home | O'Reilly's CD bookshelfs | FreeBSD | Linux | Cisco | Cisco Exam  

UNIX Power Tools

UNIX Power ToolsSearch this book
Previous: 22.6 Protecting Files with the Sticky Bit Chapter 22
File Security, Ownership, and Sharing 		Next: 22.8 The Handy chmod = Operator
 

22.7 Using chmod to Change File Permission

To change a file's permissions, you need to use the chmod command and you must be the file's owner or root. The command's syntax is pretty simple:

% 

chmod 

new-mode file(s)

The new-mode describes the access permissions you want after the change. There are two ways to specify the mode: you can use either a numeric mode or some symbols that describe the changes. I generally prefer the numeric mode (because I'm strange, I suppose). Anyway, to use a numeric mode, decide what permissions you want to have, express them as an octal number ( 1.23 , 22.2 ) , and give a command like:

% 

chmod 644 report.txt

This gives read and write access to the owner of report.txt and read-only access to everyone else.

Most users prefer to use the symbolic mode to specify permissions. A symbolic chmod command looks like this:

% 

chmod g-w report.txt

This means "take away write access for group members." The symbols used in mode specifications are shown in Table 22.1 .

Table 22.1: chmod Symbolic Modes
Category Mode Description
Who: u User (owner) of the file.
g Group members.
o Others.
a All (i.e., user, group, and others).
What to do: - Take away this permission.
+ Add the indicated permission.
= Set exactly this permission ( 22.8 ) .
Permissions: r Read access.
w Write access.
x Execute access.
X Give (or deny) execute permission to directories, or to files that have another "execute" bit set.
s Set user or group ID (only valid with + or - ).
t Set the "sticky bit" ( 22.6 , 1.23 ) .

(Article 22.2 explains the "Who" and "Permissions" categories.) Here are a few example symbolic modes:

o=r

Set others access to read-only, regardless of what other bits are set.

o+r

Add read access for others.

go-w

Take away write access for group members and others.

a=rw

Give everyone (user, group, and others) read-write (but not execute) access.

Remember that + and - add or delete certain permissions, but leave the others untouched. The commands below show how permissions are added and subtracted:

% 

ls -l foo


-rwx---x  1 mikel           0 Mar 30 11:02 foo
% 

chmod a+x foo


% 

ls -l foo


-rwx-x-x  1 mikel           0 Mar 30 11:02 foo
% 

chmod o-x,g+r foo


% 

ls -l foo


-rwxr-x--  1 mikel           0 Mar 30 11:02 foo
%

Note the last chmod command. It shows something we haven't mentioned before. With symbolic mode, you're allowed to combine two (or more) specifications, separated by commas. This command says "take away execute permission for others, and add read access for group members."

chmod
The GNU version of chmod is on the CD-ROM.

On occasion, I've wanted to change the permissions of a whole directory tree: all the files in a directory and all of its subdirectories. In this case, you want to use chmod -R (the R stands for recursive) or find -exec ( 17.10 ) . You won't need this often, but when you do, it's a real lifesaver.

- ML

Previous: 22.6 Protecting Files with the Sticky Bit UNIX Power Tools Next: 22.8 The Handy chmod = Operator
22.6 Protecting Files with the Sticky Bit Book Index 22.8 The Handy chmod = Operator
The UNIX CD Bookshelf Navigation The UNIX CD BookshelfUNIX Power ToolsUNIX in a NutshellLearning the vi Editorsed & awkLearning the Korn ShellLearning the UNIX Operating System