguys 96 Apr 8 12:53 ourBestReferenceFile
$ chmod a-w ourBestReferenceFile
$ ls -l ourBestReferenceFile
-r--r--r--   2 teamleader  usguys 96 Apr 8 12:53 ourBestReferenceFile

Set the permissions for the user and the group (ug) to read and execute (rx) only (no write permission) on referenceLib, preventing anyone to add files.

$ ls -ld referenceLib
drwxr-----   2 teamleader  usguys 96 Apr 8 12:53 referenceLib
$ chmod ug=rx referenceLib
$ ls -ld referenceLib
dr-xr-x---   2 teamleader  usguys 96 Apr 8 12:53 referenceLib

Special modes

The chmod command is also capable of changing the additional permissions or special modes of a file or directory. The symbolic modes use 's' to represent the setuid and setgid modes, and 't' to represent the sticky mode. The modes are only applied to the appropriate classes, regardless of whether or not other classes are specified.

Most operating systems support the specification of special modes using octal modes, but some do not. On these systems, only the symbolic modes can be used.

Command line examples

Command Explanation
chmod a+r publicComments.txt adds read permission for all classes (i.e. user, group and others)
chmod +r publicComments.txt adds read permission for all classes depending on umask
chmod a-x publicComments.txt removes execute permission for all classes
chmod a+rx viewer.sh adds read and execute permissions for all classes
chmod u=rw,g=r,o= internalPlan.txt sets read and write permission for user, sets read for group, and denies access for others
chmod -R u+w,go-w docs adds write permission to the directory docs and all its contents (i.e. Recursively) for owner, and removes write permission for group and others
chmod ug=rw groupAgreements.txt sets read and write permissions for user and group
chmod 664 global.txt sets read and write permissions for user and group, and provides read to others.
chmod 0744 myCV.txt sets read, write, and execute permissions for user, and sets read permission for group and others (the 0 specifies no special modes)
chmod 1755 findReslts.sh sets sticky bit, sets read, write, and execute permissions for owner, and sets read and execute permissions for group and others (this suggests that the script be retained in memory)
chmod 4755 setCtrls.sh sets UID, sets read, write, and execute permissions for owner, and sets read and execute permissions for group and others
chmod 2755 setCtrls.sh sets GID, sets read, write, and execute permissions for user, and sets read and execute permissions for group and others
chmod -R u+rwX,g-rwx,o-rx personalStuff Recursively (i.e. on all files and directories in personalStuff) adds read, write, and special execution permissions for user, removes read, write, and execution permissions for group, and removes read and execution permissions for others
chmod -R a-x+X publicDocs Recursively (i.e. on all files and directories in publicDocs) removes execute permission for all classes and adds special execution permission for all classes

System call

The POSIX standard defines the following function prototype:[6]

int chmod(const char *path, mode_t mode);

The mode parameter is a bitfield composed of various flags:

Flag Octal value Purpose
S_ISUID 04000 Set user ID on execution
S_ISGID 02000 Set group ID on execution
S_ISVTX 01000 Sticky bit
S_IRUSR, S_IREAD 00400 Read by user
S_IWUSR, S_IWRITE 00200 Write by user
S_IXUSR, S_IEXEC 00100 Execute/search by user
S_IRGRP 00040 Read by group
S_IWGRP 00020 Write by group
S_IXGRP 00010 Execute/search by group
S_IROTH 00004 Read by others
S_IWOTH 00002 Write by others
S_IXOTH 00001 Execute/search by others

See also

References

  1. ^ Tutorial for chmod
  2. ^ "AIX 5.3 System management". IBM knowledge Center. IBM. Retrieved 2015.
  3. ^ chmod
  4. ^ "AIX 5.5 Commands Reference". IBM Knowledge Center. IBM. Retrieved 2015.
  5. ^ http://teaching.idallen.com/cst8207/12f/notes/510_umask.html
  6. ^ "chmod function". The Open Group Base Specifications Issue 7, 2013 Edition. The Open Group. Retrieved 2015.

External links


  This article uses material from the Wikipedia page available here. It is released under the Creative Commons Attribution-Share-Alike License 3.0.

Chmod
 



 

Connect with defaultLogic
What We've Done
Led Digital Marketing Efforts of Top 500 e-Retailers.
Worked with Top Brands at Leading Agencies.
Successfully Managed Over $50 million in Digital Ad Spend.
Developed Strategies and Processes that Enabled Brands to Grow During an Economic Downturn.
Taught Advanced Internet Marketing Strategies at the graduate level.


Manage research, learning and skills at defaultlogic.com. Create an account using LinkedIn to manage and organize your omni-channel knowledge. defaultlogic.com is like a shopping cart for information -- helping you to save, discuss and share.


  Contact Us