unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (OSF1-V5.1-alpha)
Page:
Section:
Apropos / Subsearch:
optional field



chmod(1)							     chmod(1)



NAME

  chmod	- Changes permission codes

SYNOPSIS

  Absolute Mode


  chmod	[-fR] absolute_mode file...

  Symbolic Mode


  chmod	[-fR] [who] +permission	... file...

  chmod	[-fR] [who] -permission	... file...

  chmod	[-fR] [who] = [permission]... file...

  The chmod command modifies the read, write, and execute permissions of
  specified files and the search permissions of	specified directories.

STANDARDS

  Interfaces documented	on this	reference page conform to industry standards
  as follows:

  chmod:  XCU5.0

  Refer	to the standards(5) reference page for more information	about indus-
  try standards	and associated tags.

OPTIONS

  -f  [Tru64 UNIX]  Does not report an error if	chmod fails to change the
      mode on a	file.

  -R  Causes chmod to recursively descend its directory	arguments, setting
      the mode for each	file as	described in the sections Symbolic Mode	and
      Absolute Mode.  When symbolic links are encountered, their mode is not
      changed and they are not traversed.

OPERANDS

  file
      Pathname of the file that	is to have the permission bits modified.

  absolute_mode
      Octal permission_code for	setting	the file permissions.  This code is
      formed as	described under	Absolute Mode in the DESCRIPTION section.

  who Specifies	whether	permissions are	being defined for a user, group, or
      all others.  This	operand	is more	fully described	under Symbolic Mode
      in the DESCRIPTION Section.

  + | -	| =
      Specifies	the operation to be performed on the permissions being
      defined.	This operand is	more fully described under Symbolic Mode in
      the DESCRIPTION Section.

  Permission
      Specifies	the permissions	being defined.	This operand is	more fully
      described	under Symbolic Mode in the DESCRIPTION Section.

DESCRIPTION

  You can use either symbolic or absolute mode to specify the desired permis-
  sion settings.

  You can change the permission	code of	a file or directory only if you	own
  it or	if you have superuser authority.

  [Tru64 UNIX]	If a named file	is a symbolic link, chmod changes the mode of
  the link's target file unless	the -R option is used. If the -R option	is
  used,	chmod leaves links and their target files untouched.

  Symbolic Mode


  A symbolic mode has the form:

  [who]	operation permission [operation	permission] ...

  The who argument specifies whether you are defining permissions for a	user,
  group, or all	others,	or any combination of these.  The operation argument
  specifies whether the	permission is being added, taken away, or assigned
  absolutely.  The permission argument identifies the operation	that the
  specified users can perform on file.

  Valid	options	for the	who argument are as follows:

  u   User (owner)

  g   Group

  o   All others

  a   User, group, and all others (same	effect as the combination ugo)

  [Tru64 UNIX]	If the who argument is omitted,	the default is a, but the
  setting of the file creation mask, umask (see	umask(1), csh, ksh, sh), is
  applied.

  Valid	options	for the	operation argument are as follows:

  -   Removes specified	permissions.

  +   Adds specified permissions.

  =   Clears the selected permission field and sets it to the code specified.
      If you do	not specify a permission code following	=, chmod removes all
      permissions from the selected field.

  Valid	options	for the	permission argument are	as follows:

  r   Read permission.

  w   Write permission.

  x   Execute permission for files, search permission for directories.

  X   Execute permission only if file is a directory or	at least one execute
      bit is set.

  s   Set-user-ID or set-group-ID permission.

      This permission bit sets the effective user ID or	group ID to that of
      the owner	or group owner of file whenever	the file is run.  Use this
      permission setting in combination	with the u or g	option to allow	tem-
      porary or	restricted access to files not normally	accessible to other
      users.  An s appears in the user or group	execute	position of a long
      listing (see ls) to show that the	file runs with set-user-ID or set-
      group-ID permission.

  t   [Tru64 UNIX]  Save text permission.

      [Tru64 UNIX]  In earlier versions	of the UNIX system, setting this per-
      mission bit caused the text segment of a program to remain in virtual
      memory after its first use.  The system thus avoided having to transfer
      the program code of frequently accessed programs into the	paging area.
      A	t appears in the execute position of the all others option to indi-
      cate that	the file has this bit (the sticky bit) set.

      [Tru64 UNIX]  If a directory has this bit	set, then deletion in it is
      restricted.  An entry in a sticky	directory can be removed or renamed
      by a user	only if	the user has write permission for the directory	and
      the user is the owner of the file, the owner of the directory, or	the
      superuser.

  l   [Tru64 UNIX]  Mandatory locking.

      [Tru64 UNIX]  Mandatory file and record locking refers to	a file's
      ability to have read and write permissions locked	while another program
      is accessing that	file.  It is not possible to permit group execution
      and enable a file	to be locked on	an execution  at the same time.	 In
      addition,	it is not possible to turn on the set-group-ID bit and enable
      a	file to	be locked on execution at the same time.  In order to turn on
      a	file's set-group-ID bit, your own group	ID must	correspond to the
      file's and group execution must be set.

  The u, g, and	o options indicate that	permission is to be taken from the
  current mode.	 Omitting permission is	only useful with = to take away	all
  permissions.

  All permission bits not explicitly specified are cleared.

  You can specify multiple symbolic modes, separated with commas.  Do not
  separate items in this list with spaces.  Operations are performed in	the
  order	they appear from left to right.

  Absolute Mode


  Absolute mode	lets you use octal notation to set each	bit in the permission
  code.	 The chmod command sets	the permissions	to the permission_code you
  provide.  The	permission_code	is constructed by combining (logical OR) the
  following values:

  4000
      Sets user	ID on execution.

  2000
      Sets group ID on execution.

  1000
      [Tru64 UNIX]  Sets the sticky bit, which does the	following:

	+  [Tru64 UNIX]	 Retains memory	image after execution (executable
	   file)

	+  [Tru64 UNIX]	 Restricts file	removal	(directory file)

      [Tru64 UNIX]  You	must have appropriate privileges to set	the sticky
      bit.  See	chmod(2).

  0400
      Permits read by owner.

  0200
      Permits write by owner.

  0100
      Permits execute or search	by owner.

  0040
      Permits read by group.

  0020
      Permits write by group.

  0010
      Permits execute or search	by group.

  0004
      Permits read by others.

  0002
      Permits write by others.

  0001
      Permits execute or search	by others.

  System V Compatibility


  [Tru64 UNIX]	The root of the	directory tree that contains the commands
  modified for SVID 2 compliance is specified in the file /etc/svid2_path.
  You can use /etc/svid2_profile as the	basis for, or to include in, your
  .profile.  The file /etc/svid2_profile reads /etc/svid2_path and sets	the
  first	entries	in the PATH environment	variable so that the modified SVID 2
  commands are found first.

  [Tru64 UNIX]	The SVID 2 compliant version of	the chmod command ignores the
  umask	value if who is	not specified in the symbolic mode of the command
  (chmod [who] operation permission).  In other	words, if you omit who from
  the chmod command line, the version of the command that is compliant with
  the SVID 2 standard behaves exactly as if you	specified the character	a as
  the value for	who.  The version of the chmod command that is SVID 2 compli-
  ant also supports equivalents	in absolute mode for the s permission in sym-
  bolic	mode.  In absolute mode, setting the bits 04000	represents set-user-
  ID and setting the bits 02000	represents set-group-ID.

NOTES

  The correspondence between octal value and mode bit is given in the follow-
  ing table.




  _________________________________________________________
  Octal	Value	Symbolic Mode	Meaning
  _________________________________________________________
  S_ISUID	4000		set user id on execution
  S_ISGID	2000		set group id on	execution
  S_IRUSR	0400		read permission: owner
  S_IWUSR	0200		write permission: owner
  S_IXUSR	0100

				execute/search permission:
				owner
  S_IRGRP	0040		read permission: group
  S_IWGRP	0020		write permission: group
  S_IXGRP	0010

				execute/search permission:
				group
  S_IROTH	0004		read permission: other
  S_IWOTH	0002		write permission: other
  S_IXOTH	0001

				execute/search permission:
				other
  _________________________________________________________

EXIT STATUS

  The following	exit values are	returned:

  0   Successful completion.

  >>0  An error occurred.

EXAMPLES

   1.  To add a	type of	permission to several files, enter:
	    chmod g+w chap1 chap2

       This adds write permission for group members to the files chap1 and
       chap2.

   2.  To make several permission changes at once, enter:
	    chmod go-w+x mydir

       This denies group members and others the	permission to create or
       delete files in mydir (go-w).  It allows	them to	search mydir or	use
       it in a pathname	(go+x).	This is	equivalent to the following command
       sequence:
	    chmod g-w mydir
	    chmod o-w mydir
	    chmod g+x mydir
	    chmod o+x mydir

   3.  To permit only the owner	to use a shell procedure as a command, enter:
	    chmod u=rwx,go= cmd

       This gives read,	write, and execute permission to the user who owns
       the file	(u=rwx).  It also denies the group and others the permission
       to access cmd in	any way	(go=).

       If you have permission to execute the cmd shell command file, you can
       run it by entering:
	    cmd

       or
	    ./cmd

   4.  To use set-ID modes, enter:
	    chmod ug+s cmd

       When cmd	is executed, this causes the effective user and	group IDs to
       be set to those that own	the file cmd.  Only the	effective IDs
       associated with the subprocess that runs	cmd are	changed.  The effec-
       tive IDs	of the shell session remain unchanged.

       This feature allows you to permit restricted access to important
       files.  Suppose that the	file cmd has the set-user-ID mode enabled and
       is owned	by a user called dbms.	Although dbms is not actually a
       person, it might	be associated with a database management system.  The
       user betty does not have	permission to access any of dbms's data
       files.  However,	she does have permission to execute cmd.  When she
       does so,	her effective user ID is temporarily changed to	dbms, so that
       the cmd program can access the data files owned by dbms.

       This way	betty can use cmd to access the	data files, but	she cannot
       accidentally damage them	with the standard shell	commands.

   5.  To use the absolute mode	form of	the chmod command, enter:
	    chmod 644 text

       This sets read and write	permission for the owner, and it sets read-
       only mode for the group and all others.

ENVIRONMENT VARIABLES

  The following	environment variables affect the execution of chmod:

  LANG
      Provides a default value for the internationalization variables that
      are unset	or null. If LANG is unset or null, the corresponding value
      from the default locale is used.	If any of the internationalization
      variables	contain	an invalid setting, the	utility	behaves	as if none of
      the variables had	been defined.

  LC_ALL
      If set to	a non-empty string value, overrides the	values of all the
      other internationalization variables.

  LC_CTYPE
      Determines the locale for	the interpretation of sequences	of bytes of
      text data	as characters (for example, single-byte	as opposed to multi-
      byte characters in arguments).

  LC_MESSAGES
      Determines the locale for	the format and contents	of diagnostic mes-
      sages written to standard	error.

  NLSPATH
      Determines the location of message catalogues for	the processing of
      LC_MESSAGES.

FILES

  usr/include/sys/mode.h
      [Tru64 UNIX]  Defines the	correspondence between symbolic	codes and
      octal mode values.

SEE ALSO

  Commands:  chgrp(1), chown(1), csh(1), ksh(1), ls(1),	Bourne shell sh(1b),
  POSIX	shell sh(1p), umask(1)

  Functions:  chown(2),	chmod(2), stat(2), umask(2)

  Standards:  standards(5)