chmod(C)

chmod -- change the access permissions of a file or directory

Syntax

Symbolic mode

chmod [ -R ] [ who ] [ +|-|= ] [ mode ... ] file ...

Absolute mode

chmod [ -R ] mode file ...

Description

The chmod command changes the access permissions (or mode) of a specified file or directory. It is used to control file and directory access by users other than the super user. mode may be an expression composed of letters and operators (called ``symbolic mode''), or a number (called ``absolute mode'').

chmod takes the following option:

-R: Recursively change file mode bits. For each specified file that names a directory, chmod will change the file mode bits of the directory and all files in the file hierarchy below it.

Symbolic mode

In symbolic mode, the who operand is any one, or a combination, of the following letters:

a: Stands for ``all users''. If who is not indicated on the command line, a is the default.
g: Stands for ``group,'' all users who have the same group ID as the owner of the file or directory.
o: Stands for ``others,'' all users on the system.
u: Stands for ``user,'' the owner of the file or directory.

If who is not indicated on the command line, ``all users'' is taken as the default, but the file creation mask (umask) is used when modifying the permissions. Otherwise the umask is not used. The operators are:

+: Adds permission.
-: Removes permission.
=: Assigns the indicated permission and removes all other permissions (if any) for that variable. If no permission is assigned, existing permissions are removed.

Permissions are set using any combination of the following letters for mode:

g

Set the permissions for who as are currently set for ``group''.

l

Mandatory locking will occur during access.

o

Set the permissions for who as are currently set for ``owner''.

r

Read.

s

Sets owner or group ID on execution of the file to that of the owner of the file. The mode ``u+s'' sets the user ID bit for the file. The mode ``g+s'' sets the group ID bit. Other combinations have no effect. When the group ID bit is set on a directory, all files created under it subsequently receive the group ID of that directory. When the group ID bit is not set, files are created with the group ID of the creating process/user.

t

This is known as the ``sticky bit'' (see chmod(S)). Only the mode ``u+t'' sets the sticky bit. All other combinations have no effect. Only the super user can set the sticky bit. If the file is a directory, the following users can delete files in it:

root
the owner of the directory
the owner of the files if they have write permissions on the directory
anyone with write permissions to both file and directory

If the file is not a directory, the sticky bit has no effect. (If the sticky bit is set on an executable file, the system attempts to keep the text segment in core after execution ceases.)

u

Set the permissions for who as are currently set for ``user''.

w

Write.

x

Execute (sets search permission for directories).

X

Represents the execute/search permissions if the file is a directory, or if the current file mode bits have at least one of the execute bits set.

Multiple symbolic modes may be given, separated by commas, on a single command line. See the following ``Examples'' section for sample permission settings.

Mandatory file and record locking refers to a file having locked reading or writing permissions while a program is accessing that file. A file cannot have group execution permission and be able to be locked on execution. In addition, it is not possible to turn on the set-group-ID and enable a file to be locked on execution at the same time. The following examples show illegal uses of chmod and will generate error messages:

chmod g+x,+l filename

chmod g+s,+l filename

Absolute mode

In absolute mode, the mode operand is an octal number constructed by combining the following flags using logical OR:

4000: set user ID on execution
20#0: set group ID on execution if ``#'' is 7, 5, 3, or 1; enable mandatory locking if ``#'' is 6, 4, 2, or 0
1000: sets the sticky bit (see chmod(S))
0400: read by owner
0200: write by owner
0100: execute (search in directory) by owner
0040: read by group
0020: write by group
0010: execute (search in directory) by group
0004: read by others
0002: write by others
0001: execute (search in directory) by others
0000: no permissions

To apply a combination of permissions to a single file using absolute mode, combine the permissions by adding the digits in each character position. For example, to combine Read by owner permission (0400) and Write by owner permission (0200), add the digits in each column to obtain the combined absolute mode 0600. (This is equivalent to the logical OR operation.)

Exit values

chmod returns the following values:

0: the command executed successfully, and all reqyested changes were made
>0: an error occurred

Examples

Symbolic mode

The following command gives all users execute permission for file:

chmod a+x file

Either of the following commands removes execute permissions that would be allowed if file was created with the same umask:

chmod -- -x file

chmod -x file

The first version of the command conforms to POSIX.2 and will be portable to all systems that also conform to this standard; it may not be available on non-POSIX.2 conformant systems. The second version of the command is provided by the Santa Cruz Operation for historical compatibility; it may not be available on systems that conform to POSIX.2. See the ``Warning'' section for more details.

The following command removes read and write permission for group and others from file:

chmod go-rw file

The following command gives other users read and write permission for file:

chmod o+rw file

The following command gives read permission to group and others:

chmod g+r,o+r file

The following example causes the mandatory locking of file on access:

chmod +l file

Absolute mode

The following command gives all users read, write and execute permission for file:

chmod 0777 file

The following command gives read and write permission to all users for file:

chmod 0666 file

The following command gives read and write permission to the owner of file only:

chmod 0600 file

Warning

POSIX.2 requires that a ``--'' be used to delimit the end of the options if you specify an operand of the form -mode. This is to prevent such an operand being rejected as an illegal option. However, existing scripts that use the historical form of chmod will break if they are not amended.

The version of chmod provided by the Santa Cruz Operation has been extended to provide historical compatibility for the -mode settings: -r, -w, and -x. This functionality is in addition to that required by POSIX.2. You should note that some other systems that are POSIX.2 compliant may not provide historical compatibility, and non-POSIX.2 systems may not allow the use of the ``--'' delimiter.

Limitations

The setuid, setgid and sticky bit settings have no effect on shell scripts.

When used to change the permissions of a symbolic link, chmod automatically follows the link and tries to change the permissions of the linked file. It makes no sense for symbolic links to have their own permissions and ownerships.

Standards conformance

chmod is conformant with:

ISO/IEC DIS 99452:1992, Information technology Portable Operating System Interface (POSIX) Part 2: Shell and Utilities (IEEE Std 1003.21992);
AT&T SVID Issue 2;
X/Open CAE Specification, Commands and Utilities, Issue 4, 1992.

chmod(C)

Syntax

Symbolic mode

Absolute mode

Description

Symbolic mode

Absolute mode

Exit values

Examples

Symbolic mode

Absolute mode

Warning

Limitations

See also

Standards conformance