chmod

In Unix and Unix-like operating systems, chmod is the command and system call which is used to change the access permissions of file system objects (files and directories). It is also used to change special mode flags. The request is filtered by the umask. The name is an abbreviation of change mode.[1]

chmod
The chmod command
Developer(s)AT&T Bell Laboratories
Initial release3 November 1971 (1971-11-03)
Operating systemUnix and Unix-like
TypeCommand

History

A chmod command first appeared in AT&T Unix version 1.

As systems grew in number and types of users, access control lists[2] were added to many file systems in addition to these most basic modes to increase flexibility.

The version of chmod bundled in GNU coreutils was written by David MacKenzie and Jim Meyering.[3]

Command syntax

Throughout this section, user refers to the owner of the file, as a reminder that the symbolic form of the command uses "u".

chmod [options] mode[,mode] file1 [file2 ...][4]

Usual implemented options include:

  • -R Recursive, i.e. include objects in subdirectories.
  • -v verbose, show objects changed (unchanged objects are not shown).

If a symbolic link is specified, the target object is affected. File modes directly associated with symbolic links themselves are typically not used.

To view the file mode, the ls or stat commands may be used:

$ ls -l findPhoneNumbers.sh
-rwxr-xr--  1 dgerman  staff  823 Dec 16 15:03 findPhoneNumbers.sh
$ stat -c %a findPhoneNumbers.sh
754

The r, w, and x specify the read, write, and execute access. The first character of the ls display denotes the object type; a hyphen represents a plain file. This script can be read, written to, and executed by the user dgerman; read and executed by members of the staff group; and only read by any other users.

Octal modes

The main parts of the chmod permissions:

For example: drwxrwx---

The characters to the right of the "d" define permissions for each class:

  • the three leftmost characters, rwx, define permissions for the user class (i.e. the file owner).
  • the middle three characters, rwx, define permissions for the Group class.
  • the last three characters, ---, define permissions for the Others class. In this example, users who are not the owner of the file and who are not members of the Group (and, thus, are in the Others class) have no permission to access the file.

Numerical permissions

The chmod numerical format accepts up to four octal digits. The three rightmost digits define permissions for the file user, the group, and others. The optional leading digit, when 4 digits are given, specifies the special setuid, setgid, and sticky flags. Each digit of the three rightmost digits represents a binary value, which controls the "read", "write" and "execute" permissions respectively. A value of 1 means a class is allowed that action, while a 0 means it is disallowed.

#Permissionrwx Binary
7read, write and executerwx 111
6read and writerw- 110
5read and executer-x 101
4read onlyr-- 100
3write and execute-wx 011
2write only-w- 010
1execute only--x 001
0none--- 000

For example, 754 would allow:

  • "read", "write", and "execute" for the user class, as the binary value of 7 is 111.
  • "read" and "execute" for the Group class, as the binary value of 5 is 101.
  • Only "read" for the Others class, as the binary value of 4 is 100.

Numeric example

Change permissions to permit members of the programmers group to update a file.

$ ls -l sharedFile
-rw-r--r--  1 jsmith programmers 57 Jul  3 10:13  sharedFile
$ chmod 664 sharedFile
$ ls -l sharedFile
-rw-rw-r--  1 jsmith programmers 57 Jul  3 10:13  sharedFile

Since the setuid, setgid and sticky bits are not specified, this is equivalent to:

$ chmod 0664 sharedFile

Symbolic modes

The chmod command also accepts a finer-grained symbolic notation,[5] which allows modifying specific modes while leaving other modes untouched. The symbolic mode is composed of three components, which are combined to form a single string of text:

$ chmod [references][operator][modes] file ...

Classes of users are used to distinguish to whom the permissions apply. If no classes are specified "all" is implied. The classes are represented by one or more of the following letters:

ReferenceClassDescription
uuserfile owner
ggroupmembers of the file's group
oothersusers who are neither the file's owner nor members of the file's group
aallall three of the above, same as ugo

The chmod program uses an operator to specify how the modes of a file should be adjusted. The following operators are accepted:

OperatorDescription
+adds the specified modes to the specified classes
-removes the specified modes from the specified classes
=the modes specified are to be made the exact modes for the specified classes

The modes indicate which permissions are to be granted or removed from the specified classes. There are three basic modes which correspond to the basic permissions:

ModeNameDescription
rreadread a file or list a directory's contents
wwritewrite to a file or directory
xexecuteexecute a file or recurse a directory tree
Xspecial executewhich is not a permission in itself but rather can be used instead of x. It applies execute permissions to directories regardless of their current permissions and applies execute permissions to a file which already has at least one execute permission bit already set (either User, Group or Others). It is only really useful when used with + and usually in combination with the -R flag for giving Group or Others access to a big directory tree without setting execute permission on normal files (such as text files), which would normally happen if you just used chmod -R a+rx ., whereas with X you can do chmod -R a+rX . instead
ssetuid/giddetails in Special modes section
tstickydetails in Special modes section

Multiple changes can be specified by separating multiple symbolic modes with commas (without spaces). If a user is not specified, chmod will check the umask and the effect will be as if "a" was specified except bits that are set in the umask are not affected.[6]

Symbolic examples

  • Add write permission (w) to the Group's (g) access modes of a directory, allowing users in the same group to add files:
$ ls -ld shared_dir # show access modes before chmod
drwxr-xr-x   2 teamleader  usguys 96 Apr 8 12:53 shared_dir
$ chmod  g+w shared_dir
$ ls -ld shared_dir  # show access modes after chmod
drwxrwxr-x   2 teamleader  usguys 96 Apr 8 12:53 shared_dir
  • Remove write permissions (w) for all classes (a), preventing anyone from writing to the file:
$ ls -l ourBestReferenceFile
-rw-rw-r--   2 teamleader  usguys 96 Apr 8 12:53 ourBestReferenceFile
$ chmod a-w ourBestReferenceFile
$ ls -l ourBestReferenceFile
-r--r--r--   2 teamleader  usguys 96 Apr 8 12:53 ourBestReferenceFile
  • Set the permissions for the user and the Group (ug) to read and execute (rx) only (no write permission) on referenceLib, preventing anyone to add files.
$ ls -ld referenceLib
drwxr-----   2 teamleader  usguys 96 Apr 8 12:53 referenceLib
$ chmod ug=rx referenceLib
$ ls -ld referenceLib
dr-xr-x---   2 teamleader  usguys 96 Apr 8 12:53 referenceLib

Special modes

The chmod command is also capable of changing the additional permissions or special modes of a file or directory. The symbolic modes use 's' to represent the setuid and setgid modes, and 't' to represent the sticky mode. The modes are only applied to the appropriate classes, regardless of whether or not other classes are specified.

Most operating systems support the specification of special modes using octal modes, but some do not. On these systems, only the symbolic modes can be used.

Command line examples

CommandExplanation
chmod a+r publicComments.txtadds read permission for all classes (i.e. user, Group and Others)
chmod a-x publicComments.txtremoves execute permission for all classes
chmod a+rx viewer.shadds read and execute permissions for all classes
chmod u=rw,g=r,o= internalPlan.txtsets read and write permission for user, sets read for Group, and denies access for Others
chmod -R u+w,go-w docsadds write permission to the directory docs and all its contents (i.e. Recursively) for owner, and removes write permission for group and others
chmod ug=rw groupAgreements.txtsets read and write permissions for user and Group
chmod 664 global.txtsets read and write permissions for user and Group, and provides read to Others.
chmod 0744 myCV.txtsets read, write, and execute permissions for user, and sets read permission for Group and Others (the 0 specifies no special modes)
chmod 1755 findReslts.shsets sticky bit, sets read, write, and execute permissions for owner, and sets read and execute permissions for group and others (this suggests that the script be retained in memory)
chmod 4755 setCtrls.shsets UID, sets read, write, and execute permissions for user, and sets read and execute permissions for Group and Others
chmod 2755 setCtrls.shsets GID, sets read, write, and execute permissions for user, and sets read and execute permissions for Group and Others
chmod -R u+rwX,g-rwx,o-rx personalStuffRecursively (i.e. on all files and directories in personalStuff) adds read, write, and special execution permissions for user, removes read, write, and execution permissions for Group, and removes read and execution permissions for Others
chmod -R a-x+X publicDocsRecursively (i.e. on all files and directories in publicDocs) removes execute permission for all classes and adds special execution permission for all classes

System call

The POSIX standard defines the following function prototype:[7]

int chmod(const char *path, mode_t mode);

The mode parameter is a bitfield composed of various flags:

FlagOctal valuePurpose
S_ISUID04000Set user ID on execution
S_ISGID02000Set group ID on execution
S_ISVTX01000Sticky bit
S_IRUSR, S_IREAD00400Read by user
S_IWUSR, S_IWRITE00200Write by user
S_IXUSR, S_IEXEC00100Execute/search by user
S_IRGRP00040Read by group
S_IWGRP00020Write by group
S_IXGRP00010Execute/search by group
S_IROTH00004Read by others
S_IWOTH00002Write by others
S_IXOTH00001Execute/search by others

See also

References

  1. Tutorial for chmod
  2. "AIX 5.3 System management". IBM knowledge Center. IBM. Retrieved 30 August 2015.
  3. https://linux.die.net/man/1/chmod
  4. chmod
  5. "AIX 5.5 Commands Reference". IBM Knowledge Center. IBM. Retrieved 30 August 2015.
  6. http://teaching.idallen.com/cst8207/12f/notes/510_umask.html
  7. "chmod function". The Open Group Base Specifications Issue 7, 2013 Edition. The Open Group. Retrieved 30 August 2015.

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.