chmod
 |
This article includes a list of references, related reading or external links, but its sources remain unclear because it lacks inline citations. Please improve this article by introducing more precise citations. (February 2009) |
The chmod command (abbreviated from change mode) is a Unix command that lets a user tell the system how much (or little) access it should permit to a file.[1] It changes the file system modes of files and directories. The modes include permissions and special modes. It is also a C language function in Unix and Unix-like environments.
Contents |
[edit] History
A chmod command first appeared in AT&T Unix version 1, and is still used today on Unix like machines.
[edit] Usage
The chmod command options are specified like this:[2]
$ chmod [options] mode[,mode] file1 [file2 ...]
This is used to control the file mode.
To view the current file mode:
$ ls -l file
or use the stat command to view the octal numerical values ("*" lists all files in current directory)
$ stat -c '%A %a %n' *
[edit] Octal numbers
 |
This section may require cleanup to meet Wikipedia's quality standards. (Consider using more specific cleanup instructions.) Please help improve this section if you can. The talk page may contain suggestions. (September 2011) |
The chmod command accepts up to four digits to represent an octal number. The octets refer to bits applied to the file owner, group and other users, respectively.[3] Use of three digits is discouraged because it leaves the fourth as the default and this value is not fixed.[citation needed] The least significant digit sets/resets an additional mode for each of these three sets of bits. Experienced Unix and Linux users tend to recommend that the user of this command check the man page (man chmod) on the system of interest.[citation needed]
Particular care should be taken when a directory is the target because the effect is not intuitive.[citation needed] In addition, it will not work on all file types. For example, it has no effect on a symbolic link. myfile :
$ chmod 664 myfile $ ls -l myfile -rw-rw-r-- 1 57 Jul 3 10:13 myfile
Since the setuid, setgid and sticky bits are not set, this is equivalent to:
$ chmod 0664 myfile
[edit] Symbolic modes
chmod also accepts finer-grained symbolic notation, all permissions and special modes are represented by its mode parameter. One way to adjust the mode of files or directories is to specify a symbolic mode. The symbolic mode is composed of three components, which are combined to form a single string of text:
$ chmod [''references''][''operator''][''modes''] ''file1'' ...
The references (or classes) are used to distinguish the users to whom the permissions apply. If no references are specified it defaults to “all” but modifies only the permissions allowed by the umask. The references are represented by one or more of the following letters:
| Reference | Class | Description |
|---|---|---|
| u | user | the owner of the file |
| g | group | users who are members of the file's group |
| o | others | users who are not the owner of the file or members of the group |
| a | all | all three of the above, is the same as ugo |
The chmod program uses an operator to specify how the modes of a file should be adjusted. The following operators are accepted:
| Operator | Description |
|---|---|
| + | adds the specified modes to the specified classes |
| - | removes the specified modes from the specified classes |
| = | the modes specified are to be made the exact modes for the specified classes |
The modes indicate which permissions are to be granted or taken away from the specified classes. There are three basic modes which correspond to the basic permissions:
| Mode | Name | Description |
|---|---|---|
| r | read | read a file or list a directory's contents |
| w | write | write to a file or directory |
| x | execute | execute a file or recurse a directory tree |
| X | special execute | which is not a permission in itself but rather can be used instead of x. It applies execute permissions to directories regardless of their current permissions and applies execute permissions to a file which already has at least 1 execute permission bit already set (either user, group or other). It is only really useful when used with '+' and usually in combination with the -R option for giving group or other access to a big directory tree without setting execute permission on normal files (such as text files), which would normally happen if you just used "chmod -R a+rx .", whereas with 'X' you can do "chmod -R a+rX ." instead |
| s | setuid/gid | details in Special modes section |
| t | sticky | details in Special modes section |
The combination of these three components produces a string that is understood by the chmod command. Multiple changes can be specified by separating multiple symbolic modes with commas.
Numerical Permissions
| # | Permission |
|---|---|
| 7 | full |
| 6 | read and write |
| 5 | read and execute |
| 4 | read only |
| 3 | write and execute |
| 2 | write only |
| 1 | execute only |
| 0 | none |
The respective permissions are found by using powers of two. Read access is the number 4, write is 2, and execute is 1. These numbers can be added together to get the right permission for that class.
[edit] Symbolic examples
Add the read and write permissions to the user and group classes of a directory:
$ chmod ug+rw mydir $ ls -ld mydir drw-rw---- 2 unixguy uguys 96 Dec 8 12:53 mydir
For a file, remove write permissions for all classes:
$ chmod a-w myfile $ ls -l myfile -r-xr-xr-x 2 unixguy uguys 96 Dec 8 12:53 myfile
Set the permissions for the user and the group to read and execute only (no write permission) on mydir.
$ chmod ug=rx mydir $ ls -ld mydir dr-xr-x--- 2 unixguy uguys 96 Dec 8 12:53 mydir
[edit] Special modes
- See also: File system permissions
The chmod command is also capable of changing the additional permissions or special modes of a file or directory. The symbolic modes use s to represent the setuid and setgid modes, and t to represent the sticky mode. The modes are only applied to the appropriate classes, regardless of whether or not other classes are specified.
Most operating systems support the specification of special modes using octal modes, but some do not. On these systems, only the symbolic modes can be used.
[edit] Command line examples
| command | explanation |
|---|---|
| chmod a+r file | read is added for all |
| chmod a-x file | execute permission is removed for all |
| chmod a+rw file | change the permissions of the file file to read and write for all. |
| chmod +rwx file | On some UNIX platforms such as BSD, this will restore the permission of the file file to default: -rwxr-xr-x. |
| chmod u=rw,go= file | read and write is set for the owner, all permissions are cleared for the group and others |
| chmod -R u+w,go-w docs | change the permissions of the directory docs and all its contents to add write access for the user, and deny write access for everybody else. |
| chmod file | removes all privileges for all |
| chmod 777 file | change the permissions of the file file to read, write, and execute for all. |
| chmod 664 file | sets read and write and no execution access for the owner and group, and read, no write, no execute for all others. |
| chmod 0755 file | equivalent to u=rwx (4+2+1),go=rx (4+1 & 4+1). The 0 specifies no special modes. |
| chmod 4755 file | the 4 specifies set user ID and the rest is equivalent to u=rwx (4+2+1),go=rx (4+1 & 4+1). |
| chmod -R u+rwX,g-rwx,o-rwx directory | set a directory tree to rwx for owner directories, rw for owner files, --- for group and others. |
| chmod -R a-x+X directory | remove the execute permission on all files in a directory tree, while allowing for directory browsing. |
[edit] Function details
The C programming language defines the following function prototype:
int chmod(const char *path, mode_t mode);
The function takes a parameter of type mode_t, which is a bitfield composed of various flags:
| flag | octal value | purpose |
|---|---|---|
| S_ISUID | 04000 | set user ID on execution |
| S_ISGID | 02000 | set group ID on execution |
| S_ISVTX | 01000 | sticky bit |
| S_IRUSR, S_IREAD | 00400 | read by owner |
| S_IWUSR, S_IWRITE | 00200 | write by owner |
| S_IXUSR, S_IEXEC | 00100 | execute/search by owner |
| S_IRGRP | 00040 | read by group |
| S_IWGRP | 00020 | write by group |
| S_IXGRP | 00010 | execute/search by group |
| S_IROTH | 00004 | read by others |
| S_IWOTH | 00002 | write by others |
| S_IXOTH | 00001 | execute/search by others |
Where alternate flag names are given, one of the pair of names might not be supported on some OSs. The octal values of the flags are summed or combined in a bitwise or operation to give the desired permission mode.
Various error codes can be returned, and these are detailed in the associated man page for the function.
[edit] See also
- File system permissions
chown, the command used to change the owner of a file or directory on Unix-like systemschgrp, the command used to change the group of a file or directory on Unix-like systemscacls, a command used on Windows NT and its derivatives to modify the access control lists associated with a file or directoryattrib- User ID
- Group ID
- List of Unix programs
[edit] References
[edit] External links
- : change file modes – FreeBSD General Commands Manual
chmod— manual page from GNU coreutils.- GNU "Setting Permissions" manual
- Solaris 9 chmod man page
- Mac OS X chmod man page, which also supports access control lists.
- CHMOD-Win 3.0 — Freeware Windows' ACL ←→ CHMOD converter.
- What CHMOD? File Permissions Calculator, web-based CHMOD calculator.
- Beginners tutorial with on-line "live" example
- chmod examples Searchable examples
|
||||||||||||||||||||||||||||||||
