CHMOD(1,C) AIX Commands Reference CHMOD(1,C)
-------------------------------------------------------------------------------
chmod
PURPOSE
Changes permission codes.
SYNTAX
+-------+
one of | r t u |
SYMBOLIC +---+ 1| w s g |
+--------+ +------- a -------+ +-| + |---| x X o |-----+
chmod ---| +----+ |---| +----- a -----+ |---| | - | A +-------+ | |--->
+-| -f |-+ +-| +---------+1|-+ A | +---+ +-----------+ |||
A| -R || A+-| u g o |-+ | | +-----------+ |||
|+----+| | | ug uo | | +--- = ---| +-------+ |-+||
+------+ | | og ugo | | +-| r t u |-+ ||
| +---------+ | ^| w s g || ||
| | || x X o || ||
| | |+-------+| ||
| | +---------+ ||
| +--------------------------+|
| 2 |
+-------------------- , -----------------------+
+-----------+
>---| file |---|
A| directory | |
|+-----------+ |
+--------------+
ABSOLUTE
+--------+ +-----------+
chmod ---| +----+ |--- permcode ---| file |---|
+-| -f |-+ ^ | directory | |
^| -R || | +-----------+ |
|+----+| +---------------+
+------+
-----------------
1 Do not put a blank between these items.
2 Do not put a blank on either side of the comma.
DESCRIPTION
The chmod command modifies the read, write, execute (file), or search
(directory) permission codes of specified files or directories. You can use
either symbolic or absolute mode to specify the desired permission settings.
You can change the permission code of a file or directory only if you own it or
if you are operating with superuser authority.
Processed November 8, 1990 CHMOD(1,C) 1
CHMOD(1,C) AIX Commands Reference CHMOD(1,C)
FLAGS
-f If the -f option is given, no errors are reported if chmod fails
to change the mode on a file.
-R When the -R option is given, chmod recursively descends its
directory arguments, setting the mode for each file as described
above. When symbolic links are encountered, their mode is not
changed and they are not transversed.
SYMBOLIC MODE
When you use the symbolic mode to specify permission codes, the first set of
flags selects the permission field, as follows:
u User (owner)
g Group
o All others
a User, group, and all others.
If the permission field is omitted, the default is a, but the file
creation mask (umask) is applied.
The second set of flags selects whether permissions are to be taken away,
added, or set exactly as specified:
- Removes specified permissions.
+ Adds specified permissions.
= Clears the selected permission field and sets it to the code specified.
If you do not specify a permission code following the =, the chmod command
removes all permissions from the selected field.
The third set of flags of the chmod command selects the permissions as follows:
r Read permission.
w Write permission.
x Execute permission for files; search permission for directories.
X Set execute permission for files; search permission for directories. Set
execute permission only if the file is a directory or at least one execute
bit is set.
Processed November 8, 1990 CHMOD(1,C) 2
CHMOD(1,C) AIX Commands Reference CHMOD(1,C)
s Set user-ID or set group-ID permission. This permission bit sets the
effective user-ID or group-ID to that of the file whenever the file is
run. Use this permission setting in combination with the u or g field to
allow temporary or restricted access to files not normally accessible to
other users. An s appears in the user or group execute position of a long
listing (see "ls, lf, lr" or "li, di") to show that the file runs
set-user-ID mode or set-group-ID mode.
t Save text permission. Setting this permission bit causes the text segment
of a program to remain in virtual memory after its first use. The system
thus avoids having to transfer the program code of frequently accessed
programs into the paging area. You can specify this permission only with
the u field and only if you have superuser authority. (Except for
directories. See below.) A t appears in the execute position of the "all
others" field to indicate that the file has this bit (the "sticky" bit)
set.
u The file permissions for user taken from the current mode.
g The file permissions for group taken from the current mode.
o The file permissions for other taken from the current mode.
You can specify multiple symbolic modes, separated with commas. Do not
separate items in this list with spaces. Operations are performed in the order
they appear from left to right.
AIX gives additional interpretation of the set group-ID and save text
permission bits for certain file types or when used with certain other
permission bits. The set group-ID permission bit on a regular file, if
accompanied by no execute permission bits indicates that file locks should be
treated as enforced locks. An S appears in the group execute permission of a
long listing to indicate this situation.
The set group-ID permission bit on a directory causes subsequently created
files to be assigned the group ID of the directory rather than the effective
group IDs of the processes which created the files.
The saved text permission bit on a character special file is used to identify a
multiplexed file.
The saved text permission bit on a directory makes it so that only the owner of
the directory of the owner of a file within the directory can remove that file
from the directory.
ABSOLUTE MODE
The chmod command also permits you to use octal notation to set each bit in the
permission code. The chmod command sets the permissions to the permcode you
provide. This permcode is constructed by combining (the logical OR of) the
following values:
Processed November 8, 1990 CHMOD(1,C) 3
CHMOD(1,C) AIX Commands Reference CHMOD(1,C)
4000 Sets user-ID on execution (when set along with any of the execute
(search) bits).
2000 Sets group-ID on execution (when set along with any of the execute
(search) bits).
2000 Sets enforcement mode locking (when set without the 0010 bit).
2000 For directories, files take group ID from the directory, not
creator.
1000 Retains memory image after execution (executable file)
1000 Marks a directory so that only owners may remove files.
1000 Indicates multiplexed character special file
0400 Permits read by owner
0200 Permits write by owner
0100 Permits execute or search by owner
0040 Permits read by group
0020 Permits write by group
0010 Permits execute or search by group
0004 Permits read by others
0002 Permits write by others
0001 Permits execute or search by others
All permission bits not explicitly specified are cleared.
EXAMPLES
1. To add a type of permission to several files:
chmod g+w chap1 chap2
This command adds write permission for group members to the files "chap1"
and "chap2".
2. To change several permissions at once:
chmod go-w+x mydir
This command denies group members and others the permission to create or
delete files ("go-w") in "mydir". It allows them to search "mydir" or use
Processed November 8, 1990 CHMOD(1,C) 4
CHMOD(1,C) AIX Commands Reference CHMOD(1,C)
it in a path name ("go+x"). This one-step change is equivalent to the
following sequence of commands:
chmod g-w mydir
chmod o-w mydir
chmod g+x mydir
chmod o+x mydir
3. To permit only the owner to use a shell procedure as a command:
chmod u=rwx,go= cmd
This command gives read, write, and execute permission to the user who owns
the file ("u=rwx"). It also denies the group and others the permission to
access "cmd" in any way ("go=").
If you have permission to execute the shell command file "cmd", you can run
it by entering:
cmd
Entering this command may not work in some cases, depending on the value of
the shell variable PATH. See page sh-9 for more information about
PATH.
4. To use set-ID modes:
chmod ug+s cmd
When "cmd" is executed, the effective user and group IDs are set to those
IDs that own the file "cmd". Only the effective IDs associated with the
subprocess that runs "cmd" are changed. The effective IDs of the shell
session remain unchanged.
This feature allows you to permit restricted access to important files.
Suppose that the file "cmd" has the set-user-ID mode enabled and is owned
user ID "dbms". The user "betty" does not have permission to access any of
the data files owed by "dbms" She does, however, have permission to execute
"cmd". When she does execute "cmd" her effective user ID is temporarily
changed to "dbms" so that the "cmd" program can access the data files owned
by "dbms". Thus, "betty" can use "cmd" to access the data files, but she
cannot accidentally damage them with the standard shell commands.
5. To use the absolute mode form of the chmod command:
chmod 644 text
This command sets read and write permission for the owner, and it sets
read-only mode for the group and others.
6. To change the permissions of a file from the permissions of one of the
file's current permission fields:
Processed November 8, 1990 CHMOD(1,C) 5
CHMOD(1,C) AIX Commands Reference CHMOD(1,C)
chmod g=u text
The owner permissions will become the permissions of the group, too. For
example, if the permissions of the user field are set to rwx, the
permissions of the group field will be set to rwx. The owner permissions
will remain rwx.
RELATED INFORMATION
See the following commands: "ls, lf, lr," "li, di," and "umask."
Processed November 8, 1990 CHMOD(1,C) 6