User:Kernigh/chmod

chmod changes permissions of files. One must be familiar with Unix file permissions to understand this command. There are three permissions: read ("r"), write ("w"), and execute ("x"). There are three sets of permissions: for the owning user of the file ("u"), for the group of the file ("g"), and for other users ("o").

For a file, "execute" means to run it as a program. For a directory, "execute" permission is required to use anything in that directory tree, so doing anything with "/usr/share/doc/README" requires execute permissions on all of "/", "/usr", "/usr/share", and "/usr/share/doc".

If you are interested in more advanced topics like the set-uid, set-gid, sticky bits and octal numbers, try reading the FreeBSD manual page at http://www.FreeBSD.org/cgi/man.cgi (type "chmod" in the form and submit).

Options
-R recursively change or set permissions on an entire directory tree

Examples
We wrote a shell script called "configure". We make it executable ("+x") and then execute it as a command. Usually, "+x" is the same as "u+x" or "ug+x", depending on the status of the file mode creation mask. > chmod +x configure > ./configure

Only allow the owning user to run "configure": > chmod u+x configure

Deny the group and other users from running "configure": > chmod go-x configure

For all users except the owner ("gw"), disable all access to "~/mail" and "~/private" ("-rwx"). This way, the contents are private and only their owner (or root) can access them. > chmod go-rwx ~/mail ~/private

Note that in the previous example, "-R" was not specified. By disabling the execute bit ("-x"), all files inside ~/{mail,private} are protected even if their group and other read bits are enabled. Thus, simply moving some file from inside ~/{mail,private} to some public place like "/tmp" can make the files available to other users again.

The "root" user wants to set up "/usr/local/src" so that all users in group "wsrc" (including "tux") can create files there. Root will continue to own the directory. This is done by changing the group of "/usr/local/src" to "wsrc" and then by granting to the group ("g") the read, write, and execute permissions ("+rwx"). > chown :wsrc /usr/local/src > chmod g+rwx /usr/local/src

All Unix-like systems should allow all users to create temporary files in "/tmp" and "/var/tmp". Thus root gives everyone ("a", short for "ugo") all permissions ("+rwx") on the files. > chmod a+rwx /tmp /var/tmp

The problem with the above is that because all users have write access to /tmp and /var/tmp, every user can delete and rename files, even ones not created by them. For example, "tux" could create "/tmp/socket.3908" and another user could delete it or rename it to "/tmp/garbage", thus annoying Tux. To keep temporary files safe, we use the sticky bit called "t". This limits the deletion and renaming of files in /tmp to root, the owner of /tmp (also root), and the owner of the file (Tux for "/tmp/socket.3908"). It does the same for /var/tmp. So what we should do is: > chmod a+rwxt /tmp /var/tmp

Category Guide to UNIX/Commands/File system utilities