335 lines
8.1 KiB
Groff
335 lines
8.1 KiB
Groff
.nr X
|
|
.if \nX=0 .ds x} chmod 1 "Essential Utilities" "\&"
|
|
.TH \*(x}
|
|
.SH NAME
|
|
chmod \- change the permissions mode of a file or directory
|
|
.SH SYNOPSIS
|
|
.nf
|
|
\f3chmod\f1 [-R] mode file ...
|
|
\f3chmod\f1 [-R] [ugoa]{+|-|=}[rwxXstl] file ...
|
|
.sp .8v
|
|
.fi
|
|
.SH DESCRIPTION
|
|
The permissions of the named
|
|
.I files
|
|
or
|
|
.I directories
|
|
are changed according to mode, which may be symbolic or absolute.
|
|
Absolute changes to permissions are stated using octal numbers:
|
|
.sp .8v
|
|
\f3chmod\f1 \f2nnn file(s)\f1
|
|
.sp .8v
|
|
where \f2n\f1 is a number from 0 to 7.
|
|
Symbolic changes are stated using mnemonic characters:
|
|
.sp .8v
|
|
\f3chmod \f2a operator b file(s)\f1
|
|
.sp .8v
|
|
where \f2a\f1 is one or more characters corresponding to
|
|
\f3user\f1, \f3group\f1, or \f3other\f1; where \f2operator\f1
|
|
is \f3\(pl\f1, \f3\(mi\f1, and \f3\(eq\f1, signifying assignment
|
|
of permissions; and where \f2b\f1
|
|
is one or more characters corresponding to type of permission.
|
|
.PP
|
|
An absolute mode is given as an octal number constructed from the OR of the
|
|
following modes:
|
|
.PP
|
|
.PD 0
|
|
.RS
|
|
.TP 10
|
|
04000
|
|
set user
|
|
ID
|
|
on execution
|
|
.TP 10
|
|
020\f2#\f10
|
|
set group
|
|
ID
|
|
on execution if \f2#\f1 is \f37\f1, \f35\f1, \f33\f1, or \f31\f1
|
|
.br
|
|
enable mandatory locking if \f2#\f1 is \f36\f1, \f34\f1, \f32\f1, or \f30\f1
|
|
.br
|
|
This applies only to regular files.
|
|
See discussion below for effect on directories.
|
|
.TP 10
|
|
01000
|
|
sticky bit (see discussion below)
|
|
.TP 10
|
|
0400
|
|
read by owner
|
|
.TP 10
|
|
0200
|
|
write by owner
|
|
.TP 10
|
|
0100
|
|
execute (search in directory) by owner
|
|
.TP 10
|
|
0070
|
|
read, write, execute (search) by group
|
|
.TP 10
|
|
0007
|
|
read, write, execute (search) by others
|
|
.RE
|
|
.PD
|
|
.PP
|
|
Symbolic changes are stated using letters that correspond both to access classes
|
|
and to the individual permissions themselves.
|
|
Permissions to a file may vary depending on your user identification
|
|
number (UID) or group identification number (GID).
|
|
Permissions are described in three sequences each having
|
|
three characters:
|
|
.IP
|
|
User Group Other
|
|
.IP
|
|
rwx rwx rwx
|
|
.PP
|
|
This example (meaning that \f3u\f1ser, \f3g\f1roup, and \f3o\f1thers
|
|
all have \f3r\f1ead\ing, \f3w\f1riting, and e\f3x\f1ecution permission
|
|
to a given file) demonstrates two categories for granting permissions:
|
|
the access class and the permissions themselves.
|
|
.PP
|
|
Thus, to change the mode of a file's (or directory's)
|
|
permissions using \f2chmod\f1's symbolic
|
|
method, use the following syntax for mode:
|
|
.sp .8v
|
|
[ \f2who\f1 ] \f2operator\f1 [ \f2permission(s)\f1 ], ...
|
|
.PP
|
|
A command line using the symbolic method would appear as follows:
|
|
.sp .8v
|
|
\f3chmod g+rw\f1 \f2file(s)\f1
|
|
.PP
|
|
This command would make \f2file\f1 readable and writable by the
|
|
group.
|
|
.PP
|
|
The
|
|
.I who
|
|
part can be stated as one or more of the following letters:
|
|
.PD 0
|
|
.RS
|
|
.sp .8v
|
|
.TP 10
|
|
\f3u\f1
|
|
\f3u\f1ser's permissions
|
|
.TP 10
|
|
\f3g\f1
|
|
\f3g\f1roup's permissions
|
|
.TP 10
|
|
\f3o\f1
|
|
\f3o\f1thers permissions
|
|
.PD
|
|
.RE
|
|
.PP
|
|
The letter \f3a\f1 (\f3a\f1ll) is equivalent to \f3ugo\f1.
|
|
.PP
|
|
If
|
|
.I who
|
|
is omitted, the operation applies to all permissions except those set
|
|
in the user's umask.
|
|
.PP
|
|
.I Operator
|
|
can be
|
|
.B +
|
|
to add
|
|
.I permission
|
|
to the file's mode,
|
|
.B \-
|
|
to take away
|
|
.IR permission ,
|
|
or
|
|
.B =
|
|
to assign
|
|
.I permission
|
|
absolutely.
|
|
(Unlike other symbolic operations, \f3=\f1 has an absolute effect in that it
|
|
resets all other bits.)
|
|
Omitting
|
|
.I permission
|
|
is only useful
|
|
with
|
|
.B =
|
|
to take away
|
|
all permissions.
|
|
.PP
|
|
.I Permission
|
|
is any compatible combination of the following letters:
|
|
.PD 0
|
|
.RS
|
|
.TP 10
|
|
\f3r\f1
|
|
\f3r\f1eading permission
|
|
.TP 10
|
|
\f3w\f1
|
|
\f3w\f1riting permission
|
|
.TP 10
|
|
\f3x\f1
|
|
e\f3x\f1ecution permission
|
|
.TP 10
|
|
\f3X\f1
|
|
execution permission (see below)
|
|
.TP 10
|
|
\f3s\f1
|
|
user or group \f3s\f1et-ID is turned on
|
|
.TP 10
|
|
\f3t\f1
|
|
sticky bit is turned on
|
|
.TP 10
|
|
\f3l\f1
|
|
mandatory \f3l\f1ocking will occur during access
|
|
.PD
|
|
.RE
|
|
.PP
|
|
When \f3X\f1 appears in
|
|
.I permission
|
|
it is identical to \f3x\f1 if the target file is a directory,
|
|
or if the file is of any other type but already has at least one
|
|
execution bit (user, group, or other) set. In all other cases, \f3X\f1
|
|
is silently ignored.
|
|
.PD
|
|
.RE
|
|
.PP
|
|
Multiple symbolic modes separated by commas may be given, though
|
|
no spaces may intervene between these modes.
|
|
Operations are performed
|
|
in the order given.
|
|
Multiple symbolic letters following a single operator cause the
|
|
corresponding operations to be performed simultaneously.
|
|
The letter
|
|
.B s
|
|
is only meaningful
|
|
with
|
|
.B u
|
|
or
|
|
.BR g ,
|
|
and
|
|
.B t
|
|
only works
|
|
with
|
|
.BR u .
|
|
.PP
|
|
Mandatory file and record locking (\f3l\f1) refers to a file's
|
|
ability to have its reading or writing permissions locked
|
|
while a program is accessing that file.
|
|
It is not possible to
|
|
permit group execution and enable a file to be locked on
|
|
execution at the same time.
|
|
In addition, it is not possible to turn on the set-group-ID
|
|
and enable a file to be locked on execution at the same time.
|
|
The following examples,
|
|
.sp .8v
|
|
.PD 0
|
|
.RS
|
|
.TP
|
|
.sp .8v
|
|
\f3chmod g+x,+l\f1 \f2file(s)\f1
|
|
.TP
|
|
\f3chmod g+s,+l\f1 \f2file(s)\f1
|
|
.PD
|
|
.RE
|
|
.sp .8v
|
|
are, therefore, illegal usages and will elicit error messages.
|
|
.PP
|
|
Only the owner of a file or directory (or the superuser) may change a file's mode.
|
|
In order to turn on a file's set-group-ID, your own group ID must
|
|
correspond to the file's, and group execution must be set.
|
|
.PP
|
|
If a directory is writable and the sticky bit, (\f3t\fP), is
|
|
set on the directory, a process may remove or rename files within that
|
|
directory only if one or more of the following is true
|
|
(see \f4unlink\fP(2) and \f4rename\fP(2)):
|
|
.IP
|
|
the effective user ID of the process is the same as that of the owner ID
|
|
of the file
|
|
.IP
|
|
the effective user ID of the process is the same as that of the owner ID
|
|
of the directory
|
|
.IP
|
|
the process is a superuser.
|
|
.PP
|
|
Note that the group id of the process and file are not taken
|
|
into account by the rules above. A process will only be able to remove a
|
|
file in a sticky directory based upon its effective user ID, not its
|
|
group ID.
|
|
.PP
|
|
In releases of IRIX before 6.2, a process could also remove or rename files
|
|
within a directory with the sticky bit set if the process had write permission
|
|
for the file. This has been changed in accordance with the X/Open XPG4.2
|
|
standard,
|
|
but the old behavior can be enabled via the xpg4_sticky_dir kernel tunable
|
|
variable.
|
|
.PP
|
|
If the sticky bit, (\f3t\fP), is set on a file that is a dynamic
|
|
loader for an \f2ELF\fP executable, then when the executable is \f2exec\fPed
|
|
the old process's read only address spaces will be made available to
|
|
the dynamic loader in the new process.
|
|
This can improve program start up time considerably.
|
|
.PP
|
|
The setting of the sticky bit on any other file has no effect.
|
|
.PP
|
|
If the set\-group\-ID flag is set on a directory, then
|
|
files created in that directory will have their group
|
|
ID
|
|
set to the group
|
|
ID
|
|
of the directory, otherwise the group
|
|
ID
|
|
of the file is set to the effective group
|
|
ID
|
|
of the creating process (see
|
|
.IR chmod (2)].
|
|
The set\-group\-ID flag can only be set on a directory by
|
|
using the symbolic mode: that is,
|
|
.IP
|
|
chmod g\+s \f2directory\f1
|
|
.P
|
|
.IR mount (1)
|
|
provides an alternate way to set this behavior for an entire filesystem (see
|
|
.IR mount (1)
|
|
and
|
|
.IR fstab (4)].
|
|
.P
|
|
The
|
|
\f3\-R\f1
|
|
option recursively descends through directory arguments, setting
|
|
the mode for each file as described above.
|
|
If a symbolic link is encountered
|
|
whose target is a directory, the permission of the directory is changed.
|
|
That directory's contents are \f2not\f1 recursively traversed.
|
|
.SH EXAMPLES
|
|
.IP
|
|
chmod a\-x \f2file\f1
|
|
.IP
|
|
chmod 444 \f2file\f1
|
|
.PP
|
|
The first examples deny execution permission to all.
|
|
The absolute (octal) example permits only reading permissions.
|
|
.IP
|
|
chmod go+rw \f2file\f1
|
|
.IP
|
|
chmod 066 \f2file\f1
|
|
.PP
|
|
These examples make a file readable and writable by the group and others.
|
|
.IP
|
|
chmod +l \f2file\f1
|
|
.PP
|
|
This causes a file to be locked during access.
|
|
.IP
|
|
chmod =rwx,g+s \f2file\f1
|
|
.IP
|
|
chmod 2777 \f2file\f1
|
|
.PP
|
|
These last two examples enable all to read, write, and execute the file;
|
|
and they turn on the set group-ID.
|
|
.\".SH NOTES
|
|
.\"In a Remote File Sharing environment,
|
|
.\"you may not have the permissions that the output
|
|
.\"of the \f3ls \-l\f1 command leads you to believe.
|
|
.\"For more information see the "Mapping Remote Users"
|
|
.\"section of Chapter 10 of the \f2System Administrator's
|
|
.\"Guide\f1.
|
|
.SH "SEE ALSO"
|
|
.\" @(#)chmod.1 6.2 of 9/2/83
|
|
ls(1),
|
|
mount(1),
|
|
umask(1),
|
|
chmod(2),
|
|
unlink(2).
|