chmod(1) chmod(1) NAME chmod - change the permissions mode of a file or directory SYNOPSIS chmod [-R] mode file ... chmod [-R] [ugoa]{+|-|=}[rwxXstl] file ... DESCRIPTION The permissions of the named files or directories are changed according to mode, which may be symbolic or absolute. Absolute changes to permissions are stated using octal numbers: chmod nnn file(s) where n is a number from 0 to 7. Symbolic changes are stated using mnemonic characters: chmod a operator b file(s) where a is one or more characters corresponding to user, group, or other; where operator is +, -, and =, signifying assignment of permissions; and where b is one or more characters corresponding to type of permission. An absolute mode is given as an octal number constructed from the OR of the following modes: 04000 set user ID on execution 020#0 set group ID on execution if # is 7, 5, 3, or 1 enable mandatory locking if # is 6, 4, 2, or 0 This applies only to regular files. See discussion below for effect on directories. 01000 sticky bit (see discussion below) 0400 read by owner 0200 write by owner 0100 execute (search in directory) by owner 0070 read, write, execute (search) by group 0007 read, write, execute (search) by others Symbolic changes are stated using letters that correspond both to access classes and to the individual permissions themselves. Permissions to a file may vary depending on your user identification number (UID) or group identification number (GID). Permissions are described in three sequences each having three characters: User Group Other rwx rwx rwx This example (meaning that user, group, and others all have reading, writing, and execution permission to a given file) demonstrates two categories for granting permissions: the access class and the permissions themselves. Thus, to change the mode of a file's (or directory's) permissions using chmod's symbolic method, use the following syntax for mode: [ who ] operator [ permission(s) ], ... A command line using the symbolic method would appear as follows: chmod g+rw file(s) This command would make file readable and writable by the group. The who part can be stated as one or more of the following letters: u user's permissions g group's permissions o others permissions The letter a (all) is equivalent to ugo. If who is omitted, the operation applies to all permissions except those set in the user's umask. Operator can be + to add permission to the file's mode, - to take away permission, or = to assign permission absolutely. (Unlike other symbolic operations, = has an absolute effect in that it resets all other bits.) Omitting permission is only useful with = to take away all permissions. Permission is any compatible combination of the following letters: r reading permission w writing permission x execution permission X execution permission (see below) s user or group set-ID is turned on t sticky bit is turned on l mandatory locking will occur during access When X appears in permission it is identical to x if the target file is a directory, or if the file is of any other type but already has at least one execution bit (user, group, or other) set. In all other cases, X is silently ignored. Multiple symbolic modes separated by commas may be given, though no spaces may intervene between these modes. Operations are performed in the order given. Multiple symbolic letters following a single operator cause the corresponding operations to be performed simultaneously. The letter s is only meaningful with u or g, and t only works with u. Mandatory file and record locking (l) refers to a file's ability to have its reading or writing permissions locked while a program is accessing that file (see chmod(2) for details). It is not possible to permit group execution and enable a file to be locked on execution at the same time. In addition, it is not possible to turn on the set-group-ID and enable a file to be locked on execution at the same time. The following examples, chmod g+x,+l file(s) chmod g+s,+l file(s) are, therefore, illegal usages and will elicit error messages. Only the owner of a file or directory (or the superuser) may change a file's mode. In order to turn on a file's set-group-ID, your own group ID must correspond to the file's, and group execution must be set. If a directory is writable and the sticky bit, (t), is set on the directory, a process may remove or rename files within that directory only if one or more of the following is true (see unlink(2) and rename(2)): the effective user ID of the process is the same as that of the owner ID of the file the effective user ID of the process is the same as that of the owner ID of the directory the process is a superuser. Note that the group id of the process and file are not taken into account by the rules above. A process will only be able to remove a file in a sticky directory based upon its effective user ID, not its group ID. In releases of IRIX before 6.2, a process could also remove or rename files within a directory with the sticky bit set if the process had write permission for the file. This has been changed in accordance with the X/Open XPG4.2 standard, but the old behavior can be enabled via the xpg4_sticky_dir kernel tunable variable. If the sticky bit, (t), is set on a file that is a dynamic loader for an ELF executable, then when the executable is execed the old process's read only address spaces will be made available to the dynamic loader in the new process. This can improve program start up time considerably. The setting of the sticky bit on any other file has no effect. If the set-group-ID flag is set on a directory, then files created in that directory will have their group ID set to the group ID of the directory, otherwise the group ID of the file is set to the effective group ID of the creating process (see chmod(2)]. The set-group-ID flag can only be set on a directory by using the symbolic mode: that is, chmod g+s directory mount(1) provides an alternate way to set this behavior for an entire filesystem (see mount(1) and fstab(4)]. The -R option recursively descends through directory arguments, setting the mode for each file as described above. If a symbolic link is encountered whose target is a directory, the permission of the directory is changed. That directory's contents are not recursively traversed. EXAMPLES chmod a-x file chmod 444 file The first examples deny execution permission to all. The absolute (octal) example permits only reading permissions. chmod go+rw file chmod 066 file These examples make a file readable and writable by the group and others. chmod +l file This causes a file to be locked during access. chmod =rwx,g+s file chmod 2777 file These last two examples enable all to read, write, and execute the file; and they turn on the set group-ID. SEE ALSO ls(1), mount(1), umask(1), chmod(2), unlink(2). Page 4