unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (SunOS-5.10)
Page:
Section:
Apropos / Subsearch:
optional field

chmod(1)                         User Commands                        chmod(1)



NAME
       chmod - change the permissions mode of a file

SYNOPSIS
       chmod [-fR] absolute-mode file...

       chmod [-fR] symbolic-mode-list file...

DESCRIPTION
       The  chmod utility changes or assigns the mode of a file. The mode of a
       file specifies its permissions and other attributes. The  mode  may  be
       absolute or symbolic.

   Absolute mode
       An absolute mode specification has the following format:

              chmod [options] absolute-mode file . . .

       where  absolute-mode  is  specified using octal numbers nnnn defined as
       follows:

       n        a number from 0 to 7. An absolute mode is constructed from the
                OR of any of the following modes:

                4000     Set user ID on execution.




                20#0     Set group ID on execution if # is 7, 5, 3, or 1.

                         Enable mandatory locking if # is 6, 4, 2, or 0.

                         For directories, files are created with BSD semantics
                         for propagation of the group ID.  With  this  option,
                         files  and  subdirectories  created  in the directory
                         inherit the group ID of the directory, rather than of
                         the current process. For directories, the set-gid bit
                         may only be set or cleared by using symbolic mode.



                1000     Turn on sticky bit. See chmod(2).



                0400     Allow read by owner.



                0200     Allow write by owner.



                0100     Allow execute (search in directory) by owner.



                0700     Allow read, write, and execute (search) by owner.



                0040     Allow read by group.



                0020     Allow write by group.



                0010     Allow execute (search in directory) by group.



                0070     Allow read, write, and execute (search) by group.



                0004     Allow read by others.



                0002     Allow write by others.



                0001     Allow execute (search in directory) by others.



                0007     Allow read, write, and execute (search) by others.





       For directories, the setgid bit cannot be set (or cleared) in  absolute
       mode; it must be set (or cleared) in symbolic mode using g+s (or g-s).

   Symbolic mode
       A symbolic mode specification has the following format:

              chmod [options] symbolic-mode-list file . . .

       where symbolic-mode-list is a comma-separated list (with no intervening
       whitespace) of symbolic mode expressions of the form:

              [who] operator [permissions]


       Operations are performed in the order given. Multiple permissions  let-
       ters  following a single operator cause the corresponding operations to
       be performed simultaneously.

       who             zero or more of the characters u, g, o, and a  specify-
                       ing whose permissions are to be changed or assigned:


                       u        user's permissions




                       g        group's permissions



                       o        others' permissions



                       a        all permissions (user, group, and other)


                       If who is omitted, it defaults to a, but the setting of
                       the file mode creation mask  (see  umask  in  sh(1)  or
                       csh(1)  for  more  information)  is taken into account.
                       When who  is  omitted,  chmod  will  not  override  the
                       restrictions of your user mask.


       operator        either +, -, or =, signifying how permissions are to be
                       changed:


                       +        Add permissions.

                                If permissions is omitted, nothing is added.

                                If who is omitted, add the file mode bits rep-
                                resented  by permissions, except for the those
                                with corresponding bits in the file mode  cre-
                                ation mask.

                                If who is present, add the file mode bits rep-
                                resented by the permissions.




                       -        Take away permissions.

                                If permissions is omitted, do nothing.

                                If who is omitted, clear the  file  mode  bits
                                represented  by  permissions, except for those
                                with corresponding bits in the file mode  cre-
                                ation mask.

                                If  who  is  present, clear the file mode bits
                                represented by permissions.



                       =        Assign permissions absolutely.

                                If who is omitted, clear all file  mode  bits;
                                if  who  is  present, clear the file mode bits
                                represented by who.

                                If permissions is omitted, do nothing else.

                                If who is omitted, add the file mode bits rep-
                                resented  by permissions, except for the those
                                with corresponding bits in the file mode  cre-
                                ation mask.

                                If who is present, add the file mode bits rep-
                                resented by permissions.


                       Unlike other symbolic operations,  =  has  an  absolute
                       effect  in that it resets all other bits represented by
                       who. Omitting permissions is useful only with = to take
                       away all permissions.


       permission      any compatible combination of the following letters:


                       l        mandatory locking




                       r        read permission



                       s        user or group set-ID



                       t        sticky bit



                       w        write permission



                       x        execute permission



                       X        execute  permission if the file is a directory
                                or if there is execute permission for  one  of
                                the other user classes



                       u,g,o    indicate  that  permission is to be taken from
                                the current user, group or other mode  respec-
                                tively.


                       Permissions  to  a file may vary depending on your user
                       identification number  (UID)  or  group  identification
                       number   (GID).  Permissions  are  described  in  three
                       sequences each having three characters:


                       tab();   lw(1.833333i)   lw(1.833333i)   lw(1.833333i).
                       UserGroupOther rwxrwxrwx


                       This  example (user, group, and others all have permis-
                       sion to read, write, and execute a given  file)  demon-
                       strates  two  categories  for granting permissions: the
                       access class and the permissions themselves.

                       The letter s is only meaningful with u or g, and t only
                       works with u.

                       Mandatory  file  and  record  locking  (l)  refers to a
                       file's ability to have its reading or  writing  permis-
                       sions locked while a program is accessing that file.

                       In  a  directory  which  has  the  set-group-ID bit set
                       (reflected as either -----s--- or -----l--- in the out-
                       put  of 'ls -ld'), files and subdirectories are created
                       with the group-ID of the parent directory--not that  of
                       current process.

                       It is not possible to permit group execution and enable
                       a file to be locked on execution at the same  time.  In
                       addition,  it is not possible to turn on the set-group-
                       ID bit and enable a file to be locked on  execution  at
                       the  same  time. The following examples, therefore, are
                       invalid and elicit error messages:


                       chmod g+x,+l file
                       chmod g+s,+l file

                       Only the owner of a file or directory  (or  the  super-
                       user)  may change that file's or directory's mode. Only
                       the super-user may set the sticky bit on  a  non-direc-
                       tory  file.  If you are not super-user, chmod will mask
                       the sticky-bit but will not return an error.  In  order
                       to turn on a file's set-group-ID bit, your own group ID
                       must correspond to the file's and group execution  must
                       be set.


OPTIONS
       The following options are supported:

       -f       Force.  chmod will not complain if it fails to change the mode
                of a file.



       -R       Recursively descends through directory arguments, setting  the
                mode for each file as described above. When symbolic links are
                encountered, the mode of the target file is  changed,  but  no
                recursion takes place.



OPERANDS
       The following operands are supported:

       absolute-mode   Represents  the change to be made to the file mode bits
       symbolic-mode-list each file named by one of  the  file  operands.  See
                       Absolute  Mode  and Symbolic Mode above in the DESCRIP-
                       TION section for more information.




       file            A path name of a file whose file mode bits  are  to  be
                       modified.



USAGE
       See  largefile(5)  for  the  description  of the behavior of chmod when
       encountering files greater than or equal to 2 Gbyte ( 2**31 bytes).

EXAMPLES
       Example 1: Denying execute permission to everyone

       example% chmod a-x file

       Example 2: Allowing only read permission to everyone

       example% chmod 444 file

       Example 3: Making a file readable and writable by the group and others

       example% chmod go+rw file
       example% chmod 066 file

       Example 4: Causing a file to be locked during access

       example% chmod +l file

       Example 5: Allowing everyone to read, write, and execute the  file  and
       turn on the set group-ID

       example% chmod a=rwx,g+s file
       example% chmod 2777 file

ENVIRONMENT VARIABLES
       See  environ(5) for descriptions of the following environment variables
       that affect the execution of chmod:  LANG,  LC_ALL,  LC_CTYPE,  LC_MES-
       SAGES, and NLSPATH.

EXIT STATUS
       The following exit values are returned:

       0        Successful completion.



       >>0       An error occurred.



ATTRIBUTES
       See attributes(5) for descriptions of the following attributes:


       tab()     allbox;     cw(2.750000i)|    cw(2.750000i)    lw(2.750000i)|
       lw(2.750000i).   ATTRIBUTE  TYPEATTRIBUTE   VALUE   AvailabilitySUNWcsu
       CSIenabled Interface StabilityStandard


SEE ALSO
       getfacl(1),  ls(1),  setfacl(1),  chmod(2),  attributes(5), environ(5),
       largefile(5), standards(5)

NOTES
       Absolute changes do not work for the set-group-ID bit of  a  directory.
       You must use g+s or g-s.

       chmod  permits  you  to  produce  useless modes so long as they are not
       illegal (for instance, making a text file executable). chmod  does  not
       check the file type to see if mandatory locking is meaningful.

       If  the  filesystem is mounted with the nosuid option, setuid execution
       is not allowed.

       If you use chmod to change the file group owner permissions on  a  file
       with  ACL  entries,  both  the file group owner permissions and the ACL
       mask are changed to the new permissions. Be aware that the new ACL mask
       permissions  may  change the effective permissions for additional users
       and groups who have ACL entries on the file. Use the getfacl(1) command
       to make sure the appropriate permissions are set for all ACL entries.



SunOS 5.10                        4 Dec 2000                          chmod(1)