chmod(1) — Commands
OSF — Environment_Note_Added
NAME
chmod − Changes permission codes
SYNOPSIS
chmod [−fR] absolute_mode file ...
chmod [−fR] [who]+permission ... file ...
chmod [−fR] [who]−permission ... file ...
chmod [−fR] [who]=[permission ...] file ...
The chmod command modifies the read, write, and execute permissions of specified files and the search permissions of specified directories.
DESCRIPTION
You can use either symbolic or absolute mode to specify the desired permission settings. You can change the permission code of a file or directory only if you own it or if you have superuser authority.
Symbolic Mode
A symbolic mode has the form:
[who] operation permission [operation permission] ...
The who argument specifies whether you are defining permissions for a user, group, or all others, or any combination of these. The operation argument specifies whether the permission is being added, taken away, or assigned absolutely. The permission argument identifies the operation that the specified users can perform on file.
Valid options for the who argument are as follows:
uUser (owner)
gGroup
oAll others
aUser, group, and all others (same effect as the combination ugo)
If the who argument is omitted, the default is a, but the setting of the file creation mask, umask (see csh, ksh, sh), is applied.
Valid options for the operation argument are as follows:
−Removes specified permissions.
+Adds specified permissions.
=Clears the selected permission field and sets it to the code specified. If you do not specify a permission code following =, chmod removes all permissions from the selected field.
Valid options for the permission argument are as follows:
rRead permission.
wWrite permission.
xExecute permission for files, search permission for directories.
XExecute permission only if file is a directory or at least one execute bit is set.
sSet-user-ID or set-group-ID permission. This permission bit sets the effective user ID or group ID to that of the owner or group owner of file whenever the file is run. Use this permission setting in combination with the u or g option to allow temporary or restricted access to files not normally accessible to other users. An s appears in the user or group execute position of a long listing (see ls) to show that the file runs with set-user-ID or set-group-ID permission.
tSave text permission. In earlier versions of the UNIX system, setting this permission bit caused the text segment of a program to remain in virtual memory after its first use. The system thus avoided having to transfer the program code of frequently accessed programs into the paging area. You can specify this permission, but in OSF/1 it has no effect. A t appears in the execute position of the all others option to indicate that the file has this bit (the sticky bit) set. If a directory has this bit set, then deletion in it is restricted. An entry in a sticky directory can only be removed or renamed by a user if the user has write permission for the directory and the user is the owner of the file, the owner of the directory, or the superuser.
The u, g, and o options indicate that permission is to be taken from the current mode. Omitting permission is only useful with = to take away all permissions.
All permission bits not explicitly specified are cleared.
You can specify multiple symbolic modes, separated with commas. Do not separate items in this list with spaces. Operations are performed in the order they appear from left to right.
Absolute Mode
Absolute mode lets you use octal notation to set each bit in the permission code. The chmod command sets the permissions to the permission_code you provide. permission_code is constructed by combining (the logical OR of) the following values:
4000Sets user ID on execution.
2000Sets group ID on execution.
1000Sets sticky bit (see chmod(2)):
•Retains memory image after execution (executable file). Has no effect in OSF/1.
•Restricts file removal (directory).
0400Permits read by owner.
0200Permits write by owner.
0100Permits execute or search by owner.
0040Permits read by group.
0020Permits write by group.
0010Permits execute or search by group.
0004Permits read by others.
0002Permits write by others.
0001Permits execute or search by others.
FLAGS
−fDoes not report an error if chmod fails to change the mode on a file.
−RCauses chmod to recursively descend its directory arguments, setting the mode for each file as described in the sections Symbolic Mode and Absolute Mode. When symbolic links are encountered, their mode is not changed and they are not traversed.
EXAMPLES
1.To add a type of permission to several files, enter:
chmod g+w chap1 chap2
This adds write permission for group members to the files chap1 and chap2.
2.To make several permission changes at once, enter:
chmod go−w+x mydir
This denies group members and others the permission to create or delete files in mydir (go−w). It allows them to search mydir or use it in a pathname (go+x). This is equivalent to the following command sequence:
chmod g−w mydir
chmod o−w mydir
chmod g+x mydir
chmod o+x mydir
3.To permit only the owner to use a shell procedure as a command, enter:
chmod u=rwx,go= cmd
This gives read, write, and execute permission to the user who owns the file (u=rwx). It also denies the group and others the permission to access cmd in any way (go=). If you have permission to execute the cmd shell command file, you can run it by entering:
cmd
or
./cmd
4.To use set-ID modes, enter:
chmod ug+s cmd
When cmd is executed, this causes the effective user and group IDs to be set to those that own the file cmd. Only the effective IDs associated with the subprocess that runs cmd are changed. The effective IDs of the shell session remain unchanged. This feature allows you to permit restricted access to important files. Suppose that the file cmd has the set-user-ID mode enabled and is owned by a user called dbms. dbms is not actually a person, but might be associated with a database management system. The user betty does not have permission to access any of dbms’s data files. However, she does have permission to execute cmd. When she does so, her effective user ID is temporarily changed to dbms, so that the cmd program can access the data files owned by dbms. This way betty can use cmd to access the data files, but she cannot accidentally damage them with the standard shell commands.
5.To use the absolute mode form of the chmod command, enter:
chmod 644 text
This sets read and write permission for the owner, and it sets read-only mode for the group and all others.
ENVIRONMENT NOTES
This section describes system features that are not generic to OSF/1 but that are provided in this OSF/1 implementation.
System V Compatibility
The root of the directory tree that contains the commands modified for SVID-2 compliance is specified in the file /etc/svid2_path. You can use /etc/svid2_profile as the basis for, or to include in, your .profile. The file /etc/svid2_profile reads /etc/svid2_path and sets the first entries in the PATH environment variable so that the modified SVID-2 commands are found first.
The SVID-2 compliant version of the chmod command ignores the umask value if who is not specified in the symbolic mode of the command (chmod [who] operation permission). In other words, if you omit who from the chmod command line, the version of the command that is compliant with the SVID-2 standard behaves exactly as if you specified the character a as the value for who. The version of the chmod command that is SVID-2 compliant also supports equivalents in absolute mode for the s permission in symbolic mode. In absolute mode, setting the bits 04000 represents set-user-ID and setting the bits 02000 represents set-group-ID.