| chmod | |
|---|---|
| Original author | AT&T Bell Laboratories |
| Developers | Variousopen-source andcommercial developers |
| Initial release | 3 November 1971; 54 years ago (1971-11-03) |
| Written in | Plan 9:C |
| Operating system | Unix,Unix-like,Plan 9,Inferno,IBM i |
| Platform | Cross-platform |
| Type | Command |
| License | coreutils:GPLv3 Plan 9:MIT License |
chmod is ashellcommand for changingaccess permissions and special mode flags offiles (includingspecial files such asdirectories). The name is short forchangemode wheremode refers to the permissions and flags collectively.[1][2]
The command originated inAT&T Unix version 1 and was exclusive toUnix andUnix-likeoperating systems until it was ported to other operating systems such asWindows (inUnxUtils)[3] andIBM i.[4]
InUnix andUnix-like operating systems, asystem call with the same name as the command,chmod(), provides access to the underlying access control data. The command exposes the capabilities of the system call to a shell user.
As the need for enhancedfile-system permissions grew,access-control lists[5] were added to many file systems to augment the modes controlled viachmod.
The implementation ofchmod bundled inGNU coreutils was written by David MacKenzie and Jim Meyering.[6]
Although the syntax of the command varies somewhat by implementation, it generally accepts either a single octal value (which specifiesall the mode bits on each file), or a comma-delimited list of symbolic specifiers (which describes how to change the existing mode bits of each file). The remaining arguments are a list of paths to files to be modified.[7]
Changing permissions is only allowed for the superuser (root) and the owner of a file.
If asymbolic link is specified, the target of the link has its mode bits adjusted. Permissions directly associated with a symbolic link file system entry are typically not used.
Optional, command-line options may include:
-R recursive; include contained files and subdirectories of specified directories-v verbose; log changed file namesGiven a numeric permissions argument, thechmod command treats it as anoctal number,[a] and replacesall the mode bits for each file. (Although four digits are specified, leading0 digits can be elided.)[8]
There are twelve standard mode bits, comprising three special bits (setuid,setgid, andsticky), and three permission groups (controlling access byuser,group, andother) of 3 bits each (read,write, andexec/scan); each permission bit grants access if set (1) or denies access if clear (0).
As an octal digit represents a 3-bit value, the twelve mode bits can be represented as four octal digits.chmod accepts up to four digits and uses 0 for left digits not specified (as is normal for numeric representation). In practice, three digits are commonly specified since the special modes are rarely used and the user class is usually specified.
In the context of an octal digit, each operation bit represents a numeric value: read: 4, write: 2 and execute: 1. The following table relates octal digit values to a class operations value.
| # | bits | rwx | granted operations |
|---|---|---|---|
| 7 | 4 + 2 + 1 | rwx | read, write and execute |
| 6 | 4 + 2 | rw- | read and write |
| 5 | 4 + 1 | r-x | read and execute |
| 4 | 4 | r-- | read only |
| 3 | 2 + 1 | -wx | write and execute |
| 2 | 2 | -w- | write only |
| 1 | 1 | --x | execute only |
| 0 | --- | none |
The commandstat can report a file's permissions as octal. For example:
$stat-c%afindPhoneNumbers.sh754
The reported value,754 indicates the following permissions:
A code permits execution if and only if it isodd (i.e. 1, 3, 5, or 7). A code permits read if and only if it is greater than or equal to 4 (i.e. 4, 5, 6, or 7). A code permits write if and only if it is 2, 3, 6, or 7.
Thechmod command accepts symbolic notation that specifies how to modify the existing permissions.[9] The command accepts a comma-separate list of specifiers like:[classes]+|-|=operations
Classes map permissions to users. A change specifier can select one class by including its symbol, multiple by including each class's symbol with no delimiter, or all classes by not specifying a symbol; when using the last method, the bits of theumask mask will remain unchanged.[10] Class specifiers include:
| symbol | description |
|---|---|
| u | user: file owner |
| g | group: members of the file's group |
| o | others: users who are neither the file's owner nor members of the file's group |
| a | all three classes; same asugo |
As ownership is key to access control, and since the symbolic specification uses the abbreviationo, some incorrectly think that it meansowner, when, in fact, it is short forothers.
The change operators include:
| symbol | description |
|---|---|
| + | add operations/flags |
| - | remove operations/flags |
| = | set the entire operations/flags field; grants the specified operations and denies others |
Operations can be specified as follows:
| symbol | description |
|---|---|
| r | read a regular file or list a directory's contents |
| w | write to a file |
| x | execute a regular file or recurse a directory tree |
| X | special execute: selects to apply execute to directories (regardless of their current permissions) and apply execute to files that already have at least one execute permission granted (for any class); only useful with operation+ and usually in combination with option-R for giving group or others access to a directory tree without setting execute permission on regular files, which would normally happen withchmod -R a+rx .; instead usechmod -R a+rX . |
| s | setuid mode orsetgid mode |
| t | sticky mode |
Mostchmod implementations support the specification of the special modes in octal, but some do not which requires using the symbolic notation.
Thels command can report file permissions in a symbolic notation that is similar to the notation used withchmod.ls -l reports permissions in a notation that consists of 10 letters. The first indicates the type of the file system entry, such as dash for regular file and 'd' for directory. Following that are three sets of three letters that indicate read, write and execute permissions grouped by user, group and others classes. Each position is either dash to indicate lack of permission or the single-letter abbreviation for the permission to indicate that it's granted. For example:
$ls-lfindPhoneNumbers.sh-rwxr-xr-- 1 dgerman staff 823 Dec 16 15:03 findPhoneNumbers.sh
The permission specifier-rwxr-xr-- starts with a dash, which indicates thatfindPhoneNumbers.sh is a regular file, not a directory. The next three lettersrwx indicate that the file can be read, written, and executed by the owning userdgerman. The next three lettersr-x indicate that the file can be read and executed by members of thestaff group. And the last three lettersr-- indicate that the file is read-only for other users.
Addwrite permission to thegroup class of a directory, allowing users in the same group to add files:
$ls-lddir# beforedrwxr-xr-x 2 jsmitt northregion 96 Apr 8 12:53 shared_dir$chmodg+wdir$ls-lddir# afterdrwxrwxr-x 2 jsmitt northregion 96 Apr 8 12:53 shared_dir
Removewrite permission forall classes, preventing anyone from writing to the file:
$ls-lourBestReferenceFile-rw-rw-r-- 2 tmiller northregion 96 Apr 8 12:53 ourBestReferenceFile$chmoda-wourBestReferenceFile$ls-lourBestReferenceFile-r--r--r-- 2 tmiller northregion 96 Apr 8 12:53 ourBestReferenceFile
Set the permissions for theuser andgroup classes toread and execute only, with nowrite permission, preventing anyone from adding files:
$ls-ldreferenceLibdrwxr----- 2 ebowman northregion 96 Apr 8 12:53 referenceLib$chmodug=rxreferenceLib$ls-ldreferenceLibdr-xr-x--- 2 ebowman northregion 96 Apr 8 12:53 referenceLib
Enablewrite for theuser class while making itread-only forgroup and others:
$chmodu=rw,go=rsample$ls-ldsampledrw-r--r-- 2 oschultz warehousing 96 Dec 8 12:53 sample
To recursively set access for the directorydocs/ and its contained files:
chmod -R u+w docs/
To set user and group for read and write only and set others for read only:
chmod 664 file
To set user for read, write, and execute only and group and others for read only:
chmod 744 file
To set the sticky bit in addition to user, group and others permissions:
chmod 1755 file
To set UID in addition to user, group and others permissions:
chmod 4755 file
To set GID in addition to user, group and others permissions:
chmod 2755 file
attribcacls, modifies access control listschattr, changes the attributes of a filechgrp, changes the group of a filechown, changes the owner of a fileumask, restricts permissions at file creation0 prefix for octal numbers is a remnant of its early period.
chmod(1): change file modes – FreeBSD General CommandsManualchmod(1) – Plan 9 Programmer's Manual, Volume 1chmod(1) – Inferno General commandsManualchmod — manual page fromGNUcoreutils.| File system | |
|---|---|
| Processes | |
| User environment | |
| Text processing | |
| Shell builtins | |
| Searching | |
| Documentation | |
| Software development | |
| Miscellaneous | |
| File system | |
|---|---|
| Processes | |
| User environment | |
| Text processing | |
| Shell builtins | |
| Networking | |
| Searching | |
| Software development | |
| Miscellaneous | |
