is a

shell Shell may refer to: Architecture and design * Shell (structure), a thin structure ** Concrete shell, a thin shell of concrete, usually with no interior columns or exterior buttresses Science Biology * Seashell, a hard outer layer of a marine ani ...

command for changing access permissions and special mode flags of files (including special files such as directories). The name is short for ''change mode'' where ''mode'' refers to the permissions and flags collectively. The command originated in AT&T Unix version 1 and was exclusive to

Unix Unix (, ; trademarked as UNIX) is a family of multitasking, multi-user computer operating systems that derive from the original AT&T Unix, whose development started in 1969 at the Bell Labs research center by Ken Thompson, Dennis Ritchie, a ...

and

Unix-like A Unix-like (sometimes referred to as UN*X, *nix or *NIX) operating system is one that behaves in a manner similar to a Unix system, although not necessarily conforming to or being certified to any version of the Single UNIX Specification. A Uni ...

operating system An operating system (OS) is system software that manages computer hardware and software resources, and provides common daemon (computing), services for computer programs. Time-sharing operating systems scheduler (computing), schedule tasks for ...

s until it was ported to other operating systems such as

Windows Windows is a Product lining, product line of Proprietary software, proprietary graphical user interface, graphical operating systems developed and marketed by Microsoft. It is grouped into families and subfamilies that cater to particular sec ...

(in UnxUtils) and IBM i. In

and

operating systems, a

system call In computing, a system call (syscall) is the programmatic way in which a computer program requests a service from the operating system on which it is executed. This may include hardware-related services (for example, accessing a hard disk drive ...

with the same name as the command, , provides access to the underlying access control data. The command exposes the capabilities of the system call to a shell user. As the need for enhanced

file-system permissions Typically, a file system maintains permission settings for each stored item commonly computer file, files and directory (computer), directories that either grant or deny the ability to manipulate file system items. Often the settings allow cont ...

grew, access-control lists were added to many file systems to augment the modes controlled via . The implementation of bundled in GNU coreutils was written by David MacKenzie and Jim Meyering.

Use

Although the syntax of the command varies somewhat by implementation, it generally accepts either a single octal value (which specifies ''all'' the mode bits on each file), or a comma-delimited list of symbolic specifiers (which describes how to change the existing mode bits of each file). The remaining arguments are a list of paths to files to be modified. Changing permissions is only allowed for the superuser (root) and the owner of a file. If a

symbolic link In computing, a symbolic link (also symlink or soft link) is a file whose purpose is to point to a file or directory (called the "target") by specifying a path thereto. Symbolic links are supported by POSIX and by most Unix-like operating syste ...

is specified, the target of the link has its mode bits adjusted. Permissions directly associated with a symbolic link file system entry are typically not used.

Options

Optional, command-line options may include: * recursive; include contained files and subdirectories of specified directories * verbose; log changed file names

Octal notation

Given a numeric permissions argument, the command treats it as an

octal Octal (base 8) is a numeral system with eight as the base. In the decimal system, each place is a power of ten. For example: : \mathbf_ = \mathbf \times 10^1 + \mathbf \times 10^0 In the octal system, each place is a power of eight. For ex ...

number, and replaces ''all'' the mode bits for each file. (Although 4 digits are specified, leading digits can be elided.) Why octal rather than decimal? There are twelve standard mode bits, comprising 3 special bits (, , and ), and 3 permission groups (controlling access by ''user'', ''group'', and ''other'') of 3 bits each (''read'', ''write'', and ''exec/scan''); each permission bit grants access if set (1) or denies access if clear (0). As an octal digit represents a 3-bit value, the twelve mode bits can be represented as four octal digits. accepts up to four digits and uses 0 for left digits not specified (as is normal for numeric representation). In practice, 3 digits are commonly specified since the special modes are rarely used and the user class is usually specified. In the context of an octal digit, each operation bit represents a numeric value: read: 4, write: 2 and execute: 1. The following table relates octal digit values to a class operations value. The command can report a file's permissions as octal. For example: $ stat -c %a findPhoneNumbers.sh 754 The reported value, indicates the following permissions: * user class: read, write, and execute; 7 => (4 + 2 + 1) * group class: read and execute; 5 => (4 + 1) * others class: read only; (4) A code permits execution if and only if it is odd (i.e. 1, 3, 5, or 7). A code permits read if and only if it is greater than or equal to 4 (i.e. 4, 5, 6, or 7). A code permits write if and only if it is 2, 3, 6, or 7.

Symbolic notation

The command accepts symbolic notation that specifies how to modify the existing permissions. The command accepts a comma-separate list of specifiers like: 'classes'', -, =''operations'' Classes map permissions to users. A change specifier can select one class by including its symbol, multiple by including each class's symbol with no delimiter or if not specified, then all classes are selected and further the bits of umask mask will be unchanged. Class specifiers include: As ownership is key to access control, and since the symbolic specification uses the abbreviation ''o'', some incorrectly think that it means ''owner'', when, in fact, it is short for ''others''. The change operators include: Operations can be specified as follows: Most implementations support the specification of the special modes in octal, but some do not which requires using the symbolic notation. The command can report file permissions in a symbolic notation that is similar to the notation used with . reports permissions in a notation that consists of 10 letters. The first indicates the type of the file system entry, such as dash for regular file and 'd' for directory. Following that are three sets of three letters that indicate read, write and execute permissions grouped by user, group and others classes. Each position is either dash to indicate lack of permission or the single-letter abbreviation for the permission to indicate that it's granted. For example: $ ls -l findPhoneNumbers.sh -rwxr-xr-- 1 dgerman staff 823 Dec 16 15:03 findPhoneNumbers.sh The permission specifier starts with a dash which indicates that is a regular file; not a directory. The next three letters indicate that the file can be read, written, and executed by the owning user . The next three letters indicate that the file can be read and executed by members of the group. And the last three letters indicate that the file is read-only for other users.

Examples

Add write permission to the group class of a directory, allowing users in the same group to add files: $ ls -ld dir # before drwxr-xr-x 2 jsmitt northregion 96 Apr 8 12:53 shared_dir $ chmod g+w dir $ ls -ld dir # after drwxrwxr-x 2 jsmitt northregion 96 Apr 8 12:53 shared_dir Remove write permission for all classes, preventing anyone from writing to the file: $ ls -l ourBestReferenceFile -rw-rw-r-- 2 tmiller northregion 96 Apr 8 12:53 ourBestReferenceFile $ chmod a-w ourBestReferenceFile $ ls -l ourBestReferenceFile -r--r--r-- 2 tmiller northregion 96 Apr 8 12:53 ourBestReferenceFile Set the permissions for the user and group classes to read and execute only; no write permission; preventing anyone from adding files: $ ls -ld referenceLib drwxr----- 2 ebowman northregion 96 Apr 8 12:53 referenceLib $ chmod ug=rx referenceLib $ ls -ld referenceLib dr-xr-x--- 2 ebowman northregion 96 Apr 8 12:53 referenceLib Enable write for the user class while making it read-only for group and others: $ chmod u=rw,go=r sample $ ls -ld sample drw-r--r-- 2 oschultz warehousing 96 Dec 8 12:53 sample To recursively set access for the directory docs/ and its contained files: chmod -R u+w docs/ To set user and group for read and write only and set others for read only: chmod 664 file To set user for read, write, and execute only and group and others for read only: chmod 744 file To set the sticky bit in addition to user, group and others permissions: chmod 1755 file To set UID in addition to user, group and others permissions: chmod 4755 file To set GID in addition to user, group and others permissions: chmod 2755 file

References

External links

* * *
chmod
— manual page from GNU coreutils.
GNU "Setting Permissions" manual

CHMOD-Win 3.0
— Freeware Windows' ACL ↔ CHMOD converter.

{{Use dmy dates, date=January 2018 File system permissions Operating system security Standard Unix programs Unix file system-related software Unix SUS2008 utilities Plan 9 commands Inferno (operating system) commands IBM i Qshell commands