Difference between revisions of "Chmod"

From HPC Wiki
Jump to: navigation, search
(Numerical Permissions)
Line 36: Line 36:
| third character || x: executable  
| third character || x: executable  
s or t: setuid/setgid or sticky (also executable)
S or T: setuid/setgid or sticky (not executable)
Line 147: Line 143:
A few example calls that are commonly used:
A few example calls that are commonly used:
{| class="wikitable" style="width: 30%;"
{| class="wikitable" style="width: 50%;"
| '''Command''' || '''Explanation'''
| '''Command''' || '''Explanation'''

Revision as of 11:08, 30 January 2019


Chmod is the system call used to change the access permissions for files and directories. It is also capable of changing additional permissions or special modes. The current status can be checked with "ls -l".

Command Syntax

The general syntax of the Chmod call is

$ chmod [options] mode[,mode] file1 [file2 ...]
-r Recursive, i.e. include objects in subdirectories
-f force processing to continue if errors occur
-v verbose, show objects changed (unchanged objects are not shown)

Octal modes

The main part of the chmod calls are the octal modes.



Each triad
first character r: readable
second character w: writable
third character x: executable

"Set user id" (setuid for short) allows users to execute the program with the same rights as its owner. Similarly, "set group id" (setgid) lets group members execute the program with the same permissions as the group owner. The so-called "sticky bit" is deprecated regarding executable files. It used to ensure that the program's text image was kept inside the swap space after the execution had ended. For shared directories, however, the sticky bit guarantees that only the owner of a file is allowed to delete and rename said file. The permissions to read, write or execute a file are not affected by the sticky bit.

The very first character (in front of the first triad) shows the type of the file and cannot be changed with chmod.

Common file types
d a directory
- a file (e.g. executable, document, picture, etc.)
l a link

Numerical Permissions

The file permissions can also be represented in decimal numbers in the chmod call. Up to 4 digits can be set where the leading digit is optional and used to specify the special setuid, setgid, and sticky flags. The remaining 3 digits represent the read, write and execute permissions.

Decimal Permission rwx Binary
7 read, write and execute rwx 111
6 read and write rw- 110
5 read and execute r-x 101
4 read only r-- 100
3 write and execute -wx 011
2 write only -w- 010
1 execute only --x 001
0 none --- 000

For example, the call

$ chmod 777 file1

enables reading, writing and executing for the owner, the group and all other users (use with care!).

Valid values for the optional first digit (sticky bit) are:

Decimal Permission
0 none
1 only the owner is allowed to delete and rename files in the directory
2 setgid: give permissions to delete and rename files to group
4 setuid: give permissions to delete and rename files to user

Symbolic Permissions

Another way to use chmod is the symbolic mode. The permissions are specified by a string using this structure: chmod [references][operator][modes]

Symbol Explanation
u user: owner of the file/directory
g group: members of a group a file/directory belongs to
o other: users that are not part of the group and not the owner
a all: all three classes above (affects all triads)
Operator Explanation
+ adds permissions on its right side to the classes on its left side
- removes specified permissions from the given classes
= sets the permissions exactly as specified

For the modes, see above.


Give execute permissions to users, groups and others:

chmod a+x file1

Remove read and write permissions from others and the group:

chmod go-rw file1

Set user and group permissions to "rw-":

chmod ug=rw file1

Commonly used calls

A few example calls that are commonly used:

Command Explanation
chmod 664 file1 sets read and write permissions for owner and group, and provides read to others.
chmod 744 file1 sets read, write and execute for the owner and read only for the group and all others.
chmod 777 file1 sets read, write and execute for everyone.
chmod 600 file1 sets read and write permissions only for the user (typical permissions for private SSH key).