File Ownership and Protection

chmod

chmod [-R] access-string[,access-string...] files

Change the file mode of the specified files as directed in the access-string. -R operates recursively on any directories in the file list.

Access-string can be a numeric file mode or one or more symbolic permission strings; symbolic permission strings have the general syntax:

[class]+|-|=[type]

where class is one or more access class code letters: u for user, g for group, o for other, a for all. a is the default (although on some systems, omitting the access class causes the specified permissions to be limited by the current umask).

The second item is an operator: + to add permissions, - to remove them, and = to set permissions to the specified value.

Type is one or more access type code letters: r (read), x (execute), w (write), or one of the special types listed in the following section.

Special access types

X

Set execute access only if it has already been set for some access class.

t (save text mode/sticky bit) [numeric 1000]

When used for other access on a directory, restricts user file deletions to his own files.

s (SetUID and SetGID) [numeric 4000 and 2000]

When used with user and group access, causes a program to execute in the user/group context of the files’s owner(s), rather than the user who ran it. Both require the corresponding execute access to be on.

SetGID access on a directory causes new file group ownership to follow the directory’s group owner rather than the primary ...

Get Essential System Administration Pocket Reference now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial