chmod

From Peyton Hall Documentation
Jump to navigation Jump to search

chmod is a Unix command which changes the access bits (modes) on a file. It can make a file readable, writable, or executable by the owner, people in the same group as the file, or everyone. chmod can also be used to change the SUID, SGID or "sticky" bits.


Usage

chmod [options] <mode> <file1> <file2> ...


Options

  • -f Suppress most error messages
  • -v More verbose output
  • -R Recursively apply mode to directories and files


Modes

There are four categories upon which a file's mode will take effect:

  1. Special modes
  2. The owner of the file
  3. The group which owns the file
  4. Everyone else


Symbolic modes

Symbolic modes are easier for some to understand than octal modes. The categories listed above (not including special modes, since they're handled differently) are 'u', 'g' and 'o' (for numbers 2, 3 and 4 above respectively). To refer to all of them, 'a' is used.

The modes themselves are:

  • r: read
  • w: write
  • x: execute
  • X: execute only if a directory, or some user already has execute permission
  • s: set user- or group-ID on execution
  • t: sticky
  • u: permissions already granted to the owner
  • g: permissions already granted to the group
  • o: permissions already granted to all users not in the above two categories

To combine these, you could use 'ug+rwxo-rwx' to set the owner and group to be able to read, write and execute the file, and all others have no permission. To simply add read permission to a file for everyone (leaving existing permissions as-is) use "a+r".


Octal modes

There are only three bits in an octal mode:

  • 4: read (or set user-ID)
  • 2: write (or set group-ID)
  • 1: execute (or sticky)

Octal modes are therefore a combination of these bits. The mode '0775' would mean:

  1. No special modes
  2. Owner can read, write and execute
  3. Group can read, write and execute
  4. Everyone who is not in the group, and not the owner, can read and execute

Mode '4700' would turn on the set user-ID bit, and allow only the file's owner to read, write and execute. All others have no permission to the file. Any modes left off are assumed to be zero, so setting a file to '0775' and '775' have the same effect.


Special modes

As described above, there are some special modes.

  • Set user-ID
    • This will cause the kernel to set the owner of the process to whomever owns this file when it is executed. For example, if you have a copy of 'cat' in your home directory, and change its mode to '4777', then anyone can execute that cat program and view any file which you would normally be able to view (since the process will now run as you). Use this with extreme caution - most times you might think you can use a SUID program, the truth is that you really do not need it (and will cause more harm than good). Imagine the consequence of a SUID copy of /bin/bash...
    • If set on a directory, any files written to that directory will have their ownership changed to the owner of the directory.
  • Set group-ID
    • Same idea as above, but using the group ownership instead of the user.
    • If set on a directory, any files written to that directory will have their group ownership changed to the group that owns the directory.
  • Sticky
    • On files, this does basically nothing in Linux. When set on a directory, files in that directory may be unlinked or renamed only by root or their owner. Without the sticky bit, anyone able to write to the directory can delete or rename files. The sticky bit is commonly found on directories, such as /tmp, that are world-writable.


umask

umask is a setting which controls what modes will be set by default on newly created files. It is a "mask" applied to the mode 0777, meaning whatever bits you set in the umask will be removed from 0777 to create a mode for new files.

  • 'umask 0002' == files created with mode 0775
  • 'umask 0022' == files created with mode 0755
  • 'umask 0007' == files created with mode 0770

Note that "files" is a slight misnomer; all files are created with a umask of 0111 by default, while directories with a umask of 0000. Therefore, with 'umask 0002', files will have mode 0664 while directories will have mode 0775.


See also

Retrieved from "https://docs.astro.princeton.edu/wiki/index.php?title=chmod&oldid=878"