chmod
In Unix-like operating systems, chmod
is the command and system call which may change the access permissions to file system objects (files and directories). It may also alter special mode flags. The request is filtered by the umask. The name is an abbreviation of change mode.[1]
History
A chmod command first appeared in AT&T Unix version 1.
As systems grew in number and types of users, access control lists[2] were added to many file systems in addition to these most basic modes to increase flexibility.
Command syntax
Throughout this document user refers to the owner of the file as a reminder that the symbolic form of the command uses u.
chmod [options] mode[,mode] file1 [file2 ...][3]
Usual implemented options include:
- -R Recursive, i.e. include objects in subdirectories
- -f force processing to continue if errors occur
- -v verbose, show objects changed (unchanged objects are not shown)
If a symbolic link is specified, the target object is affected. File modes directly associated with symbolic links themselves are typically not used.
To view the file mode, the ls or stat commands may be used:
$ ls -l findPhoneNumbers.sh
-rwxr-xr-- 1 dgerman staff 823 Dec 16 15:03 findPhoneNumbers.sh
$ stat -c %a findPhoneNumbers.sh
754
The r, w, and x specify the read, write, and execute access. The first character of the ls display denotes the object type; a hyphen represents a plain file. This script can be read, written to, and executed by the dgerman, read and executed by members of the staff group and can be read by others.
Octal modes
The main parts of the chmod permissions:
Example: drwxrwx---
To the right of the "d":
the left three characters rwx define permissions of the user(i.e. the owner).
the middle three characters rwx define permissions of the Group.
the right three characters --- define permissions of Others. In this example users Other than the owning user and members of the Group has no permission to access the file.
Numerical permissions
The chmod numerical format accepts up to four octal digits. The three rightmost digits refer to permissions for the file user, the group, and others. The optional leading digit, when 4 digits are given, specifies the special setuid, setgid, and sticky flags. Each digit of the three rightmost digits represent a binary value, which it's bits control the read, write and execute respectively, where 1 means allow and 0 means don't. This is similar to the octal notation, but represented in decimal numbers.
| # | Permission | rwx | Binary |
|---|---|---|---|
| 7 | read, write and execute | rwx | 111 |
| 6 | read and write | rw- | 110 |
| 5 | read and execute | r-x | 101 |
| 4 | read only | r-- | 100 |
| 3 | write and execute | -wx | 011 |
| 2 | write only | -w- | 010 |
| 1 | execute only | --x | 001 |
| 0 | none | --- | 000 |
For example, 754 would allow:
read, write, and execute for the user, as the binary value of 7 is 111, meaning all bits are on.
read and execute for the Group, as the binary value of 5 is 101, meaning read and execute are on but write is off.
read only for Others, as the binary value of 4 is 100, meaning that only read is on.
Numeric example
Change permissions to permit members of the programmers group to update a file.
$ ls -l sharedFile
-rw-r--r-- 1 jsmith programmers 57 Jul 3 10:13 sharedFile
$ chmod 664 sharedFile
$ ls -l sharedFile
-rw-rw-r-- 1 jsmith programmers 57 Jul 3 10:13 sharedFile
Since the setuid, setgid and sticky bits are not specified, this is equivalent to:
$ chmod 0664 sharedFile
Symbolic modes
The chmod command also accepts a finer-grained symbolic notation,[4] which allows modifying specific modes while leaving other modes untouched. The symbolic mode is composed of three components, which are combined to form a single string of text:
$ chmod [references][operator][modes] file ...
Classes of users are used to distinguish to whom the permissions apply. If no classes are specified “all” is implied. The classes are represented by one or more of the following letters:
| Reference | Class | Description |
|---|---|---|
| u | user | file's owner |
| g | group | members of the file's group |
| o | others | users who are neither the file's owner nor members of the file's group |
| a | all | all three of the above, same as ugo |
The chmod program uses an operator to specify how the modes of a file should be adjusted. The following operators are accepted:
| Operator | Description |
|---|---|
| + | adds the specified modes to the specified classes |
| - | removes the specified modes from the specified classes |
| = | the modes specified are to be made the exact modes for the specified classes |
The modes indicate which permissions are to be granted or removed from the specified classes. There are three basic modes which correspond to the basic permissions:
| Mode | Name | Description |
|---|---|---|
| r | read | read a file or list a directory's contents |
| w | write | write to a file or directory |
| x | execute | execute a file or recurse a directory tree |
| X | special execute | which is not a permission in itself but rather can be used instead of x. It applies execute permissions to directories regardless of their current permissions and applies execute permissions to a file which already has at least one execute permission bit already set (either user, group or other). It is only really useful when used with '+' and usually in combination with the -R option for giving group or other access to a big directory tree without setting execute permission on normal files (such as text files), which would normally happen if you just used "chmod -R a+rx .", whereas with 'X' you can do "chmod -R a+rX ." instead |
| s | setuid/gid | details in Special modes section |
| t | sticky | details in Special modes section |
Multiple changes can be specified by separating multiple symbolic modes with commas (without spaces). If a user is not specified, chmod will check the umask and the effect will be as if "a" was specified except bits that are set in the umask are not affected.[5]
Symbolic examples
Add write permission (w) to the group's(g) access modes of a directory, allowing users in the same group to add files:
$ ls -ld shared_dir # show access modes before chmod
drwxr-xr-x 2 teamleader usguys 96 Apr 8 12:53 shared_dir
$ chmod g+w shared_dir
$ ls -ld shared_dir # show access modes after chmod
drwxrwxr-x 2 teamleader usguys 96 Apr 8 12:53 shared_dir
Remove write permissions (w) for all classes (a), preventing anyone from writing to the file:
$ ls -l ourBestReferenceFile
-rw-rw-r-- 2 teamleader usguys 96 Apr 8 12:53 ourBestReferenceFile
$ chmod a-w ourBestReferenceFile
$ ls -l ourBestReferenceFile
-r--r--r-- 2 teamleader usguys 96 Apr 8 12:53 ourBestReferenceFile
Set the permissions for the user and the group (ug) to read and execute (rx) only (no write permission) on referenceLib, preventing anyone to add files.
$ ls -ld referenceLib
drwxr----- 2 teamleader usguys 96 Apr 8 12:53 referenceLib
$ chmod ug=rx referenceLib
$ ls -ld referenceLib
dr-xr-x--- 2 teamleader usguys 96 Apr 8 12:53 referenceLib
Special modes
The chmod command is also capable of changing the additional permissions or special modes of a file or directory. The symbolic modes use 's' to represent the setuid and setgid modes, and 't' to represent the sticky mode. The modes are only applied to the appropriate classes, regardless of whether or not other classes are specified.
Most operating systems support the specification of special modes using octal modes, but some do not. On these systems, only the symbolic modes can be used.
Command line examples
| Command | Explanation |
|---|---|
| chmod a+r publicComments.txt | adds read permission for all classes (i.e. user, group and others) |
| chmod +r publicComments.txt | adds read permission for all classes depending on umask |
| chmod a-x publicComments.txt | removes execute permission for all classes |
| chmod a+rx viewer.sh | adds read and execute permissions for all classes |
| chmod u=rw,g=r,o= internalPlan.txt | sets read and write permission for user, sets read for group, and denies access for others |
| chmod -R u+w,go-w docs | adds write permission to the directory docs and all its contents (i.e. Recursively) for owner, and removes write permission for group and others |
| chmod ug=rw groupAgreements.txt | sets read and write permissions for user and group |
| chmod 664 global.txt | sets read and write permissions for user and group, and provides read to others. |
| chmod 0744 myCV.txt | sets read, write, and execute permissions for user, and sets read permission for group and others (the 0 specifies no special modes) |
| chmod 1755 findReslts.sh | sets sticky bit, sets read, write, and execute permissions for owner, and sets read and execute permissions for group and others (this suggests that the script be retained in memory) |
| chmod 4755 setCtrls.sh | sets UID, sets read, write, and execute permissions for owner, and sets read and execute permissions for group and others |
| chmod 2755 setCtrls.sh | sets GID, sets read, write, and execute permissions for user, and sets read and execute permissions for group and others |
| chmod -R u+rwX,g-rwx,o-rx personalStuff | Recursively (i.e. on all files and directories in personalStuff) adds read, write, and special execution permissions for user, removes read, write, and execution permissions for group, and removes read and execution permissions for others |
| chmod -R a-x+X publicDocs | Recursively (i.e. on all files and directories in publicDocs) removes execute permission for all classes and adds special execution permission for all classes |
System call
The POSIX standard defines the following function prototype:[6]
int chmod(const char *path, mode_t mode);
The mode parameter is a bitfield composed of various flags:
| Flag | Octal value | Purpose |
|---|---|---|
| S_ISUID | 04000 | Set user ID on execution |
| S_ISGID | 02000 | Set group ID on execution |
| S_ISVTX | 01000 | Sticky bit |
| S_IRUSR, S_IREAD | 00400 | Read by user |
| S_IWUSR, S_IWRITE | 00200 | Write by user |
| S_IXUSR, S_IEXEC | 00100 | Execute/search by user |
| S_IRGRP | 00040 | Read by group |
| S_IWGRP | 00020 | Write by group |
| S_IXGRP | 00010 | Execute/search by group |
| S_IROTH | 00004 | Read by others |
| S_IWOTH | 00002 | Write by others |
| S_IXOTH | 00001 | Execute/search by others |
See also
- File system permissions
- Modes (Unix)
chattr, the command used to change the attributes of a file or directory on Linux systemschown, the command used to change the owner of a file or directory on Unix-like systemschgrp, the command used to change the group of a file or directory on Unix-like systemscacls, a command used on Windows NT and its derivatives to modify the access control lists associated with a file or directoryattribumask, restricts mode (permissions) at file or directory creation on Unix-like systems- User identifier
- Group identifier
- List of Unix programs
References
- ↑ Tutorial for chmod
- ↑ "AIX 5.3 System management". IBM knowledge Center. IBM. Retrieved 30 August 2015.
- ↑ chmod
- ↑ "AIX 5.5 Commands Reference". IBM Knowledge Center. IBM. Retrieved 30 August 2015.
- ↑ http://teaching.idallen.com/cst8207/12f/notes/510_umask.html
- ↑ "chmod function". The Open Group Base Specifications Issue 7, 2013 Edition. The Open Group. Retrieved 30 August 2015.
External links
- : change file modes – FreeBSD General Commands Manual
- – Plan 9 Programmer's Manual, Volume 1
chmod— manual page from GNU coreutils.- GNU "Setting Permissions" manual
- CHMOD-Win 3.0 — Freeware Windows' ACL ←→ CHMOD converter.
- Beginners tutorial with on-line "live" example
| File system | |
|---|---|
| Processes | |
| User environment | |
| Text processing | |
| Shell builtins | |
| Searching | |
| Documentation | |
| Software development | |
| Miscellaneous | |
| |
