||This article includes a list of references, but its sources remain unclear because it has insufficient inline citations. (February 2009)|
In Unix-like operating systems, chmod is the command and system call which may change the access permissions to file system objects (files and directories). It may also alter special mode flags. The request is filtered by the umask. The name is an abbreviation of change mode.
As systems grew in number and types of users, access_control_lists were added to many file systems in addition to these most basic modes to increase flexibility.
chmod [options] mode[,mode] file1 [file2 ...]
Usual implemented options include:
- -R recursive, i.e. include objects in subdirectories
- -f force, forge ahead with all objects even if errors occur
- -v verbose, show objects processed
If a symbolic link is specified, the target object is affected. File modes directly associated with symbolic links themselves are typically never used.
$ ls -l findPhoneNumbers.sh -rwxr-xr-- 1 dgerman staff 823 Dec 16 15:03 findPhoneNumbers.sh $ stat -c %a findPhoneNumbers.sh 754
The r, w, and x specify the read, write, and execute access, respectively. The first letter denotes the file type, a "-", represents a plain a file. This script can be read, written to, and executed by the user, read and executed by other members of the staff group and can also be read by others.
The chmod numerical format accepts up to four octal digits. The rightmost three (digits two until four) refer to permissions for the file owner, the group, and other users respectively. The optional first digit specifies the special setuid, setgid, and sticky flags.
|7||read, write and execute||111|
|6||read and write||110|
|5||read and execute||101|
|3||write and execute||011|
In order to permit all users who are members of the programmers group to update a file
$ ls -l sharedFile -rw-r--r-- 1 jsmith programmers 57 Jul 3 10:13 sharedFile $ chmod 664 sharedFile $ ls -l sharedFile -rw-rw-r-- 1 jsmith programmers 57 Jul 3 10:13 sharedFile
Since the setuid, setgid and sticky bits are not specified, this is equivalent to:
$ chmod 0664 sharedFile
The chmod command also accepts a finer-grained symbolic notation, which allows modifying specific modes while leaving other modes untouched. The symbolic mode is composed of three components, which are combined to form a single string of text:
$ chmod [references][operator][modes] file ...
The references (or classes) are used to distinguish the users to whom the permissions apply. If no references are specified it defaults to “all” but modifies only the permissions allowed by the umask. The references are represented by one or more of the following letters:
|u||user||the owner of the file|
|g||group||users who are members of the file's group|
|o||others||users who are neither the owner of the file nor members of the file's group|
|a||all||all three of the above, same as ugo|
The chmod program uses an operator to specify how the modes of a file should be adjusted. The following operators are accepted:
|+||adds the specified modes to the specified classes|
|-||removes the specified modes from the specified classes|
|=||the modes specified are to be made the exact modes for the specified classes|
The modes indicate which permissions are to be granted or removed from the specified classes. There are three basic modes which correspond to the basic permissions:
|r||read||read a file or list a directory's contents|
|w||write||write to a file or directory|
|x||execute||execute a file or recurse a directory tree|
|X||special execute||which is not a permission in itself but rather can be used instead of x. It applies execute permissions to directories regardless of their current permissions and applies execute permissions to a file which already has at least one execute permission bit already set (either user, group or other). It is only really useful when used with '+' and usually in combination with the -R option for giving group or other access to a big directory tree without setting execute permission on normal files (such as text files), which would normally happen if you just used "chmod -R a+rx .", whereas with 'X' you can do "chmod -R a+rX ." instead|
|s||setuid/gid||details in Special modes section|
|t||sticky||details in Special modes section|
Multiple changes can be specified by separating multiple symbolic modes with commas (without spaces).
Add write permission (w) to the group's(g) access modes of a directory,
allowing users in the same group to add files:
$ ls -ld shared_dir # show access modes before chmod drwxr-xr-x 2 teamleader usguys 96 Apr 8 12:53 shared_dir $ chmod g+w shared_dir $ ls -ld shared_dir # show access modes after chmod drwxrwxr-x 2 teamleader usguys 96 Apr 8 12:53 shared_dir
Remove write permissions (w) for all classes (a),
preventing anyone from writing to the file:
$ ls -l ourBestReferenceFile -rw-rw-r-- 2 teamleader usguys 96 Apr 8 12:53 ourBestReferenceFile $ chmod a-w ourBestReferenceFile $ ls -l ourBestReferenceFile -r--r--r-- 2 teamleader usguys 96 Apr 8 12:53 ourBestReferenceFile
Set the permissions for the user and the group (ug) to read and execute (rx) only (no write permission) on referenceLib,
preventing anyone other than the owner to add files.
$ ls -ld referenceLib drwxr----- 2 teamleader usguys 96 Apr 8 12:53 referenceLib $ chmod ug=rx referenceLib $ ls -ld referenceLib dr-xr-x--- 2 teamleader usguys 96 Apr 8 12:53 referenceLib
The chmod command is also capable of changing the additional permissions or special modes of a file or directory. The symbolic modes use s to represent the setuid and setgid modes, and t to represent the sticky mode. The modes are only applied to the appropriate classes, regardless of whether or not other classes are specified.
Most operating systems support the specification of special modes using octal modes, but some do not. On these systems, only the symbolic modes can be used.
Command line examples
|chmod a+r publicComments.txt||read is added for all classes (i.e. User, Group and Others).|
|chmod +r publicComments.txt||omitting the class defaults to all classes, but the resultant permissions are dependent on umask|
|chmod a-x publicComments.txt||execute permission is removed for all classes.|
|chmod a+rx viewer.sh||add read and execute for all classes.|
|chmod u=rw,g=r,o= internalPlan.txt||user(i.e. owner) can read and write, group can read, Others cannot access.|
|chmod -R u+w,go-w docs||add write permissions to the directory docs and all its contents (i.e. Recursively) for user and deny write access for everybody else.|
|chmod ug=rw groupAgreements.txt||User and Group members can read and write (update the file).|
|chmod 664 global.txt||sets read and write and no execution access for the user and group, and read, no write, no execute for all others.|
|chmod 0744 myCV.txt||equivalent to u=rwx (400+200+100),go=r (40+ 4). The 0 specifies no special modes.|
|chmod 1755 findReslts.sh||the 1000 specifies set sticky bit and the rest is equivalent to u=rwx (400+200+100),go=rx (40+10 + 4+1) This suggests that the script be retained in memory.|
|chmod 4755 SetCtrls.sh||the 4 specifies set user ID and the rest is equivalent to u=rwx (400+200+100),go=rx (40+10 + 4+1).|
|chmod 2755 SetCtrls.sh||the 2 specifies set group ID and the rest is equivalent to u=rwx (400+200+100),go=rx (40+10 + 4+1).|
|chmod -R u+rwX,g-rwx,o-rx PersonalStuff||Recursively set a directory tree to rwx for owner directories, rw for owner files, --- (i.e. no access) for group and others.|
|chmod -R a-x+X publicDocs||remove the execute permission on all files in a directory tree (i.e. Recursively), while allowing for directory browsing.|
int chmod(const char *path, mode_t mode);
The mode parameter is a bitfield composed of various flags:
|S_ISUID||04000||Set user ID on execution|
|S_ISGID||02000||Set group ID on execution|
|S_IRUSR, S_IREAD||00400||Read by owner|
|S_IWUSR, S_IWRITE||00200||Write by owner|
|S_IXUSR, S_IEXEC||00100||Execute/search by owner|
|S_IRGRP||00040||Read by group|
|S_IWGRP||00020||Write by group|
|S_IXGRP||00010||Execute/search by group|
|S_IROTH||00004||Read by others|
|S_IWOTH||00002||Write by others|
|S_IXOTH||00001||Execute/search by others|
Where alternate flag names are given, one of the pair of names might not be supported on some OSs. The octal values of the flags are summed or combined in a bitwise OR operation to give the desired permission mode.
The function returns an error code.
When you type in 'ls -l' and see bunch of question marks such as this:
ls: cannot access example/authorized_keys: Permission denied ls: cannot access example/id_dsa: Permission denied ls: cannot access example/id_dsa.pub: Permission denied ls: cannot access example/id_rsa.pub: Permission denied ls: cannot access example/id_rsa: Permission denied ls: cannot access example/known_hosts: Permission denied ls: cannot access example/config: Permission denied total 0 ?????????? ? ? ? ? ? authorized_keys ?????????? ? ? ? ? ? config ?????????? ? ? ? ? ? id_dsa ?????????? ? ? ? ? ? id_dsa.pub ?????????? ? ? ? ? ? id_rsa ?????????? ? ? ? ? ? id_rsa.pub ?????????? ? ? ? ? ? known_hosts
Than this usually means that one of the parent folders does not have proper permission set.
Unless you fix the permission of the parent folder, commands like:
"sudo chown -R me:me example"
"sudo chmod -R 775 example"
- File system permissions
- Modes (Unix)
chown, the command used to change the owner of a file or directory on Unix-like systems
chgrp, the command used to change the group of a file or directory on Unix-like systems
cacls, a command used on Windows NT and its derivatives to modify the access control lists associated with a file or directory
- User identifier
- Group identifier
- List of Unix programs
- FreeBSD General Commands Manual : change file modes –
chmod— manual page from GNU coreutils.
- GNU "Setting Permissions" manual
- Solaris 9 chmod man page
- CHMOD-Win 3.0 — Freeware Windows' ACL ←→ CHMOD converter.
- Beginners tutorial with on-line "live" example