chmod (from English. ch ange mod e ) is a program for changing permissions of files and directories . The name comes from the Unix operating system chmod, which, in fact, changes the access rights to files, directories and symbolic links .
| chmod | |
|---|---|
| Type of | program for changing permissions of files and directories |
| Developer | GNU Project |
| Written on | C |
| operating system | Unix-like |
| Latest version | 8.5 (April 23, 2010) |
| License | GPLv3 + |
| Site | gnu.org |
Content
Syntax
chmod [options] mode [, mode] file1 [file2 ...]
Options:
- -R recursive change of permissions for directories and their contents
- -f do not issue error messages for files whose permissions cannot be changed.
- -v detail the action or the lack of action for each file .
chmod never changes permissions on symlinks. However, for each symbolic link specified on the command line, chmod changes the permissions of the associated file. In doing so, chmod ignores symbolic references occurring during recursive processing of directories.
The chmod argument specifying permissions can be written in two formats: numeric and character.
Using the numeric command
Rights are written in one line at once for three types of users:
- file owner (u);
- other users in the owner group (g);
- all other users (o);
In a numerical form, absolute rights are set to a file or directory, at the same time, separate rights for different types of users can be set in a symbolic form.
Example: in numerical form, set the rights rwxr-xr-x:
chmod 755 filename
| owner | Group | rest | |
|---|---|---|---|
| octal value | 7 | five | five |
| character entry | rwx | rx | rx |
| user type designation | u | g | o |
Thus, the rights "755" are written in symbolic form as "rwxr-xr-x". At the same time to understand the essence of the task of rights in Unix-systems it is useful to know the representation of numbers in the binary number system .
| binary | octal | character | file permissions | directory rights |
|---|---|---|---|---|
| 000 | 0 | --- | not | not |
| 001 | one | --x | performance | reading files and their properties |
| 010 | 2 | -w- | a record | not |
| 011 | 3 | -wx | recording and execution | everything except reading the file list |
| 100 | four | r-- | reading | reading file names |
| 101 | five | rx | reading and execution | read access |
| 110 | 6 | rw- | read and write | reading file names |
| 111 | 7 | rwx | all rights | all rights |
Some permissions only make sense when combined with others. Of the first four items (not giving the right to read the file), only “---” is usually used for files, that is, a complete ban on access to the file for this type of users. For directories from the entire list, only 0, 5 and 7 are usually applied - ban, read and execute, and full access.
Summarizing these codes for the three types of users, you can get a numeric or character entry. For example, chmod 444 {filename} : 400 + 40 + 4 = 444 - all have read-only rights (identical to “rrrrr--”).
In addition to the standard 'rwx' permissions, the chmod command also manages the SGID, SUID, and T bits. The set SUID or SGID attributes allow you to run the file with the rights of the file or group owner, respectively.
For SUID, the weight is 4000, and for SGID it is 2000. These attributes make sense when the corresponding performance bit is set and are designated when the symbol is written with the letter “s”: “rw s rwxrwx” and “rwxrw s rwx”, respectively.
Example: chmod 4555 {filename} - everyone has the right to read and execute, but the file will be launched for execution with the rights of the owner.
Setting the SGID for a directory will result in setting the membership of each new file being created to the same group to which the directory itself belongs, and not to the owner’s main group, as is the default. SUID for the directory does not make sense [1] .
sticky bit or restricted deletion flag (t-bit) is used only with directories. When the t-bit for a directory is not set, a file in this directory can be deleted (renamed) by any user who has write access to this directory. By installing the t-bit on the directory, we change this rule in such a way that only the owner of this file can delete (rename) the file. Following the above encoding, the t-bit has a weight of 1000.
Note: The right to write (w) allows the user to write or change a file, and the right to write to the directory - the ability to create new files or delete files from this directory. If the directory has the ability to write (w), then the file inside this directory can be deleted even if the right to write to it is not set . (In accordance with the concept of the POSIX file system).
Popular Values
- 400 (-r --------)
- The owner has the right to read; no one else has the right to do anything
- 644 (-rw-r - r--)
- All users have read permission; owner can edit
- 660 (-rw-rw ----)
- Owner and group can read and edit; the rest have no right to perform any actions
- 664 (-rw-rw-r--)
- All users have read permission; owner and group can edit
- 666 (-rw-rw-rw-)
- All users can read and edit.
- 700 (-rwx ------)
- The owner can read, write and run; no one else has the right to do anything
- 744 (-rwxr - r--)
- Each user can read, the owner has the right to edit and run.
- 755 (-rwxr-xr-x)
- Each user has the right to read and run; owner can edit
- 777 (-rwxrwxrwx)
- Each user can read, edit and run.
- 1555 (-r-xr-xr-t)
- Each user has the right to read and run; Only the owner of this file can delete the file.
- 2555 (-r-xr-sr-x)
- Each user has the right to read and run with the rights of the group (user group) of the file owner.
- 0440 (-r - r -----)
- The owner and the group has the right to read no one else has the right to perform any actions.
- 4555 (-r-sr-xr-x)
- Each user has the right to read and run with the rights of the owner of the file
Using the command in symbolic form
In symbolic form, using the chmod command allows more flexibility to add, set, or remove permissions on file (s) or directories.
$ chmod [references] [operator] [modes] file ...
References define users who will change rights. References are defined by one or several letters:
| Reference | Class | Description |
|---|---|---|
| u | user | File owner |
| g | group | Users in the file's owner group |
| o | others | Other users |
| a | all | All users (or ugo) |
Operator defines the operation that chmod will perform:
| Operator | Description |
|---|---|
| + | add certain rights |
| - | remove certain rights |
| = | set certain rights |
Modes determines which rights will be set, added or deleted:
| Mode | Name | Description |
|---|---|---|
| r | read | read file or directory contents |
| w | write | write to file or directory |
| x | execute | executing file or reading directory contents |
| X | special execute | execution if the file is a directory or already has the right to execute for some user |
| s | setuid / gid | set attributes SUID or SGID allow you to run the file with the rights of the owner of the file or group, respectively |
| t | sticky | setting the t-bit to the directory, we change this rule so that only the owner of this file can delete the file |
Examples of using the command in symbolic form
Set permissions of the file "rwxr-xr-x" (0755):
chmod u=rwx,g=rx,o=rx filename
Set execute rights for the file owner, delete execute rights from the group, delete write and execute rights for other users:
chmod u+x,gx,o-wx filename
Set recursive read permissions for all users:
chmod -R a+r directory
Recursively remove the SUID and SGID attributes:
chmod -R us,gs directory
Features
The default values are:
- for files: 644 (-rw-r - r--)
- for catalogs: 755 (drwxr-xr-x)
The meanings are different for files and directories because the "execute" flag affects files and directories differently. For ordinary files, “execution” means opening files, for executable files — launching them, and for directories — viewing content.
For example, you can make from the command line:
The following command recursively applies rules for all files in the / home / test directory, as well as for all files in all subdirectories:
# find / home / test -type f -exec chmod 644 {} \;
The following command will recursively apply the rules for all directories in the “/ home / test” directory, as well as for all directories in all subdirectories:
# find / home / test -type d -exec chmod 755 {} \;
The same result can be achieved without using find (note the capital X):
# chmod -R go = rX, u = rwX / home / test
See also
- umask - mask for creating user files
- chown
- Programs UNIX-like operating systems
Notes
- ↑ Scott Granneman, Linux Pocket Guide, Williams Publishing House, 2007
Links
chmod(1)- man help page for GNU / Linux user commands (eng.) (eng.)- FreeBSD chmod Help
- chmod.ru - chmod in brief, 2008
- The basics of managing access to files.
- chmod - interactive chmod command assistant