chmod(1)							     chmod(1)



NAME
  chmod - Changes permission codes

SYNOPSIS

  chmod [-fR] absolute_mode file ...

  chmod [-fR] [who]+permission ...  file ...

  chmod [-fR] [who]-permission ...  file ...

  chmod [-fR] [who]=[permission ...] file ...

  The chmod command modifies the read, write, and execute permissions of
  specified files and the search permissions of specified directories.

DESCRIPTION

  You can use either symbolic or absolute mode to specify the desired permis-
  sion settings.  You can change the permission code of a file or directory
  only if you own it or if you have superuser authority.

  If a named file is a symbolic link, chmod changes the mode of the link's
  target file unless the -R flag is used.  If the -R flag is used, chmod
  leaves links and their target files untouched.

  Symbolic Mode

  A symbolic mode has the form:

  [who] operation permission [operation permission] ...

  The who argument specifies whether you are defining permissions for a user,
  group, or all others, or any combination of these.  The operation argument
  specifies whether the permission is being added, taken away, or assigned
  absolutely.  The permission argument identifies the operation that the
  specified users can perform on file.

  Valid options for the who argument are as follows:

  u   User (owner)

  g   Group

  o   All others

  a   User, group, and all others (same effect as the combination ugo)

  If the who argument is omitted, the default is a, but the setting of the
  file creation mask, umask (see csh, ksh, sh), is applied.

  Valid options for the operation argument are as follows:

  -   Removes specified permissions.

  +   Adds specified permissions.

  =   Clears the selected permission field and sets it to the code specified.
      If you do not specify a permission code following =, chmod removes all
      permissions from the selected field.

  Valid options for the permission argument are as follows:

  r   Read permission.

  w   Write permission.

  x   Execute permission for files, search permission for directories.

  X   Execute permission only if file is a directory or at least one execute
      bit is set.

  s   Set-user-ID or set-group-ID permission.

      This permission bit sets the effective user ID or group ID to that of
      the owner or group owner of file whenever the file is run.  Use this
      permission setting in combination with the u or g option to allow tem-
      porary or restricted access to files not normally accessible to other
      users.  An s appears in the user or group execute position of a long
      listing (see ls) to show that the file runs with set-user-ID or set-
      group-ID permission.

  t   Save text permission.

      In earlier versions of the UNIX system, setting this permission bit
      caused the text segment of a program to remain in virtual memory after
      its first use.  The system thus avoided having to transfer the program
      code of frequently accessed programs into the paging area.  A t appears
      in the execute position of the all others option to indicate that the
      file has this bit (the sticky bit) set.

      If a directory has this bit set, then deletion in it is restricted.  An
      entry in a sticky directory can only be removed or renamed by a user if
      the user has write permission for the directory and the user is the
      owner of the file, the owner of the directory, or the superuser.

  The u, g, and o options indicate that permission is to be taken from the
  current mode.	 Omitting permission is only useful with = to take away all
  permissions.

  All permission bits not explicitly specified are cleared.

  You can specify multiple symbolic modes, separated with commas.  Do not
  separate items in this list with spaces.  Operations are performed in the
  order they appear from left to right.

  Absolute Mode

  Absolute mode lets you use octal notation to set each bit in the permission
  code.	 The chmod command sets the permissions to the permission_code you
  provide.  The permission_code is constructed by combining (the logical OR
  of) the following values:

  4000
      Sets user ID on execution.

  2000
      Sets group ID on execution.

  1000
      Sets the sticky bit, which does the following:

       Retains memory image after execution (executable file)

       Restricts file removal (directory file)

  You must be root to set the sticky bit.  See chmod(2).

  0400
      Permits read by owner.

  0200
      Permits write by owner.

  0100
      Permits execute or search by owner.

  0040
      Permits read by group.

  0020
      Permits write by group.

  0010
      Permits execute or search by group.

  0004
      Permits read by others.

  0002
      Permits write by others.

  0001
      Permits execute or search by others.

  System V Compatibility

  The root of the directory tree that contains the commands modified for
  SVID2 compliance is specified in the file /etc/svid2_path. You can use
  /etc/svid2_profile as the basis for, or to include in, your .profile.	 The
  file /etc/svid2_profile reads /etc/svid2_path and sets the first entries in
  the PATH environment variable so that the modified SVID2 commands are found
  first.

  The SVID2 compliant version of the chmod command ignores the umask value if
  who is not specified in the symbolic mode of the command (chmod [who]
  operation permission).  In other words, if you omit who from the chmod com-
  mand line, the version of the command that is compliant with the SVID2
  standard behaves exactly as if you specified the character a as the value
  for who.  The version of the chmod command that is SVID2 compliant also
  supports equivalents in absolute mode for the s permission in symbolic
  mode.	 In absolute mode, setting the bits 04000 represents set-user-ID and
  setting the bits 02000 represents set-group-ID.

FLAGS

  -f  Does not report an error if chmod fails to change the mode on a file.

  -R  Causes chmod to recursively descend its directory arguments, setting
      the mode for each file as described in the sections Symbolic Mode and
      Absolute Mode.  When symbolic links are encountered, their mode is not
      changed and they are not traversed.



EXAMPLES

   1.  To add a type of permission to several files, enter:
	    chmod  g+w	chap1 chap2


       This adds write permission for group members to the files chap1 and
       chap2.

   2.  To make several permission changes at once, enter:
	    chmod  go-w+x  mydir


       This denies group members and others the permission to create or
       delete files in mydir (go-w).  It allows them to search mydir or use
       it in a pathname (go+x).	 This is equivalent to the following command
       sequence:
	    chmod  g-w	mydir
	    chmod  o-w	mydir
	    chmod  g+x	mydir
	    chmod  o+x	mydir


   3.  To permit only the owner to use a shell procedure as a command, enter:
	    chmod  u=rwx,go=  cmd


       This gives read, write, and execute permission to the user who owns
       the file (u=rwx).  It also denies the group and others the permission
       to access cmd in any way (go=).

       If you have permission to execute the cmd shell command file, you can
       run it by entering:
	    cmd


       or
	    ./cmd


   4.  To use set-ID modes, enter:
	    chmod  ug+s	 cmd


       When cmd is executed, this causes the effective user and group IDs to
       be set to those that own the file cmd.  Only the effective IDs associ-
       ated with the subprocess that runs cmd are changed.  The effective IDs
       of the shell session remain unchanged.

       This feature allows you to permit restricted access to important
       files.  Suppose that the file cmd has the set-user-ID mode enabled and
       is owned by a user called dbms.	Although dbms is not actually a per-
       son, it might be associated with a database management system.  The
       user betty does not have permission to access any of dbms's data
       files.  However, she does have permission to execute cmd.  When she
       does so, her effective user ID is temporarily changed to dbms, so that
       the cmd program can access the data files owned by dbms.

       This way betty can use cmd to access the data files, but she cannot
       accidentally damage them with the standard shell commands.

   5.  To use the absolute mode form of the chmod command, enter:
	    chmod  644	text


       This sets read and write permission for the owner, and it sets read-
       only mode for the group and all others.

RELATED INFORMATION

  Commands:  chgrp(1), chown(1), csh(1), ksh(1), ls(1), sh(1).

  Functions:  chown(2), chmod(2), stat(2), umask(2).