Purpose
Syntax
To Change File Modes Symbolically
chmod [ -R ] [ -h ] [ -f ] [ [ u ] [ g ] [ o ] | [ a ] ] { { - | + | = } [ r ] [ w ] [ x ] [ X ] [ s ] [ t ] } { File ... | Directory ... }To Change File Modes Numerically
chmod [ -R ] [ -h ] [ -f ] PermissionCode { File ... | Directory ... }Description
The chmod command modifies the
mode bits and the extended access control lists (ACLs) of the specified files
or directories. The mode can be defined symbolically or numerically (absolute
mode).
When a symbolic link is encountered and you have not
specified the -h flag, the chmod command
changes the mode of the file or directory pointed to by the link and not the
mode of the link itself. If you specify the -h flag,
the chmod command prevents this mode change.
If you specify both the -h flag
and the -R flag, the chmod command
descends the specified directories recursively, and when a symbolic link is
encountered, the mode of the file or directory pointed to by the link is not
changed.
Flags
Symbolic Mode
To specify a mode in symbolic form, you must specify
three sets of flags.
Note: Do not separate flags with spaces.
The first set of flags specifies who is granted or
denied the specified permissions, as follows:
The second set of flags specifies whether the permissions
are to be removed, applied, or set:
The third set of flags specifies the permissions that
are to be removed, applied, or set:
Numeric or Absolute Mode
The chmod command also permits
you to use octal notation for the mode. The numeric mode is the sum of one
or more of the following values:
Notes:
- Specifying the mode numerically disables any extended ACLs. Refer to "Access control Lists" in Operating system and device management for more information.
- Changing group access permissions symbolically also affects the AIXC ACL entries. The group entries in the ACL that are equal to the owning group of the file are denied any permission that is removed from the mode. Refer to "Access control Lists" in Operating system and device management for more information.
- You can specify multiple symbolic modes separated with commas. Operations are performed in the order they appear from left to right.
- You must specify the mode symbolically or use an explicit 4-character octal with a leading zero (for example, 0755) when removing the set-group-ID-on-execution permission from directories.
- For a non-AIXC ACL associated file system object, any request (either symbolically or numerically) that results in a operation to change the base permissions bits (rwxrwxrwx) in mode bits results in replacement of the existing ACL with just the mode bits.
Security
Access Control: This program should be installed as
a normal user program in the Trusted Computing Base.
Only the owner of the file or the root user can change
the mode of a file.
Exit Status
This command returns the following exit values:
| 0 | The command executed successfully and all requested changes were made. |
| >0 | An error occurred. |
Examples
- To add a type of permission to several files:
chmod g+w chap1 chap2
This adds write permission for group members to the files chap1 and chap2. - To make several permission changes at once:
chmod go-w+x mydir
This denies group members and others the permission to create or delete files in mydir (go-w) and allows group members and others to search mydir or use it in a path name (go+x). This is equivalent to the command sequence:chmod g-w mydir chmod o-w mydir chmod g+x mydir chmod o+x mydir
- To permit only the owner to use a shell procedure
as a command:
chmod u=rwx,go= cmd
This gives read, write, and execute permission to the user who owns the file (u=rwx). It also denies the group and others the permission to access cmd in any way (go=).If you have permission to execute the cmd shell command file, then you can run it by entering:cmd
Note: Depending on the PATH shell variable, you may need to specify the full path to the cmd file.
- To use Set-ID Modes:
chmod ug+s cmd
When the cmd command is executed, the effective user and group IDs are set to those that own the cmd file. Only the effective IDs associated with the child process that runs the cmd command are changed. The effective IDs of the shell session remain unchanged.This feature allows you to permit access to restricted files. Suppose that the cmd program has the Set-User-ID Mode enabled and is owned by a user called dbms. The user dbms is not actually a person, but might be associated with a database management system. The user betty does not have permission to access any of dbms's data files. However, she does have permission to execute the cmd command. When she does so, her effective user ID is temporarily changed to dbms, so that the cmd program can access the data files owned by the user dbms.This way the user betty can use the cmd command to access the data files, but she cannot accidentally damage them with the standard shell commands. - To use the absolute mode form of the chmod command:
chmod 644 text
This sets read and write permission for the owner, and it sets read-only mode for the group and others. This also removes all extended ACLs that might be associated with the file. - To recursively descend directories and change
file and directory permissions given the tree structure:
./dir1/dir2/file1./dir1/dir2/file2
./dir1/file1
enter this command sequence:chmod -R 777 f*
which will change permissions on ./dir1/file1.But given the tree structure of:./dir1/fdir2/file1./dir1/fdir2/file2
./dir1/file3
the command sequence:chmod -R 777 f*
will change permissions on:./dir1/fdir2./dir1/fdir2/file1
./dir1/fdir2/file2
./dir1/file3
No comments:
Post a Comment