chmod

In Unix and Unix-like operating systems, is the command and system call used to change the access permissions and the special mode flags (the ''setuid'', ''setgid'', and ''sticky'' flags) of file system objects ( files and directories). Collectively these were originally called its modes, and the name was chosen as an abbreviation of ''change mode''.

History

A command first appeared in AT&T UNIX version 1, along with the system call.

As systems grew in number and types of users, access-control lists were added to many file systems in addition to these most basic modes to increase flexibility.

The version of bundled in GNU coreutils was written by David MacKenzie and Jim Meyering. The command is available as a separate package for Microsoft Windows as part of the UnxUtils collection of native Win32 ports of common GNU Unix-like utilities. The command has also been ported to the IBM i operating system.

Command syntax

Throughout this section, ''ser'' refers to the owner of the file, as a reminder that the symbolic form of the command uses "u".

chmod ptionsmodemodefile1 ile2 .../code>

Usually implemented options include:
* Recursive, i.e. include objects in subdirectories.
* verbose, show objects changed (unchanged objects are not shown).

If a symbolic link is specified, the target object is affected. File modes directly associated with symbolic links themselves are typically not used.

To view the file mode, the or commands may be used:

$ ls -l findPhoneNumbers.sh
-rwxr-xr-- 1 dgerman staff 823 Dec 16 15:03 findPhoneNumbers.sh
$ stat -c %a findPhoneNumbers.sh
754


The , , and specify the read, write, and execute access (the first character of the display denotes the object type; a hyphen represents a plain file). The script can be read, written to, and executed by the user ; read and executed by members of the group; and only read by any other users.

The main parts of the permissions:

For example:

Each group of three characters define permissions for each ''class'':
* the three leftmost characters, , define permissions for the ''User'' class (i.e. the file owner).
* the middle three characters, , define permissions for the ''Group'' class (i.e. the group owning the file)
* the rightmost three characters, , define permissions for the ''Others'' class. In this example, users who are not the owner of the file and who are not members of the ''Group'' (and, thus, are in the ''Others'' class) have no permission to access the file.


Numerical permissions

The numerical format accepts up to four digits. The three rightmost digits define permissions for the file user, the group, and others. The optional leading digit, when 4 digits are given, specifies the special , , and flags. Each digit of the three rightmost digits represents a binary value, which controls the "read", "write" and "execute" permissions respectively. A value of 1 means a class is allowed that action, while a 0 means it is disallowed.

For example, would allow:
* "read" (4), "write" (2), and "execute" (1) for the ''User'' class; i.e., 7 (4 + 2 + 1).
* "read" (4) and "execute" (1) for the ''Group'' class; i.e., 5 (4 + 1).
* Only "read" (4) for the ''Others'' class.

A numerical code permits execution if and only if it is odd (i.e. , , , or ). A numerical code permits "read" if and only if it is greater than or equal to (i.e. , , , or ). A numerical code permits "write" if and only if it is , , , or .

Numeric example

Change permissions to permit members of the group to update a file:

$ ls -l sharedFile
-rw-r--r-- 1 jsmith programmers 57 Jul 3 10:13 sharedFile
$ chmod 664 sharedFile
$ ls -l sharedFile
-rw-rw-r-- 1 jsmith programmers 57 Jul 3 10:13 sharedFile

Since the , and bits are not specified, this is equivalent to:

$ chmod 0664 sharedFile

Symbolic modes

The command also accepts a finer-grained symbolic notation, which allows modifying specific modes while leaving other modes untouched. The symbolic mode is composed of three components, which are combined to form a single string of text:

$ chmod eferencesoperator]odesfile ...

Classes of users are used to distinguish to whom the permissions apply. If no classes are specified "all" is implied. The classes are represented by one or more of the following letters:

The program uses an operator to specify how the modes of a file should be adjusted. The following operators are accepted:

The modes indicate which permissions are to be granted or removed from the specified classes. There are three basic modes which correspond to the basic permissions:

Multiple changes can be specified by separating multiple symbolic modes with commas (without spaces). If a user is not specified, chmod will check the umask and the effect will be as if "a" was specified except bits that are set in the umask are not affected.

Symbolic examples

* Add write permission () to the Group's () access modes of a directory, allowing users in the same group to add files:
$ ls -ld shared_dir # show access modes before chmod
drwxr-xr-x 2 jsmitt northregion 96 Apr 8 12:53 shared_dir
$ chmod g+w shared_dir
$ ls -ld shared_dir # show access modes after chmod
drwxrwxr-x 2 jsmitt northregion 96 Apr 8 12:53 shared_dir

* Remove write permissions () for all classes (), preventing anyone from writing to the file:
$ ls -l ourBestReferenceFile
-rw-rw-r-- 2 tmiller northregion 96 Apr 8 12:53 ourBestReferenceFile
$ chmod a-w ourBestReferenceFile
$ ls -l ourBestReferenceFile
-r--r--r-- 2 tmiller northregion 96 Apr 8 12:53 ourBestReferenceFile

* Set the permissions for the ''ser'' and the Group () to read and execute () only (no write permission) on , preventing anyone from adding files.
$ ls -ld referenceLib
drwxr----- 2 ebowman northregion 96 Apr 8 12:53 referenceLib
$ chmod ug=rx referenceLib
$ ls -ld referenceLib
dr-xr-x--- 2 ebowman northregion 96 Apr 8 12:53 referenceLib

* Add the read and write permissions to the user and group classes of a file or directory named :
$ chmod ug+rw sample
$ ls -ld sample
drw-rw---- 2 rsanchez budget 96 Dec 8 12:53 sample

* Remove all permissions, allowing no one to read, write, or execute the file named to no useful end.
$ chmod a-rwx sample
$ ls -l sample
---------- 2 rswven planning 96 Dec 8 12:53 sample

* Change the permissions for the user and the group to read and execute only (no write permission) on .
$ # Sample file permissions before command
$ ls -ld sample
drw-rw---- 2 oschultz warehousing 96 Dec 8 12:53 NY_DBs
$ chmod ug=rx sample
$ ls -ld sample
dr-xr-x--- 2 oschultz warehousing 96 Dec 8 12:53 NJ_DBs

Special modes

The command is also capable of changing the additional permissions or special modes of a file or directory. The symbolic modes use '' to represent the ''setuid'' and ''setgid'' modes, and '' to represent the ''sticky'' mode. The modes are only applied to the appropriate classes, regardless of whether or not other classes are specified.

Most operating systems support the specification of special modes numerically, particularly in octal, but some do not. On these systems, only the symbolic modes can be used.

Command line examples

See also

* File-system permissions
* chattr, the command used to change the attributes of a file or directory on Linux systems
* chown, the command used to change the owner of a file or directory on Unix-like systems
* chgrp, the command used to change the group of a file or directory on Unix-like systems
* cacls, a command used on Windows NT and its derivatives to modify the access control lists associated with a file or directory
* attrib
* umask, restricts mode (permissions) at file or directory creation on Unix-like systems
* User identifier
* Group identifier
* List of Unix commands

References

External links

*
*
*

chmod
— manual page from GNU coreutils.

GNU "Setting Permissions" manual

CHMOD-Win 3.0
— Freeware Windows' ACL ↔ CHMOD converter.

{{Use dmy dates, date=January 2018

File system permissions
Operating system security
Standard Unix programs
Unix file system-related software
Unix SUS2008 utilities
Plan 9 commands
Inferno (operating system) commands
IBM i Qshell commands