Section (1) chmod
Name
chmod — change file mode bits
Synopsis
chmod
[OPTION
...] MODE[,MODE]
... FILE
...
chmod
[OPTION
...] OCTAL−MODE
FILE
...
chmod
[OPTION
...] −−reference
=RFILE
FILE
...
DESCRIPTION
This manual page documents the GNU version of chmod. chmod changes the file mode
bits of each given file according to mode
, which can be either a
symbolic representation of changes to make, or an octal
number representing the bit pattern for the new mode
bits.
The format of a symbolic mode is [ugoa
...][[−+=
][perms
...]...], where perms
is either zero or more
letters from the set rwxXst
, or a single letter from
the set ugo
. Multiple
symbolic modes can be given, separated by commas.
A combination of the letters ugoa
controls which users_zsingle_quotesz_
access to the file will be changed: the user who owns it
(u
), other users in
the file_zsingle_quotesz_s group (g
),
other users not in the file_zsingle_quotesz_s group (o
), or all users (a
). If none of these are given,
the effect is as if (a
) were given, but bits that
are set in the umask are not affected.
The operator +
causes the
selected file mode bits to be added to the existing file mode
bits of each file; -
causes them to be removed; and =
causes them to be added and causes unmentioned bits to be
removed except that a directory_zsingle_quotesz_s unmentioned set user and
group ID bits are not affected.
The letters rwxXst
select file mode bits for the affected users: read
(r
), write (w
), execute (or search for directories)
(x
), execute/search only if the
file is a directory or already has execute permission for
some user (X
), set user or
group ID on execution (s
),
restricted deletion flag or sticky bit (t
). Instead of one or more of these letters,
you can specify exactly one of the letters ugo
: the permissions granted to
the user who owns the file (u
), the permissions granted to
other users who are members of the file_zsingle_quotesz_s group (g
), and the permissions granted
to users that are in neither of the two preceding categories
(o
).
A numeric mode is from one to four octal digits (0−7), derived by adding up the bits with values 4, 2, and 1. Omitted digits are assumed to be leading zeros. The first digit selects the set user ID (4) and set group ID (2) and restricted deletion or sticky (1) attributes. The second digit selects permissions for the user who owns the file: read (4), write (2), and execute (1); the third selects permissions for other users in the file_zsingle_quotesz_s group, with the same values; and the fourth for other users not in the file_zsingle_quotesz_s group, with the same values.
chmod never changes the permissions of symbolic links; the chmod system call cannot change their permissions. This is not a problem since the permissions of symbolic links are never used. However, for each symbolic link listed on the command line, chmod changes the permissions of the pointed-to file. In contrast, chmod ignores symbolic links encountered during recursive directory traversals.
SETUID AND SETGID BITS
chmod clears
the set-group-ID bit of a regular file if the file_zsingle_quotesz_s group ID
does not match the user_zsingle_quotesz_s effective group ID or one of the
user_zsingle_quotesz_s supplementary group IDs, unless the user has
appropriate privileges. Additional restrictions may cause the
set-user-ID and set-group-ID bits of MODE
or RFILE
to be ignored. This behavior depends on the policy and
functionality of the underlying chmod system call. When in
doubt, check the underlying system behavior.
For directories chmod preserves set-user-ID
and set-group-ID bits unless you explicitly specify
otherwise. You can set or clear the bits with symbolic modes
like u+s
and
g−s
. To clear
these bits for directories with a numeric mode requires an
additional leading zero, or leading = like 00755
, or =755
RESTRICTED DELETION FLAG OR STICKY BIT
The restricted deletion flag or sticky bit is a single
bit, whose interpretation depends on the file type. For
directories, it prevents unprivileged users from removing or
renaming a file in the directory unless they own the file or
the directory; this is called the restricted deletion flag for the
directory, and is commonly found on world-writable
directories like /tmp
. For
regular files on some older systems, the bit saves the
program_zsingle_quotesz_s text image on the swap device so it will load more
quickly when run; this is called the sticky bit.
OPTIONS
Change the mode of each FILE to MODE. With −−reference
, change the mode of
each FILE to that of RFILE.
−c
,−−changes
-
like verbose but report only when a change is made
−f
,−−silent
,−−quiet
-
suppress most error messages
−v
,−−verbose
-
output a diagnostic for every file processed
−−no−preserve−root
-
do not treat _zsingle_quotesz_/_zsingle_quotesz_ specially (the default)
−−preserve−root
-
fail to operate recursively on _zsingle_quotesz_/_zsingle_quotesz_
−−reference
=RFILE/-
use RFILE_zsingle_quotesz_s mode instead of MODE values
−R
,−−recursive
-
change files and directories recursively
−−help
-
display this help and exit
−−version
-
output version information and exit
Each MODE is of the form _zsingle_quotesz_[ugoa]*([−+=]([rwxXst]*|[ugo]))+|[−+=][0−7]+_zsingle_quotesz_.
REPORTING BUGS
GNU coreutils online help: <https://www.gnu.org/software/coreutils/>
Report any translation bugs to <https://translationproject.org/team/>
SEE ALSO
Full documentation <https://www.gnu.org/software/coreutils/chmod>
or available locally via: info _zsingle_quotesz_(coreutils) chmod invocation_zsingle_quotesz_
COPYRIGHT |
---|
Copyright © 2019 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. |
Section (2) chmod
Name
chmod, fchmod, fchmodat — change permissions of a file
Synopsis
#include <sys/stat.h>
int
chmod( |
const char *pathname, |
mode_t mode) ; |
int
fchmod( |
int fd, |
mode_t mode) ; |
#include <fcntl.h> /* Definition of AT_* constants */ #include <sys/stat.h>
int
fchmodat( |
int dirfd, |
const char *pathname, | |
mode_t mode, | |
int flags) ; |
![]() |
Note | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
DESCRIPTION
The chmod
() and fchmod
() system calls change a files mode
bits. (The file mode consists of the file permission bits
plus the set-user-ID, set-group-ID, and sticky bits.) These
system calls differ only in how the file is specified:
-
chmod
() changes the mode of the file specified whose pathname is given inpathname
, which is dereferenced if it is a symbolic link. -
fchmod
() changes the mode of the file referred to by the open file descriptorfd
.
The new file mode is specified in mode
, which is a bit mask
created by ORing together zero or more of the following:
S_ISUID
(04000)-
set-user-ID (set process effective user ID on execve(2))
S_ISGID
(02000)-
set-group-ID (set process effective group ID on execve(2); mandatory locking, as described in fcntl(2); take a new file_zsingle_quotesz_s group from parent directory, as described in chown(2) and mkdir(2))
S_ISVTX
(01000)-
sticky bit (restricted deletion flag, as described in unlink(2))
S_IRUSR
(00400)-
read by owner
S_IWUSR
(00200)-
write by owner
S_IXUSR
(00100)-
execute/search by owner (search applies for directories, and means that entries within the directory can be accessed)
S_IRGRP
(00040)-
read by group
S_IWGRP
(00020)-
write by group
S_IXGRP
(00010)-
execute/search by group
S_IROTH
(00004)-
read by others
S_IWOTH
(00002)-
write by others
S_IXOTH
(00001)-
execute/search by others
The effective UID of the calling process must match the
owner of the file, or the process must be privileged (Linux:
it must have the CAP_FOWNER
capability).
If the calling process is not privileged (Linux: does not
have the CAP_FSETID
capability), and the group of the file does not match the
effective group ID of the process or one of its supplementary
group IDs, the S_ISGID
bit will
be turned off, but this will not cause an error to be
returned.
As a security measure, depending on the filesystem, the
set-user-ID and set-group-ID execution bits may be turned off
if a file is written. (On Linux, this occurs if the writing
process does not have the CAP_FSETID
capability.) On some
filesystems, only the superuser can set the sticky bit, which
may have a special meaning. For the sticky bit, and for
set-user-ID and set-group-ID bits on directories, see
inode(7).
On NFS filesystems, restricting the permissions will immediately influence already open files, because the access control is done on the server, but open files are maintained by the client. Widening the permissions may be delayed for other clients if attribute caching is enabled on them.
fchmodat()
The fchmodat
() system call
operates in exactly the same way as chmod
(), except for the differences
described here.
If the pathname given in pathname
is relative, then it
is interpreted relative to the directory referred to by the
file descriptor dirfd
(rather than relative
to the current working directory of the calling process, as
is done by chmod
() for a
relative pathname).
If pathname
is
relative and dirfd
is the special value AT_FDCWD
, then pathname
is interpreted
relative to the current working directory of the calling
process (like chmod
()).
If pathname
is
absolute, then dirfd
is ignored.
flags
can either
be 0, or include the following flag:
AT_SYMLINK_NOFOLLOW
-
If
pathname
is a symbolic link, do not dereference it: instead operate on the link itself. This flag is not currently implemented.
See openat(2) for an
explanation of the need for fchmodat
().
RETURN VALUE
On success, zero is returned. On error, −1 is
returned, and errno
is set
appropriately.
ERRORS
Depending on the filesystem, errors other than those listed below can be returned.
The more general errors for chmod
() are listed below:
- EACCES
-
Search permission is denied on a component of the path prefix. (See also path_resolution(7).)
- EFAULT
-
pathname
points outside your accessible address space. - EIO
-
An I/O error occurred.
- ELOOP
-
Too many symbolic links were encountered in resolving
pathname
. - ENAMETOOLONG
-
pathname
is too long. - ENOENT
-
The file does not exist.
- ENOMEM
-
Insufficient kernel memory was available.
- ENOTDIR
-
A component of the path prefix is not a directory.
- EPERM
-
The effective UID does not match the owner of the file, and the process is not privileged (Linux: it does not have the
CAP_FOWNER
capability). - EPERM
-
The file is marked immutable or append-only. (See ioctl_iflags(2).)
- EROFS
-
The named file resides on a read-only filesystem.
The general errors for fchmod
() are listed below:
- EBADF
-
The file descriptor
fd
is not valid. - EIO
-
See above.
- EPERM
-
See above.
- EROFS
-
See above.
The same errors that occur for chmod
() can also occur for fchmodat
(). The following additional errors
can occur for fchmodat
():
- EBADF
-
dirfd
is not a valid file descriptor. - EINVAL
-
Invalid flag specified in
flags
. - ENOTDIR
-
pathname
is relative anddirfd
is a file descriptor referring to a file other than a directory. - ENOTSUP
-
flags
specifiedAT_SYMLINK_NOFOLLOW
, which is not supported.
VERSIONS
fchmodat
() was added to
Linux in kernel 2.6.16; library support was added to glibc in
version 2.4.
CONFORMING TO
chmod
(), fchmod
(): 4.4BSD, SVr4, POSIX.1-2001i,
POSIX.1-2008.
fchmodat
():
POSIX.1-2008.
NOTES
COLOPHON
This page is part of release 4.16 of the Linux man-pages
project. A
description of the project, information about reporting bugs,
and the latest version of this page, can be found at
https://www.kernel.org/doc/man−pages/.
Copyright (c) 1992 Drew Eckhardt (drewcs.colorado.edu), March 28, 1992 and Copyright (C) 2006, 2014 Michael Kerrisk %%%LICENSE_START(VERBATIM) Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are preserved on all copies. Permission is granted to copy and distribute modified versions of this manual under the conditions for verbatim copying, provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. Since the Linux kernel and libraries are constantly changing, this manual page may be incorrect or out-of-date. The author(s) assume no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein. The author(s) may not have taken the same level of care in the production of this manual, which is licensed free of charge, as they might when working professionally. Formatted or processed versions of this manual, if unaccompanied by the source, must acknowledge the copyright and authors of this work. %%%LICENSE_END Modified by Michael Haardt <michaelmoria.de> Modified 1993-07-21 by Rik Faith <faithcs.unc.edu> Modified 1997-01-12 by Michael Haardt <michaelcantor.informatik.rwth-aachen.de>: NFS details Modified 2004-06-23 by Michael Kerrisk <mtk.manpagesgmail.com> |