chmod(1)chmod(1)NAMEchmod - Changes permission codes
SYNOPSIS
Absolute Mode
chmod [-fR] absolute_mode file...
Symbolic Mode
chmod [-fR] [who] +permission ... file...
chmod [-fR] [who] -permission ... file...
chmod [-fR] [who] = [permission]... file...
The chmod command modifies the read, write, and execute permissions of
specified files and the search permissions of specified directories.
STANDARDS
Interfaces documented on this reference page conform to industry stan‐
dards as follows:
chmod: XCU5.0
Refer to the standards(5) reference page for more information about
industry standards and associated tags.
OPTIONS
[Tru64 UNIX] Does not report an error if chmod fails to change the
mode on a file. Causes chmod to recursively descend its directory
arguments, setting the mode for each file as described in the sections
Symbolic Mode and Absolute Mode. When symbolic links are encountered,
their mode is not changed and they are not traversed.
OPERANDS
Pathname of the file that is to have the permission bits modified.
Octal permission_code for setting the file permissions. This code is
formed as described under Absolute Mode in the DESCRIPTION section.
Specifies whether permissions are being defined for a user, group, or
all others. This operand is more fully described under Symbolic Mode
in the DESCRIPTION Section. Specifies the operation to be performed on
the permissions being defined. This operand is more fully described
under Symbolic Mode in the DESCRIPTION Section. Specifies the permis‐
sions being defined. This operand is more fully described under Sym‐
bolic Mode in the DESCRIPTION Section.
DESCRIPTION
You can use either symbolic or absolute mode to specify the desired
permission settings.
You can change the permission code of a file or directory only if you
own it or if you have superuser authority.
[Tru64 UNIX] If a named file is a symbolic link, chmod changes the
mode of the link's target file unless the -R option is used. If the -R
option is used, chmod leaves links and their target files untouched.
Symbolic Mode
A symbolic mode has the form: [who] operation permission [operation
permission] ...
The who argument specifies whether you are defining permissions for a
user, group, or all others, or any combination of these. The operation
argument specifies whether the permission is being added, taken away,
or assigned absolutely. The permission argument identifies the opera‐
tion that the specified users can perform on file.
Valid options for the who argument are as follows: User (owner) Group
All others User, group, and all others (same effect as the combination
ugo)
[Tru64 UNIX] If the who argument is omitted, the default is a. If the
environment variable STDS_FLAG is set to ALL, the setting of the file
creation mask, umask (see umask(1), csh, ksh, sh), is applied.
Valid options for the operation argument are as follows: Removes speci‐
fied permissions. Adds specified permissions. Clears the selected
permission field and sets it to the code specified. If you do not
specify a permission code following =, chmod removes all permissions
from the selected field.
Valid options for the permission argument are as follows: Read permis‐
sion. Write permission. Execute permission for files, search permis‐
sion for directories. Execute permission only if file is a directory
or at least one execute bit is set. Set-user-ID or set-group-ID per‐
mission.
This permission bit sets the effective user ID or group ID to
that of the owner or group owner of file whenever the file is
run. Use this permission setting in combination with the u or g
option to allow temporary or restricted access to files not nor‐
mally accessible to other users. An s appears in the user or
group execute position of a long listing (see ls) to show that
the file runs with set-user-ID or set-group-ID permission.
[Tru64 UNIX] Save text permission.
[Tru64 UNIX] In earlier versions of the UNIX system, setting
this permission bit caused the text segment of a program to
remain in virtual memory after its first use. The system thus
avoided having to transfer the program code of frequently
accessed programs into the paging area. A t appears in the exe‐
cute position of the all others option to indicate that the file
has this bit (the sticky bit) set.
[Tru64 UNIX] If a directory has this bit set, then deletion in
it is restricted. An entry in a sticky directory can be removed
or renamed by a user only if the user has write permission for
the directory and the user is the owner of the file, the owner
of the directory, or the superuser. [Tru64 UNIX] Mandatory
locking.
[Tru64 UNIX] Mandatory file and record locking refers to a
file's ability to have read and write permissions locked while
another program is accessing that file. It is not possible to
permit group execution and enable a file to be locked on an exe‐
cution at the same time. In addition, it is not possible to
turn on the set-group-ID bit and enable a file to be locked on
execution at the same time. In order to turn on a file's set-
group-ID bit, your own group ID must correspond to the file's
and group execution must be set.
The u, g, and o options indicate that permission is to be taken from
the current mode. Omitting permission is only useful with = to take
away all permissions.
All permission bits not explicitly specified are cleared.
You can specify multiple symbolic modes, separated with commas. Do not
separate items in this list with spaces. Operations are performed in
the order they appear from left to right.
Absolute Mode
Absolute mode lets you use octal notation to set each bit in the per‐
mission code. The chmod command sets the permissions to the permis‐
sion_code you provide. The permission_code is constructed by combining
(logical OR) the following values: Sets user ID on execution. Sets
group ID on execution. [Tru64 UNIX] Sets the sticky bit, which does
the following: [Tru64 UNIX] Retains memory image after execution (exe‐
cutable file) [Tru64 UNIX] Restricts file removal (directory file)
[Tru64 UNIX] You must have appropriate privileges to set the
sticky bit. See chmod(2). Permits read by owner. Permits
write by owner. Permits execute or search by owner. Permits
read by group. Permits write by group. Permits execute or
search by group. Permits read by others. Permits write by oth‐
ers. Permits execute or search by others.
System V Compatibility
[Tru64 UNIX] The root of the directory tree that contains the commands
modified for SVID 2 compliance is specified in the file
/etc/svid2_path. You can use /etc/svid2_profile as the basis for, or to
include in, your /etc/svid2_profile reads /etc/svid2_path and sets the
first entries in the PATH environment variable so that the modified
SVID 2 commands are found first.
[Tru64 UNIX] The SVID 2 compliant version of the chmod command ignores
the umask value if who is not specified in the symbolic mode of the
command (chmod [who] operation permission). In other words, if you
omit who from the chmod command line, the version of the command that
is compliant with the SVID 2 standard behaves exactly as if you speci‐
fied the character a as the value for who. The version of the chmod
command that is SVID 2 compliant also supports equivalents in absolute
mode for the s permission in symbolic mode. In absolute mode, setting
the bits 04000 represents set-user-ID and setting the bits 02000 repre‐
sents set-group-ID.
NOTES
The correspondence between octal value and mode bit is given in the
following table.
──────────────────────────────────────────────────────────
Octal Value Symbolic Mode Meaning
──────────────────────────────────────────────────────────
S_ISUID 4000 set user id on execution
S_ISGID 2000 set group id on execution
S_IRUSR 0400 read permission: owner
S_IWUSR 0200 write permission: owner
S_IXUSR 0100 execute/search permission:
owner
S_IRGRP 0040 read permission: group
S_IWGRP 0020 write permission: group
S_IXGRP 0010 execute/search permission:
group
S_IROTH 0004 read permission: other
S_IWOTH 0002 write permission: other
S_IXOTH 0001 execute/search permission:
other
──────────────────────────────────────────────────────────
EXIT STATUS
The following exit values are returned: Successful completion. An
error occurred.
EXAMPLES
To add a type of permission to several files, enter: chmod g+w chap1
chap2
This adds write permission for group members to the files chap1
and chap2. To make several permission changes at once, enter:
chmod go-w+x mydir
This denies group members and others the permission to create or
delete files in mydir (go-w). It allows them to search mydir or
use it in a pathname (go+x). This is equivalent to the following
command sequence: chmod g-w mydir chmod o-w mydir chmod g+x
mydir chmod o+x mydir To permit only the owner to use a shell
procedure as a command, enter: chmod u=rwx,go= cmd
This gives read, write, and execute permission to the user who
owns the file (u=rwx). It also denies the group and others the
permission to access cmd in any way (go=).
If you have permission to execute the cmd shell command file,
you can run it by entering: cmd
or ./cmd To use set-ID modes, enter: chmod ug+s cmd
When cmd is executed, this causes the effective user and group
IDs to be set to those that own the file cmd. Only the effec‐
tive IDs associated with the subprocess that runs cmd are
changed. The effective IDs of the shell session remain
unchanged.
This feature allows you to permit restricted access to important
files. Suppose that the file cmd has the set-user-ID mode
enabled and is owned by a user called dbms. Although dbms is
not actually a person, it might be associated with a database
management system. The user betty does not have permission to
access any of dbms's data files. However, she does have permis‐
sion to execute cmd. When she does so, her effective user ID is
temporarily changed to dbms, so that the cmd program can access
the data files owned by dbms.
This way betty can use cmd to access the data files, but she
cannot accidentally damage them with the standard shell com‐
mands. To use the absolute mode form of the chmod command,
enter: chmod 644 text
This sets read and write permission for the owner, and it sets
read-only mode for the group and all others.
ENVIRONMENT VARIABLES
The following environment variables affect the execution of chmod: Pro‐
vides a default value for the internationalization variables that are
unset or null. If LANG is unset or null, the corresponding value from
the default locale is used. If any of the internationalization vari‐
ables contain an invalid setting, the utility behaves as if none of the
variables had been defined. If set to a non-empty string value, over‐
rides the values of all the other internationalization variables.
Determines the locale for the interpretation of sequences of bytes of
text data as characters (for example, single-byte as opposed to multi‐
byte characters in arguments). Determines the locale for the format
and contents of diagnostic messages written to standard error. Deter‐
mines the location of message catalogues for the processing of LC_MES‐
SAGES. Resolves the behavior of the command in some scenarios that
cause noncompliance with POSIX standards. Setting this variable to ALL
enables the command to overcome all instances of noncompliance.
FILES
[Tru64 UNIX] Defines the correspondence between symbolic codes and
octal mode values.
SEE ALSO
Commands: chgrp(1), chown(1), csh(1), ksh(1), ls(1), Bourne shell
sh(1b), POSIX shell sh(1p), umask(1)
Functions: chown(2), chmod(2), stat(2), umask(2)
Standards: standards(5)chmod(1)