1.\" $OpenBSD: chmod.1,v 1.41 2015/12/31 23:38:16 guenther Exp $ 2.\" $NetBSD: chmod.1,v 1.8 1995/03/21 09:02:07 cgd Exp $ 3.\" 4.\" Copyright (c) 1989, 1990, 1993, 1994 5.\" The Regents of the University of California. All rights reserved. 6.\" 7.\" This code is derived from software contributed to Berkeley by 8.\" the Institute of Electrical and Electronics Engineers, Inc. 9.\" 10.\" Redistribution and use in source and binary forms, with or without 11.\" modification, are permitted provided that the following conditions 12.\" are met: 13.\" 1. Redistributions of source code must retain the above copyright 14.\" notice, this list of conditions and the following disclaimer. 15.\" 2. Redistributions in binary form must reproduce the above copyright 16.\" notice, this list of conditions and the following disclaimer in the 17.\" documentation and/or other materials provided with the distribution. 18.\" 3. Neither the name of the University nor the names of its contributors 19.\" may be used to endorse or promote products derived from this software 20.\" without specific prior written permission. 21.\" 22.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32.\" SUCH DAMAGE. 33.\" 34.\" @(#)chmod.1 8.4 (Berkeley) 3/31/94 35.\" 36.Dd $Mdocdate: December 31 2015 $ 37.Dt CHMOD 1 38.Os 39.Sh NAME 40.Nm chmod 41.Nd change file modes 42.Sh SYNOPSIS 43.Nm chmod 44.Op Fl h 45.Oo 46.Fl R 47.Op Fl H | L | P 48.Oc 49.Ar mode 50.Ar 51.Sh DESCRIPTION 52The 53.Nm 54utility modifies the file mode bits of the listed files 55as specified by the 56.Ar mode 57operand. 58The mode of a file dictates its permissions, among other attributes. 59.Pp 60The options are as follows: 61.Bl -tag -width Ds 62.It Fl H 63If the 64.Fl R 65option is also specified, symbolic links on the command line are followed. 66Symbolic links encountered in the tree traversal are not followed. 67.It Fl h 68Treat symbolic links like other files: modify links instead of 69following them. 70The 71.Fl h 72and 73.Fl R 74options are mutually exclusive. 75.It Fl L 76If the 77.Fl R 78option is also specified, all symbolic links are followed. 79.It Fl P 80If the 81.Fl R 82option is also specified, no symbolic links are followed. 83.It Fl R 84Recurse. 85Where 86.Ar file 87is a directory, 88change the mode of the directory and all the files and directories 89in the file hierarchy below it. 90.El 91.Pp 92Symbolic links have modes, 93but those modes have no effect on the kernel's access checks. 94The 95.Fl H , 96.Fl L , 97and 98.Fl P 99options are ignored unless the 100.Fl R 101option is specified; 102if none of them are given, 103the default is to not follow symbolic links. 104In addition, these options override each other and the 105command's actions are determined by the last one specified. 106.Pp 107Only the file's owner or the superuser is permitted to change 108the mode of a file. 109.Ss Absolute modes 110Absolute modes are specified according to the following format: 111.Bd -filled -offset indent 112.Nm chmod 113.Ar nnnn 114.Ar 115.Ed 116.Pp 117An absolute mode is an octal number (specified as 118.Ar nnnn , 119where 120.Ar n 121is a number from 0 to 7) constructed by ORing 122any of the following values: 123.Pp 124.Bl -tag -width 6n -compact -offset indent 125.It Li 0400 126Allow read by owner. 127.It Li 0200 128Allow write by owner. 129.It Li 0100 130Allow execution (or search in directories) by owner. 131.It Li 0700 132Allow read, write, and execute/search by owner. 133.It Li 0040 134Allow read by group. 135.It Li 0020 136Allow write by group. 137.It Li 0010 138Allow execution (or search in directories) by group. 139.It Li 0070 140Allow read, write, and execute/search by group. 141.It Li 0004 142Allow read by others. 143.It Li 0002 144Allow write by others. 145.It Li 0001 146Allow execution (or search in directories) by others. 147.It Li 0007 148Allow read, write, and execute/search by others. 149.El 150.Pp 151In addition to the file permission modes, the following mode bits are 152available: 153.Pp 154.Bl -tag -width 6n -compact -offset indent 155.It Li 4000 156Set-user-ID on execution. 157.It Li 2000 158Set-group-ID on execution. 159.It Li 1000 160Enable sticky bit; see 161.Xr sticky 8 162and 163.Xr chmod 2 . 164.El 165.Pp 166The execute bit for a directory is often referred to as the 167.Dq search 168bit. 169In order to access a file, a user must have execute permission in each 170directory leading up to it in the filesystem hierarchy. 171For example, to access the file 172.Pa /bin/ls , 173execute permission is needed on 174.Pa / , 175.Pa /bin , 176and, of course, the 177.Pa ls 178binary itself. 179.Ss Symbolic modes 180Symbolic modes are specified according to the following format: 181.Bd -filled -offset indent 182.Nm chmod 183.Sm off 184.Op Ar who 185.Ar op 186.Oo Ar perm Oc , Ar ... 187.Sm on 188.Ar 189.Ed 190.Pp 191The 192.Ar who 193symbols indicate whose permissions are to be changed or assigned: 194.Pp 195.Bl -tag -width 4n -compact -offset indent 196.It u 197User (owner) permissions. 198.It g 199Group permissions. 200.It o 201Others permissions. 202.It a 203All of the above. 204.El 205.Pp 206Do not confuse the 207.Sq o 208symbol with 209.Dq owner . 210It is the user bit, 211.Sq u , 212that refers to the owner of the file. 213.Pp 214The 215.Ar op 216symbols represent the operation performed, as follows: 217.Bl -tag -width 4n -offset indent 218.It + 219If no value is supplied for 220.Ar perm , 221the 222.Sq + 223operation has no effect. 224If no value is supplied for 225.Ar who , 226each permission bit specified in 227.Ar perm , 228for which the corresponding bit in the file mode creation mask 229is clear, is set. 230Otherwise, the mode bits represented by the specified 231.Ar who 232and 233.Ar perm 234values are set. 235.It \&\- 236If no value is supplied for 237.Ar perm , 238the 239.Sq \- 240operation has no effect. 241If no value is supplied for 242.Ar who , 243each permission bit specified in 244.Ar perm , 245for which the corresponding bit in the file mode creation mask 246is clear, is cleared. 247Otherwise, the mode bits represented by the specified 248.Ar who 249and 250.Ar perm 251values are cleared. 252.It = 253The mode bits specified by the 254.Ar who 255value are cleared or, if no 256.Ar who 257value is specified, the user, group 258and other mode bits are cleared. 259Then, if no value is supplied for 260.Ar who , 261each permission bit specified in 262.Ar perm , 263for which the corresponding bit in the file mode creation mask 264is clear, is set. 265Otherwise, the mode bits represented by the specified 266.Ar who 267and 268.Ar perm 269values are set. 270.El 271.Pp 272The 273.Ar perm 274(permission symbols) represent the portions of the mode bits as follows: 275.Pp 276.Bl -tag -width Ds -compact -offset indent 277.It r 278Read bits. 279.It s 280Set-user-ID and set-group-ID on execution bits. 281.It t 282Sticky bit. 283.It w 284Write bits. 285.It x 286Execute/search bits. 287.It X 288The execute/search bits if the file is a directory or any of the 289execute/search bits are set in the original (unmodified) mode. 290Operations with the 291.Ar perm 292symbol 293.Sq X 294are only meaningful in conjunction with the 295.Ar op 296symbol 297.Sq + , 298and are ignored in all other cases. 299.It u 300User permission bits in the mode of the original file. 301.It g 302Group permission bits in the mode of the original file. 303.It o 304Other permission bits in the mode of the original file. 305.El 306.Pp 307Each clause (given in a comma-delimited list on the command line) specifies 308one or more operations to be performed on the mode bits, and each operation is 309applied in the order specified. 310.Pp 311Operations upon the 312.Dq other 313permissions (specified by the symbol 314.Sq o 315by itself), in combination with the 316.Ar perm 317symbols 318.Sq s 319or 320.Sq t , 321are ignored. 322.Sh EXIT STATUS 323.Ex -std chmod 324.Sh EXAMPLES 325Set file readable by anyone and writable by the owner only: 326.Pp 327.Dl $ chmod 644 file 328.Pp 329Deny write permission to group and others: 330.Pp 331.Dl $ chmod go-w file 332.Pp 333Set the read and write permissions to the usual defaults, but 334retain any execute permissions that are currently set: 335.Pp 336.Dl $ chmod =rw,+X file 337.Pp 338Make a directory or file searchable/executable by everyone if it is 339already searchable/executable by anyone: 340.Pp 341.Dl $ chmod +X file 342.Pp 343Any of these commands will make a file readable/executable by everyone and 344writable by the owner only: 345.Bd -literal -offset indent 346$ chmod 755 file 347$ chmod u=rwx,go=rx file 348$ chmod u=rwx,go=u-w file 349.Ed 350.Pp 351Clear all mode bits for group and others: 352.Pp 353.Dl $ chmod go= file 354.Pp 355Set the group bits equal to the user bits, but clear the group write bit: 356.Pp 357.Dl $ chmod g=u-w file 358.Sh SEE ALSO 359.Xr chflags 1 , 360.Xr chgrp 1 , 361.Xr find 1 , 362.Xr install 1 , 363.Xr chmod 2 , 364.Xr stat 2 , 365.Xr umask 2 , 366.Xr fts 3 , 367.Xr setmode 3 , 368.Xr symlink 7 , 369.Xr chown 8 , 370.Xr sticky 8 371.Sh STANDARDS 372The 373.Nm 374utility is compliant with the 375.St -p1003.1-2008 376specification. 377.Pp 378The flags 379.Op Fl HLP 380are extensions to that specification. 381.Pp 382The 383.Sq t 384perm symbol (sticky bit) is marked by 385.St -p1003.1-2008 386as being an 387X/Open System Interfaces 388option. 389.Sh HISTORY 390A 391.Nm 392command appeared in 393.At v1 . 394.Sh BUGS 395There's no 396.Ar perm 397option for the naughty bits. 398