chmod(1)
NAME
chmod - change the permissions mode of a file
SYNOPSIS
chmod [-fR] absolute-mode file...
chmod [-fR] symbolic-mode-list file...
DESCRIPTION
The chmod utility changes or assigns the mode of a file. The
mode of a file specifies its permissions and other attri-
butes. The mode may be absolute or symbolic.
Absolute mode
An absolute mode specification has the following format:
chmod [options] absolute-mode file . . .
where absolute-mode is specified using octal numbers nnnn
defined as follows:
n a number from 0 to 7. An absolute mode is con-
structed from the OR of any of the following
modes:
4000 Set user ID on execution.
20#0 Set group ID on execution if # is 7, 5, 3,
or 1.
Enable mandatory locking if # is 6, 4, 2,
or 0.
For directories, files are created with BSD
semantics for propagation of the group ID.
With this option, files and subdirectories
created in the directory inherit the group
ID of the directory, rather than of the
current process. For directories, the set-
gid bit may only be set or cleared by using
symbolic mode.
1000 Turn on sticky bit. See chmod(2).
0400 Allow read by owner.
0200 Allow write by owner.
0100 Allow execute (search in directory) by
owner.
0700 Allow read, write, and execute (search) by
owner.
0040 Allow read by group.
0020 Allow write by group.
0010 Allow execute (search in directory) by
group.
0070 Allow read, write, and execute (search) by
group.
0004 Allow read by others.
0002 Allow write by others.
0001 Allow execute (search in directory) by oth-
ers.
0007 Allow read, write, and execute (search) by
others.
For directories, the setgid bit cannot be set (or cleared)
in absolute mode; it must be set (or cleared) in symbolic
mode using g+s (or g-s).
Symbolic mode
A symbolic mode specification has the following format:
chmod [options] symbolic-mode-list file . . .
where symbolic-mode-list is a comma-separated list (with no
intervening whitespace) of symbolic mode expressions of the
form:
[who] operator [permissions]
Operations are performed in the order given. Multiple per-
missions letters following a single operator cause the
corresponding operations to be performed simultaneously.
who zero or more of the characters u, g, o, and a specify-
ing whose permissions are to be changed or assigned:
u user's permissions
g group's permissions
o others' permissions
a all permissions (user, group, and other)
If who is omitted, it defaults to a, but the setting
of the file mode creation mask (see umask in sh(1) or
csh(1) for more information) is taken into account.
When who is omitted, chmod will not override the res-
trictions of your user mask.
operator
either +, -, or =, signifying how permissions are to
be changed:
+ Add permissions.
If permissions is omitted, nothing is added.
If who is omitted, add the file mode bits
represented by permissions, except for the those
with corresponding bits in the file mode crea-
tion mask.
If who is present, add the file mode bits
represented by the permissions.
- Take away permissions.
If permissions is omitted, do nothing.
If who is omitted, clear the file mode bits
represented by permissions, except for those
with corresponding bits in the file mode crea-
tion mask.
If who is present, clear the file mode bits
represented by permissions.
= Assign permissions absolutely.
If who is omitted, clear all file mode bits; if
who is present, clear the file mode bits
represented by who.
If permissions is omitted, do nothing else.
If who is omitted, add the file mode bits
represented by permissions, except for the those
with corresponding bits in the file mode crea-
tion mask.
If who is present, add the file mode bits
represented by permissions.
Unlike other symbolic operations, = has an absolute
effect in that it resets all other bits represented by
who. Omitting permissions is useful only with = to
take away all permissions.
permission
any compatible combination of the following letters:
l mandatory locking
r read permission
s user or group set-ID
t sticky bit
w write permission
x execute permission
X execute permission if the file is a directory or
if there is execute permission for one of the
other user classes
u,g,o indicate that permission is to be taken from the
current user, group or other mode respectively.
Permissions to a file may vary depending on your user iden-
tification number (UID) or group identification number
(GID). Permissions are described in three sequences each
having three characters:
User Group Other
rwx rwx rwx
This example (user, group, and others all have permission to
read, write, and execute a given file) demonstrates two
categories for granting permissions: the access class and
the permissions themselves.
The letter s is only meaningful with u or g, and t only
works with u.
Mandatory file and record locking (l) refers to a file's
ability to have its reading or writing permissions locked
while a program is accessing that file.
In a directory which has the set-group-ID bit set (reflected
as either -----s--- or -----l--- in the output of 'ls -ld'),
files and subdirectories are created with the group-ID of
the parent directory-not that of current process.
It is not possible to permit group execution and enable a
file to be locked on execution at the same time. In addi-
tion, it is not possible to turn on the set-group-ID bit and
enable a file to be locked on execution at the same time.
The following examples, therefore, are invalid and elicit
error messages:
chmod g+x,+l file
chmod g+s,+l file
Only the owner of a file or directory (or the super-
user) may change that file's or directory's mode. Only
the super-user may set the sticky bit on a non-
directory file. If you are not super-user, chmod will
mask the sticky-bit but will not return an error. In
order to turn on a file's set-group-ID bit, your own
group ID must correspond to the file's and group exe-
cution must be set.
OPTIONS
The following options are supported:
-f Force. chmod will not complain if it fails to change
the mode of a file.
-R Recursively descends through directory arguments, set-
ting the mode for each file as described above. When
symbolic links are encountered, the mode of the target
file is changed, but no recursion takes place.
OPERANDS
The following operands are supported:
absolute-mode
symbolic-mode-list
Represents the change to be made to the file mode bits
of each file named by one of the file operands. See
Absolute Mode and Symbolic Mode above in the DESCRIP-
TION section for more information.
file A path name of a file whose file mode bits are to be
modified.
USAGE
See largefile(5) for the description of the behavior of
chmod when encountering files greater than or equal to 2
Gbyte ( 2**31 bytes).
EXAMPLES
Example 1: Denying execute permission to everyone
example% chmod a-x file
Example 2: Allowing only read permission to everyone
example% chmod 444 file
Example 3: Making a file readable and writable by the group
and others
example% chmod go+rw file
example% chmod 066 file
Example 4: Causing a file to be locked during access
example% chmod +l file
Example 5: Allowing everyone to read, write, and execute the
file and turn on the set group-ID
example% chmod a=rwx,g+s file
example% chmod 2777 file
ENVIRONMENT VARIABLES
See environ(5) for descriptions of the following environment
variables that affect the execution of chmod: LANG, LC_ALL,
LC_CTYPE, LC_MESSAGES, and NLSPATH.
EXIT STATUS
The following exit values are returned:
0 Successful completion.
>0 An error occurred.
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Availability | SUNWcsu |
|_____________________________|_____________________________|
| CSI | enabled |
|_____________________________|_____________________________|
| Interface Stability | Standard |
|_____________________________|_____________________________|
SEE ALSO
getfacl(1), ls(1), setfacl(1), chmod(2), attributes(5),
environ(5), largefile(5), standards(5)
NOTES
Absolute changes do not work for the set-group-ID bit of a
directory. You must use g+s or g-s.
chmod permits you to produce useless modes so long as they
are not illegal (for instance, making a text file execut-
able). chmod does not check the file type to see if manda-
tory locking is meaningful.
If the filesystem is mounted with the nosuid option, setuid
execution is not allowed.
If you use chmod to change the file group owner permissions
on a file with ACL entries, both the file group owner per-
missions and the ACL mask are changed to the new permis-
sions. Be aware that the new ACL mask permissions may change
the effective permissions for additional users and groups
who have ACL entries on the file. Use the getfacl(1) command
to make sure the appropriate permissions are set for all ACL
entries.
Man(1) output converted with
man2html