Format
chmod [–fhR] mode pathname
Description
chmod changes
the access permissions, or modes, of the specified file or
directory. (Modes determine who can read, write, or search a directory
or file.) Users with read access to SUPERUSER.FILESYS.CHANGEPERMS
(a UNIXPRIV class profile), can use the chmod command
to change the permission bits of any file.
Rule: chmod can
be used only by the file owner or a superuser.
Options
- –f
- Does not issue error messages concerning file access permissions,
even if chmod encounters such errors.
- –h
- Suppresses a mode change for the file or directory pointed to
by the encountered symbolic link (or external link). Symbolic link
(or external link) permissions cannot be changed on a z/OS system.
- –R
- Recursively change file mode bits. For each path name operand
that names a directory, chmod will change
the file mode bits of the directory and all files in the file hierarchy
below it.
chmod never changes the
permissions of symbolic links (or external links), because, on a z/OS system,
the permissions on symbolic links (and external links) are never used.
When -h is not specified, and symbolic
links (or external links) are specified or encountered during the
file hierarchy traversal, the links are followed, and the resolved
directory (and files and subdirectories) are changed.
You can
specify the mode value on the command line
in either symbolic form or as an octal value.
The symbolic
form of the
mode argument has the form:
[who] op permission[op permission …]
The
who value
is any combination of the following:
- u
- Sets owner (user or individual) permissions.
- g
- Sets group permissions.
- o
- Sets other permissions.
- a
- Sets all permissions; this is the default. If a who value
is not specified, the default is a, modified
by umask.
The
op part of a
symbolic mode is an operator that tells
chmod to
turn the permissions on or off. The possible values are:
- +
- Turns on a permission.
- -
- Turns off a permission.
- =
- Turns on the specified permissions and turns off all others.
The
permission part of a symbolic mode
is any combination of the following:
- r
- Read permission. If this is off, you cannot read the file.
- x
- Execute permission. If this is off, you cannot run the file.
- X
- Execute or search permission for a directory; or execute permission
for a file only when the current mode has at least one of the execute
bits set.
- w
- Write permission. If this is off, you cannot write to the file.
- s
- If in owner permissions section, the set-user-ID bit is
on; if in group permissions section, the set-group-ID bit is
on.
A superuser or the file owner can use a
chmod command
or chmod() function to change two options for an executable file.
The options are set in two file mode bits:
- Set-user-ID (S_ISUID) with the setuid option
- Set-group-ID (S_ISGID) with the setgid option
If one or both of these bits are on, the effective UID,
effective GID, or both, plus the saved UID, saved GID, or both, for
the process running the program are changed to the owning UID, GID,
or both, for the file. This change temporarily gives the process running
the program access to data the file owner or group can access.
In
a new file, both bits are set off. Also, if the owning UID or GID
of a file is changed or if the file is written in, the bits are turned
off. In shell scripts, these bits are ignored.
If the RACF® profile named FILE.GROUPOWNER.SETGID
exists in the UNIXPRIV class, then the
set-group-ID bit for
a directory determines how the group owner is initialized for new
objects created within the directory:
- If the set-gid bit is on, then the owning GID is set to that of
the directory.
- If the set-gid bit is off, then the owning GID is set to the effective
GID of the process.
- t
- This represents the sticky bit. For a file, the sticky bit causes
a search for the program in the user's STEPLIB, the link pack area,
or link list concatenation. For a directory, the sticky bit allows
files in a directory or subdirectories to be deleted or renamed only
by the owner of the file, by the owner of the directory, or by a superuser.
You can specify multiple symbolic names if
you separate them with commas.
Absolute modes are octal numbers
specifying the complete list of attributes for the files; you specify
attributes by ORing together these bits.
4000 Set-user-ID bit
2000 Set-group-ID bit
1000 Sticky bit
0400 User read
0200 User write
0100 User execute (or list directory)
0040 Group read
0020 Group write
0010 Group execute
0004 Other read
0002 Other write
0001 Other execute
Examples
- To remove write permission from orgcht:
chmod –w orgcht
- To turn on read, write, and execute permissions, and turn off
the set-user-ID bit, set-group-ID bit, and sticky bit attributes.
This is equivalent to chmod 0777 aprsal:
chmod a=rwx aprsal
- To set all permission bits on (anyone can read/write/execute):
chmod 777 scratch
- To set user (owner) executable permission bit on:
chmod u+x file
- To set group read / write permission bits:
chmod g+rw file
- To set other write permission off on 2 files:
chmod o-w file1 file2
- To set group read/write/execute permissions on the directory
/public/teamdir and all its files and subdirectories:
chmod -R g+rwx /public/teamdir
- To set group read/execute on, group write off on /u/ateam/pgm:
chmod g=rx /u/ateam/pgm
Localization
chmod uses
the following localization environment variables:
- LANG
- LC_ALL
- LC_CTYPE
- LC_MESSAGES
- NLSPATH
See Localization for more
information.
Exit values
- 0
- Successful completion
- 1
- Failure due to any of the following:
- Inability to access a specified file
- Inability to change the modes on a specified file
- Inability to read the directory containing the item to change
- An unrecoverable error was encountered when using the –R option
- 2
- Failure due to any of the following:
- Missing or incorrect mode argument
- Too few arguments
Messages
Possible error messages include:
- function not implemented
- This error may occur if the directory is under automount control.
- irrecoverable error during –R option
- The –R option was specified, but some
file or directory in the directory structure was inaccessible. This
may happen because of permissions.
- read directory name
- Read permissions are not on the specified directory.
Portability
POSIX.2, X/Open Portability Guide.
The –f and –h options
and the t permission are extensions of the
POSIX standard.
Related information
ls, setfacl, umask