1.\" $OpenBSD: chmod.1,v 1.34 2009/02/08 17:15:09 jmc Exp $ 2.\" $NetBSD: chmod.1,v 1.8 1995/03/21 09:02:07 cgd Exp $ 3.\" 4.\" Copyright (c) 1989, 1990, 1993, 1994 5.\" The Regents of the University of California. All rights reserved. 6.\" 7.\" This code is derived from software contributed to Berkeley by 8.\" the Institute of Electrical and Electronics Engineers, Inc. 9.\" 10.\" Redistribution and use in source and binary forms, with or without 11.\" modification, are permitted provided that the following conditions 12.\" are met: 13.\" 1. Redistributions of source code must retain the above copyright 14.\" notice, this list of conditions and the following disclaimer. 15.\" 2. Redistributions in binary form must reproduce the above copyright 16.\" notice, this list of conditions and the following disclaimer in the 17.\" documentation and/or other materials provided with the distribution. 18.\" 3. Neither the name of the University nor the names of its contributors 19.\" may be used to endorse or promote products derived from this software 20.\" without specific prior written permission. 21.\" 22.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32.\" SUCH DAMAGE. 33.\" 34.\" @(#)chmod.1 8.4 (Berkeley) 3/31/94 35.\" 36.Dd $Mdocdate: February 8 2009 $ 37.Dt CHMOD 1 38.Os 39.Sh NAME 40.Nm chmod 41.Nd change file modes 42.Sh SYNOPSIS 43.Nm chmod 44.Oo 45.Fl R 46.Op Fl H | L | P 47.Oc 48.Ar mode 49.Ar 50.Sh DESCRIPTION 51The 52.Nm 53utility modifies the file mode bits of the listed files 54as specified by the 55.Ar mode 56operand. 57The mode of a file dictates its permissions, among other attributes. 58.Pp 59The options are as follows: 60.Bl -tag -width Ds 61.It Fl H 62If the 63.Fl R 64option is also specified, symbolic links on the command line are followed. 65(Symbolic links encountered in the tree traversal are not followed.) 66.It Fl L 67If the 68.Fl R 69option is also specified, all symbolic links are followed. 70.It Fl P 71If the 72.Fl R 73option is also specified, no symbolic links are followed. 74.It Fl R 75Recursively descend through any specified directory arguments. 76Change the modes of the file hierarchies rooted in the files 77instead of just the files themselves. 78.El 79.Pp 80Symbolic links do not have modes, so unless the 81.Fl H 82or 83.Fl L 84option is set, 85.Nm 86on a symbolic link always succeeds and has no effect. 87The 88.Fl H , 89.Fl L , 90and 91.Fl P 92options are ignored unless the 93.Fl R 94option is specified. 95In addition, these options override each other and the 96command's actions are determined by the last one specified. 97.Pp 98Only the file's owner or the superuser is permitted to change 99the mode of a file. 100.Pp 101.Ex -std chmod 102.Ss Absolute modes 103Absolute modes are specified according to the following format: 104.Bd -filled -offset indent 105.Nm chmod 106.Ar nnnn 107.Ar file 108.Op Ar ... 109.Ed 110.Pp 111An absolute mode is an octal number (specified as 112.Ar nnnn , 113where 114.Ar n 115is a number from 0 to 7) constructed by ORing 116any of the following values: 117.Pp 118.Bl -tag -width 6n -compact -offset indent 119.It Li 0400 120Allow read by owner. 121.It Li 0200 122Allow write by owner. 123.It Li 0100 124Allow execution (or search in directories) by owner. 125.It Li 0700 126Allow read, write, and execute/search by owner. 127.It Li 0040 128Allow read by group. 129.It Li 0020 130Allow write by group. 131.It Li 0010 132Allow execution (or search in directories) by group. 133.It Li 0070 134Allow read, write, and execute/search by group. 135.It Li 0004 136Allow read by others. 137.It Li 0002 138Allow write by others. 139.It Li 0001 140Allow execution (or search in directories) by others. 141.It Li 0007 142Allow read, write, and execute/search by others. 143.El 144.Pp 145In addition to the file permission modes, the following mode bits are 146available: 147.Pp 148.Bl -tag -width 6n -compact -offset indent 149.It Li 4000 150Set-user-ID on execution. 151.It Li 2000 152Set-group-ID on execution. 153.It Li 1000 154Enable sticky bit; see 155.Xr sticky 8 156and 157.Xr chmod 2 . 158.El 159.Pp 160The execute bit for a directory is often referred to as the 161.Dq search 162bit. 163In order to access a file, a user must have execute permission in each 164directory leading up to it in the filesystem hierarchy. 165For example, to access the file 166.Pa /bin/ls , 167execute permission is needed on 168.Pa / , 169.Pa /bin , 170and, of course, the 171.Pa ls 172binary itself. 173.Ss Symbolic modes 174Symbolic modes are specified according to the following format: 175.Bd -filled -offset indent 176.Nm chmod 177.Sm off 178.Ao 179.Op Ar who 180.Ar op 181.Op Ar perm 182.Ac Ns Li , Oo 183.Op Ar who 184.Ar op 185.Op Ar perm 186.Oc Ns Li , Op Ar ... 187.Sm on 188.Ar file 189.Op Ar ... 190.Ed 191.Pp 192The 193.Ar who 194symbols indicate whose permissions are to be changed or assigned: 195.Pp 196.Bl -tag -width 4n -compact -offset indent 197.It u 198User (owner) permissions. 199.It g 200Group permissions. 201.It o 202Others permissions. 203.It a 204All of the above. 205.El 206.Pp 207Do not confuse the 208.Sq o 209symbol with 210.Dq owner . 211It is the user bit, 212.Sq u , 213that refers to the owner of the file. 214.Pp 215The 216.Ar op 217symbols represent the operation performed, as follows: 218.Bl -tag -width 4n -offset indent 219.It + 220If no value is supplied for 221.Ar perm , 222the 223.Sq + 224operation has no effect. 225If no value is supplied for 226.Ar who , 227each permission bit specified in 228.Ar perm , 229for which the corresponding bit in the file mode creation mask 230is clear, is set. 231Otherwise, the mode bits represented by the specified 232.Ar who 233and 234.Ar perm 235values are set. 236.It \&\- 237If no value is supplied for 238.Ar perm , 239the 240.Sq \- 241operation has no effect. 242If no value is supplied for 243.Ar who , 244each permission bit specified in 245.Ar perm , 246for which the corresponding bit in the file mode creation mask 247is clear, is cleared. 248Otherwise, the mode bits represented by the specified 249.Ar who 250and 251.Ar perm 252values are cleared. 253.It = 254The mode bits specified by the 255.Ar who 256value are cleared, or, if no 257.Ar who 258value is specified, the user, group 259and other mode bits are cleared. 260Then, if no value is supplied for 261.Ar who , 262each permission bit specified in 263.Ar perm , 264for which the corresponding bit in the file mode creation mask 265is clear, is set. 266Otherwise, the mode bits represented by the specified 267.Ar who 268and 269.Ar perm 270values are set. 271.El 272.Pp 273The 274.Ar perm 275(permission symbols) represent the portions of the mode bits as follows: 276.Pp 277.Bl -tag -width Ds -compact -offset indent 278.It r 279Read bits. 280.It s 281Set-user-ID and set-group-ID on execution bits. 282.It t 283Sticky bit. 284.It w 285Write bits. 286.It x 287Execute/search bits. 288.It X 289The execute/search bits if the file is a directory or any of the 290execute/search bits are set in the original (unmodified) mode. 291Operations with the 292.Ar perm 293symbol 294.Sq X 295are only meaningful in conjunction with the 296.Ar op 297symbol 298.Sq + , 299and are ignored in all other cases. 300.It u 301User permission bits in the mode of the original file. 302.It g 303Group permission bits in the mode of the original file. 304.It o 305Other permission bits in the mode of the original file. 306.El 307.Pp 308Each clause (given in a comma-delimited list on the command line) specifies 309one or more operations to be performed on the mode bits, and each operation is 310applied in the order specified. 311.Pp 312Operations upon the 313.Dq other 314permissions (specified by the symbol 315.Sq o 316by itself), in combination with the 317.Ar perm 318symbols 319.Sq s 320or 321.Sq t , 322are ignored. 323.Sh EXAMPLES 324Set file readable by anyone and writable by the owner only: 325.Pp 326.Dl $ chmod 644 file 327.Pp 328Deny write permission to group and others: 329.Pp 330.Dl $ chmod go-w file 331.Pp 332Set the read and write permissions to the usual defaults, but 333retain any execute permissions that are currently set: 334.Pp 335.Dl $ chmod =rw,+X file 336.Pp 337Make a directory or file searchable/executable by everyone if it is 338already searchable/executable by anyone: 339.Pp 340.Dl $ chmod +X file 341.Pp 342Any of these commands will make a file readable/executable by everyone and 343writable by the owner only: 344.Bd -literal -offset indent 345$ chmod 755 file 346$ chmod u=rwx,go=rx file 347$ chmod u=rwx,go=u-w file 348.Ed 349.Pp 350Clear all mode bits for group and others: 351.Pp 352.Dl $ chmod go= file 353.Pp 354Set the group bits equal to the user bits, but clear the group write bit: 355.Pp 356.Dl $ chmod g=u-w file 357.Sh SEE ALSO 358.Xr chflags 1 , 359.Xr chgrp 1 , 360.Xr find 1 , 361.Xr install 1 , 362.Xr chmod 2 , 363.Xr stat 2 , 364.Xr umask 2 , 365.Xr fts 3 , 366.Xr setmode 3 , 367.Xr symlink 7 , 368.Xr chown 8 , 369.Xr sticky 8 370.Sh STANDARDS 371The 372.Nm 373utility is compliant with the 374.St -p1003.1-2008 375specification. 376.Pp 377The flags 378.Op Fl HLP 379are extensions to that specification. 380.Sh HISTORY 381A 382.Nm 383command appeared in 384.At v1 . 385.Sh BUGS 386There's no 387.Ar perm 388option for the naughty bits. 389