HTML Survival Kit chmod (SunOS 5.5/Solaris 2.5)

---

NAME
chmod - change the permissions mode of a file

SYNOPSIS
chmod [ -fR ] <absolute-mode> file...
chmod [ -fR ] <symbolic-mode-list> file...

AVAILABILITY
SUNWcsu

DESCRIPTION
chmod changes or assigns the mode of a file. The mode of a file specifies its permissions and other attributes. The mode may be absolute or symbolic.

---

Absolute mode

An absolute mode is specified using octal numbers:

---

chmod nnnn file ...

---

where: n is a number from 0 to 7. An absolute mode is constructed from the OR of any of the following modes:

4000

Set user ID on execution.

20#0

Set group ID on execution if # is 7, 5, 3, or 1. Enable mandatory locking if # is 6, 4, 2, or 0. For directories, files are created with BSD semantics for propagation of the group ID. With this option, files and subdirectories created in the directory inherit the group ID of the directory, rather than of the current process. It may be cleared only by using symbolic mode.

1000

Turn on sticky bit. See chmod(2).

0400

Allow read by owner.

0200

Allow write by owner.

0100

Allow execute (search in directory) by owner.

0700

Allow read, write, and execute search) by owner.

0040

Allow read by group.

0020

Allow write by group.

0010

Allow execute (search in directory) by group.

0070

Allow read, write, and execute (search) by group.

0004

Allow read by others.

0002

Allow write by others.

0001

Allow execute (search in directory) by others.

0007

Allow read, write, and execute (search) by others.

Note that the setgid bit cannot be set (or cleared) in absolute mode; it must be set (or cleared) in symbolic mode using g+s (or g-s).

---

Symbolic mode

A symbolic mode specification has the following format:

---

chmod <symbolic-mode-list> file...

---

where: <symbolic-mode-list> is a comma-separated list (with no intervening whitespace) of symbolic mode expressions of the form:

---

[who]operator [permission]

---

Operations are performed in the order given. Multiple permission letters following a single operator cause the corresponding operations to be performed simultaneously.

who

zero or more of the characters u, g, o, and a specifying whose permissions are to be changed or assigned:

u

user's permissions

g

group's permissions

o

others' permissions

a

all permissions (user, group, and other)

If who is omitted, it defaults to a, but the setting of the file mode creation mask (see umask in sh(1) or csh(1) for more information) is taken into account. When who is omitted, chmod will not override the restrictions of your user mask.

operator

either +, -, or =, signifying how permissions are to be changed:

+

Add permissions.

1. If permission is omitted, nothing is added.
2. If who is omitted, add the file mode bits represented by permission, except for the those with corresponding bits in the file mode creation mask.
3. If who is present, add the file mode bits represented by the permission.

-

Take away permissions.

1. If permission is omitted, do nothing.
2. If who is omitted, clear the file mode bits represented by permission, except for those with corresponding bits in the file mode creation mask.
3. If who is present, clear the file mode bits represented by permission.

=

Assign permissions absolutely.

1. If who is omitted, clear all file mode bits; ifwho is present, clear the file mode bits represented by who.
2. If permission is omitted, do nothing else.
3. If who is omitted, add the file mode bits represented by permission, except for the those with corresponding bits in the file mode creation mask.
4. If who is present, add the file mode bits represented bypermission.

Unlike other symbolic operations, = has an absolute effect in that it resets all other bits represented by who. Omitting permission is useful only with = to take away all permissions.

permission

any compatible combination of the following letters:

r

read permission

w

write permission

x

execute permission

l

mandatory locking

s

user or group set-ID

t

sticky bit

u,g,o

indicate that permission is to be taken from the current user, group or other mode respectively.

Permissions to a file may vary depending on your user identification number (UID) or group identification number (GID). Permissions are described in three sequences each having three characters:

User	Group	Other
rwx	rwx	rwx

This example (user, group, and others all have permission to read, write, and execute a given file) demonstrates two categories for granting permissions: the access class and the permissions themselves.

The letter s is only meaningful with u or g, and t only works with u.

Mandatory file and record locking (l) refers to a file's ability to have its reading or writing permissions locked while a program is accessing that file.

In a directory which has the set-group-ID bit set (reflected as either  - - -   - - s   - - -
or  - - -   - - l   - - - in the output of 'ls -ld'), files and subdirectories are created with the group-ID of the parent directory-not that of current process.

It is not possible to permit group execution and enable a file to be locked on execution at the same time. In addition, it is not possible to turn on the set-group-ID bit and enable a file to be locked on execution at the same time. The following examples, therefore, are invalid and elicit error messages:

---

chmod g+x,+l file
chmod g+s,+l file

---

Only the owner of a file or directory (or the super-user) may change that file's or directory's mode. Only the super-user may set the sticky bit on a non-directory file. If you are not super-user, chmod will mask the sticky-bit but will not return an error. In order to turn on a file's set-group-ID bit, your own group ID must correspond to the file's and group execution must be set.

OPTIONS
The following options are supported:

-f

Force. chmod will not complain if it fails to change the mode of a file.

-R

Recursively descend through directory arguments, setting the mode for each file as described above. When symbolic links are encountered, the mode of the target file is changed, but no recursion takes place.

OPERANDS
The following operands are supported:

mode

Represents the change to be made to the file mode bits of each file named by one of the file operands; see DESCRIPTION.

file

A path name of a file whose file mode bits are to be modified.

EXAMPLES

Deny execute permission to everyone:	example% chmod a-x file
Allow only read permission to everyone:	example% chmod 444 file
Make a file readable and writable by the group and others:	example% chmod go+rw file example% chmod 066 file
Cause a file to be locked during access:	example% chmod +l file
Allow everyone to read, write, and execute the file and turn on the set group-ID.	example% chmod a=rwx,g+ s file example% chmod 2777 file

ENVIRONMENT
See environ(5) for descriptions of the following environment variables that affect the execution of chmod: LC_CTYPE, LC_MESSAGES, and NLSPATH.

SEE ALSO
ls(1), chmod(2), environ(5)

NOTES

• Absolute changes don't work for the set-group-ID bit of a directory. You must use g+s or g-s.

• chmod permits you to produce useless modes so long as they are not illegal (for instance, making a text file executable). chmod does not check the file type to see if mandatory locking is meaningful.

• If the filesystem is mounted with thenosuid option, setuid execution is not allowed.

---

SunOS 5.5 Last change: 1 Feb 1995

---

go back to "Guide to Setup... in CEE Unix Network"

go back to HTML Survival Kit - Table of Contents

go back to Civil and Environmental Engineering Home Page