DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 

chmod(1)


chmod -- change file mode

Synopsis

/u95/bin/chmod [-R] mode file ...

chmod [-R][ugoa]{ + | - | = }[rwxXlstugo] file ...

Description

chmod changes or assigns the mode of a file. The mode of a file specifies its permissions and other attributes. The mode may be absolute or symbolic.

An absolute mode is specified using octal numbers:

   chmod nnnn file . . .
where n is a number from 0 to 7. An absolute mode is constructed from the OR of any of the following modes:

4000
Set user ID on execution.

20#0
Set group ID on execution if # is 7, 5, 3, or 1.

Enable mandatory locking if # is 6, 4, 2, or 0.

This bit is ignored if the file is a directory; it may be set or cleared only using the symbolic mode.


1000
Turn on sticky bit (see chmod(2)).

0400
Allow read by owner.

0200
Allow write by owner.

0100
Allow execute (search in directory) by owner.

0070
Allow read, write, and execute (search) by group.

0007
Allow read, write, and execute (search) by others.

On execution, the setuid and setgid modes affect interpreter scripts only if the first line of those scripts is

#! pathname [arg]

where pathname is the path of a command interpreter, such as sh. (See exec(2).)

A symbolic mode is specified in the following format:

   chmod [who ]  operator  [permission(s)]  file . . .

who is zero or more of the characters u, g, o, and a specifying whose permissions are to be changed or assigned:


u
user's permissions

g
group's permissions

o
others' permissions

a
all permissions (user, group, and other)

If who is omitted, it defaults to a.

operator is one of +, -, or =, signifying how permissions are to be changed:


+
Add permissions.

-
Take away permissions.

=
Assign permissions absolutely.

Unlike other symbolic operations, = has an absolute effect in that it resets all other bits. Omitting permission(s) is useful only with = to take away all permissions.

permission(s) is any compatible combination of the following letters:


r
read permission

w
write permission

x
execute permission

X
conditional execute permission (see below)

s
user or group set-ID

t
sticky bit

l
mandatory locking

u, g, o
indicate that permission is to be taken from the current user, group or other mode respectively. Only one of these options may be used at a time.

The X represents the execute permission of a file only if the file is a directory, or if the current (unmodified) file permissions have at least one execute bit present. If neither of these conditions are true, it will be ignored.

Permissions to a file may vary depending on your user identification number (UID) or group identification number (GID). Permissions are described in three sequences each having three characters:

   User    Group   Other
   rwx     rwx     rwx

This example (user, group, and others all have permission to read, write, and execute a given file) demonstrates two categories for granting permissions: the access class and the permissions themselves.

Multiple symbolic modes separated by commas may be given, though no spaces may intervene between these modes. Operations are performed in the order given. Multiple symbolic letters following a single operator cause the corresponding operations to be performed simultaneously.

The letter s is only meaningful when who includes u or g, and t only works with u.

Mandatory file and record locking (^l^) refers to a file's ability to have its reading or writing permissions locked while a program is accessing that file. When locking is requested, the group ID of the user must be the same as the group ID of the file. It is not possible to permit group execution and enable a file to be locked on execution at the same time. In addition, it is not possible to turn on the set-group-ID bit and enable a file to be locked on execution at the same time. The following examples, therefore, are invalid and elicit error messages:

chmod g+x,+l file
chmod g+s,+l file

Only the owner of a file or directory (or a privileged user) may change that file's or directory's mode. Only a privileged user may set the sticky bit on a non-directory file. Otherwise, chmod will mask the sticky-bit but will not return an error. In order to turn on a file's set-group-ID bit, your own group ID must correspond to the file's and group execution must be set.

The -R option recursively descends through directory arguments, setting the mode for each file as described above. If a symbolic link is encountered whose target is a directory, the permission of the directory is changed. That directory's contents are not recursively traversed.

Files


/usr/lib/locale/locale/LC_MESSAGES/uxcore.abi
language-specific message file (See LANG on environ(5).)

Examples

Deny execute permission to everyone:

chmod a-x file

Allow read permission to everyone:

chmod 444 file

Make a file readable and writable by the group and others:

chmod go+rw file
chmod 066 file

Cause a file to be locked during access:

chmod +l file

Allow everyone to read, write, and execute the file and turn on the set group-ID:

chmod =rwx,g+s file
chmod 2777 file

Absolute changes don't work for the set-group-ID bit of a directory. You must use g+s or g-s.

If the file system is of type sfs or vxfs, additional access permissions, beyond those represented by the three sets of permissions in the mode bits, may also be placed on a file using an Access Control List (ACL).

References

chmod(2), getacl(1), ls(1), setacl(1)

Notices

chmod permits you to produce useless modes so long as they are not illegal (for example, making a text file executable). chmod does not check the file type to see if mandatory locking is available.

Normally, the effective user and group ID of a process is the user and group ID of the invoking process. If the set-user-ID (set-group-ID) on execution mode bit of an executable file is set, the effective user (group) ID of the process, when the file is invoked, is the owner (group) ID of the executable file. The real user ID and real group ID of the new process remain the same as those of the calling process.

Setting the ``set-group-ID on execution'' bit on a directory (via the g+s option) means that any files subsequently created in that directory will automatically be given the group ID of that directory.

Set-user-ID and set-group-ID mode bits affect shell script privileges only if the script begins with

   #! path.
When symbolic links are created by ln, they are made with permissions set to read, write, and execute for owner, group, and world (777). A chmod applied to a symbolic link acts on the target of the link, not on the link itself.

The symbolic modes should be used in preference to the octal representation, since the octal representation may not be supported in future releases.

If who is not specified, POSIX.2 requires use of umask. Use the POSIX2 environment variable to get POSIX.2 behavior. The POSIX.2 behavior is inconsistent with existing System V behavior.

This command has been updated to handle files greater than 2GB.


© 2005 The SCO Group, Inc. All rights reserved.
SCO OpenServer Release 6.0.0 - 02 June 2005