Previous Table of Contents Next


Module 17
chmod

DESCRIPTION

The external chmod command allows you to change the modes of a file or directory. The modes are the access permissions controlling who can and cannot access the file or directory. File modes control file attributes such as:

*  Who can read from a file
*  Who can write to a file
*  Who can execute a file
*  If a file allows you to assume its user ID during execution
*  If a file allows you to assume its group ID during execution
*  If a file is to remain in memory after execution
*  If a file is to be locked while being accessed by a user

The chmod allows you to change these attributes using:

*  Absolute modes; all number arguments
*  Symbolic modes; who strings, operators, and permission strings

The modes are classified into four categories. The first is the special modes. The last three are the permissions for different sets of users:

*  The owner of the file
*  The group associated with the file
*  All other users on the system

COMMAND FORMAT

Following is the general format of the chmod command.

     chmod [ -R ] absolute_mode file_list
     chmod [ -R ] absolute_mode directory_list
     
     chmod [ -R ] symbolic_mode file_list
     chmod [ -R ] symbolic_mode directory_list

BSD (Berkeley)
chmod [ -fR ] absolute_mode file_list
chmod [ -fR ] absolute_mode directory_list
chmod [ -fR ] symbolic_mode file_list
chmod [ -fR ] symbolic_mode directory_list

Options

The following list describes the options that are used to control how chmod functions.

absolute_mode A three- or four-digit octal number describing the permissions. See the following section on Absolute Modes.
symbolic_mode A string made up of three parts describing the permissions. The first part is the "who string"; who is affected. The second is an "operator string"; add, remove, or absolutely assign permissions. The third is the "permission string"; what are the permissions for the file or directory. See the following section on Symbolic Modes.
-R Forces chmod to recursively descend the directory trees listed, changing the group ID of files and directories. If a symbolic link is encountered, its group ID is changed but it is not traversed.

BSD (Berkeley)
-f If chmod fails to change the group or incurs errors, it does not report them to your screen.
-R Same as SV.

Arguments

The following list describes the arguments that may be passed to the chmod command.

file_list One or more files you want to give new modes.
directory_list One or more directories you want to give new modes.

FURTHER DISCUSSIONS

The chmod command changes which users can read, write, and execute a file. The modes are separated into four classes:

special Special permissions
user The owner of the file or directory
group The users in the group that the file is associated
other All other users on the system

Each class of users has a set of modes controlling their access permissions.

The owner and super-user are the only people who can change the permissions of a file or directory. To set the set-group-ID the file must have the same group ID as your current group ID.


NOTE:  
The super-user can access any files or directories regardless of file permissions. This should be considered when storing personal or private corporate information. If you do not want the system administrator to access the data, you might want to consider using the crypt command.



Absolute Modes

The absolute mode is a three- or four-digit octal number. Each position of the number equates to a special meaning or a class of users. Absolute modes are a shorthand for changing permissions. Therefore, they are terse and more difficult to remember and use.

The first digit is not required unless you wish to change the special modes. Thus you are allowed to use a three-digit number when you are only changing file permissions relating to reading, writing, and executing. The following list relates each position to what it does.

X000 Special meaning
0X00 Modes for the user class
00X0 Modes for the group class
000X Modes for the other class

The following table defines each possible value that may be used in the absolute modes:

Special Modes
4000 Set the user ID at execution time.
20#0 Set the group ID or file locking at execution time. If # is 7, 5, 3, or 1, set the group ID. If # is 6, 4, 2, or 0, enable mandatory file locking.
1000 Sticky bit is turned on. Informs the operating system to keep the program text loaded in memory after execution. Useful for programs that are executed many times each day.
User Modes
0400 The owner has read permission.
0200 The owner has write permission.
0100 The owner has execute permission. If permission is for a directory, then owner has search permissions.
Group Mode
0040 The members of a group have read permissions.
0020 The members of a group have write permissions.
0010 The members of a group have execute and search permissions.
Others Mode
0004 All users other than the owner and group members have read permissions.
0002 All users other than the owner and group members have write permissions.
0001 All users other than the owner and group members have execute and search permissions.


Previous Table of Contents Next