|
|
chmod [-R][ugoa]{ + | - | = }[rwxXlstugo] file ...
An absolute mode is specified using octal numbers:
chmod nnnn file . . .where n is a number from 0 to 7. An absolute mode is constructed from the OR of any of the following modes:
Enable mandatory locking if # is 6, 4, 2, or 0.
This bit is ignored if the file is a directory; it may be set or cleared only using the symbolic mode.
On execution, the setuid and setgid modes
affect interpreter scripts only if
the first line of those scripts is
#! pathname [arg]
where pathname is the path of a command interpreter, such as sh. (See exec(2).)
A symbolic mode is specified in the following format:
chmod [who ] operator [permission(s)] file . . .
who is zero or more of the characters u, g, o, and a specifying whose permissions are to be changed or assigned:
If who is omitted, it defaults to a.
operator is one of +, , or =, signifying how permissions are to be changed:
Unlike other symbolic operations, = has an absolute effect in that it resets all other bits. Omitting permission(s) is useful only with = to take away all permissions.
permission(s) is any compatible combination of the following letters:
The X represents the execute permission of a file only if the file is a directory, or if the current (unmodified) file permissions have at least one execute bit present. If neither of these conditions are true, it will be ignored.
Permissions to a file may vary depending on your user identification number (UID) or group identification number (GID). Permissions are described in three sequences each having three characters:
User Group Other rwx rwx rwx
This example (user, group, and others all have permission to read, write, and execute a given file) demonstrates two categories for granting permissions: the access class and the permissions themselves.
Multiple symbolic modes separated by commas may be given, though no spaces may intervene between these modes. Operations are performed in the order given. Multiple symbolic letters following a single operator cause the corresponding operations to be performed simultaneously.
The letter s is only meaningful when who includes u or g, and t only works with u.
Mandatory file and record locking (^l^) refers to a file's
ability to have its reading or writing permissions locked
while a program is accessing that file.
When locking is requested,
the group ID of the user must be the same as the group ID of the file.
It is not possible to
permit group execution and enable a file to be locked on
execution at the same time.
In addition, it is not possible to turn on the set-group-ID bit
and enable a file to be locked on execution at the same time.
The following examples, therefore, are invalid and
elicit error messages:
chmod g+x,+l file
chmod g+s,+l file
Only the owner of a file or directory (or a privileged user) may change that file's or directory's mode. Only a privileged user may set the sticky bit on a non-directory file. Otherwise, chmod will mask the sticky-bit but will not return an error. In order to turn on a file's set-group-ID bit, your own group ID must correspond to the file's and group execution must be set.
The -R option recursively descends through directory arguments, setting the mode for each file as described above. If a symbolic link is encountered whose target is a directory, the permission of the directory is changed. That directory's contents are not recursively traversed.
Allow read permission to everyone:
chmod 444 file
Make a file readable and writable by the group and others:
chmod go+rw file
chmod 066 file
Cause a file to be locked during access:
chmod +l file
Allow everyone to read, write, and execute the file
and turn on the set group-ID:
chmod =rwx,g+s file
chmod 2777 file
Absolute changes don't work for the set-group-ID bit of a directory. You must use g+s or g-s.
If the file system is of type sfs or vxfs, additional access permissions, beyond those represented by the three sets of permissions in the mode bits, may also be placed on a file using an Access Control List (ACL).
Normally, the effective user and group ID of a process is the user and group ID of the invoking process. If the set-user-ID (set-group-ID) on execution mode bit of an executable file is set, the effective user (group) ID of the process, when the file is invoked, is the owner (group) ID of the executable file. The real user ID and real group ID of the new process remain the same as those of the calling process.
Setting the ``set-group-ID on execution'' bit on a directory (via the
g+s option) means that any files subsequently created in that directory
will automatically be given the group ID of that directory.
Set-user-ID and set-group-ID mode bits affect shell script privileges only if the script begins with
#! path.When symbolic links are created by ln, they are made with permissions set to read, write, and execute for owner, group, and world (777). A chmod applied to a symbolic link acts on the target of the link, not on the link itself.
The symbolic modes should be used in preference to the octal representation, since the octal representation may not be supported in future releases.
If who is not specified, POSIX.2 requires use of umask. Use the POSIX2 environment variable to get POSIX.2 behavior. The POSIX.2 behavior is inconsistent with existing System V behavior.
This command has been updated to handle files greater than 2GB.