chmod — Change the mode of a file or directory
Format
chmod [–fhR] mode pathname
Description
chmod changes the access permissions, or modes, of the specified file or directory. (Modes determine who can read, write, or search a directory or file.) Users with read access to SUPERUSER.FILESYS.CHANGEPERMS (a UNIXPRIV class profile), can use the chmod command to change the permission bits of any file.
Rule: chmod can be used only by the file owner or a superuser.
Options
- –f
- Does not issue error messages concerning file access permissions, even if chmod encounters such errors.
- –h
- Suppresses a mode change for the file or directory pointed to by the encountered symbolic link (or external link). Symbolic link (or external link) permissions cannot be changed on a z/OS system.
- –R
- Recursively change file mode bits. For each path name operand that names a directory, chmod will change the file mode bits of the directory and all files in the file hierarchy below it.
chmod never changes the permissions of symbolic links (or external links), because, on a z/OS system, the permissions on symbolic links (and external links) are never used. When -h is not specified, and symbolic links (or external links) are specified or encountered during the file hierarchy traversal, the links are followed, and the resolved directory (and files and subdirectories) are changed.
You can specify the mode value on the command line in either symbolic form or as an octal value.
[who] op permission[op permission …]- u
- Sets owner (user or individual) permissions.
- g
- Sets group permissions.
- o
- Sets other permissions.
- a
- Sets all permissions; this is the default. If a who value is not specified, the default is a, modified by umask.
- +
- Turns on a permission.
- -
- Turns off a permission.
- =
- Turns on the specified permissions and turns off all others.
- r
- Read permission. If this is off, you cannot read the file.
- x
- Execute permission. If this is off, you cannot run the file.
- X
- Execute or search permission for a directory; or execute permission for a file only when the current mode has at least one of the execute bits set.
- w
- Write permission. If this is off, you cannot write to the file.
- s
- If in owner permissions section, the set-user-ID bit is
on; if in group permissions section, the set-group-ID bit is
on. A superuser or the file owner can use a chmod command or chmod() function to change two options for an executable file. The options are set in two file mode bits:
- Set-user-ID (S_ISUID) with the setuid option
- Set-group-ID (S_ISGID) with the setgid option
If one or both of these bits are on, the effective UID, effective GID, or both, plus the saved UID, saved GID, or both, for the process running the program are changed to the owning UID, GID, or both, for the file. This change temporarily gives the process running the program access to data the file owner or group can access.
In a new file, both bits are set off. Also, if the owning UID or GID of a file is changed or if the file is written in, the bits are turned off. In shell scripts, these bits are ignored.
If the RACF® profile named FILE.GROUPOWNER.SETGID exists in the UNIXPRIV class, then the set-group-ID bit for a directory determines how the group owner is initialized for new objects created within the directory:- If the set-gid bit is on, then the owning GID is set to that of the directory.
- If the set-gid bit is off, then the owning GID is set to the effective GID of the process.
- t
- This represents the sticky bit. For a file, the sticky bit causes a search for the program in the user's STEPLIB, the link pack area, or link list concatenation. For a directory, the sticky bit allows files in a directory or subdirectories to be deleted or renamed only by the owner of the file, by the owner of the directory, or by a superuser.
You can specify multiple symbolic names if you separate them with commas.
4000 Set-user-ID bit
2000 Set-group-ID bit
1000 Sticky bit
0400 User read
0200 User write
0100 User execute (or list directory)
0040 Group read
0020 Group write
0010 Group execute
0004 Other read
0002 Other write
0001 Other executeExamples
- To remove write permission from orgcht:
chmod –w orgcht - To turn on read, write, and execute permissions, and turn off
the set-user-ID bit, set-group-ID bit, and sticky bit attributes.
This is equivalent to chmod 0777 aprsal:
chmod a=rwx aprsal - To set all permission bits on (anyone can read/write/execute):
chmod 777 scratch - To set user (owner) executable permission bit on:
chmod u+x file - To set group read / write permission bits:
chmod g+rw file - To set other write permission off on 2 files:
chmod o-w file1 file2 - To set group read/write/execute permissions on the directory
/public/teamdir and all its files and subdirectories:
chmod -R g+rwx /public/teamdir - To set group read/execute on, group write off on /u/ateam/pgm:
chmod g=rx /u/ateam/pgm
Localization
- LANG
- LC_ALL
- LC_CTYPE
- LC_MESSAGES
- NLSPATH
See Localization for more information.
Exit values
- 0
- Successful completion
- 1
- Failure due to any of the following:
- Inability to access a specified file
- Inability to change the modes on a specified file
- Inability to read the directory containing the item to change
- An unrecoverable error was encountered when using the –R option
- 2
- Failure due to any of the following:
- Missing or incorrect mode argument
- Too few arguments
Messages
- function not implemented
- This error may occur if the directory is under automount control.
- irrecoverable error during –R option
- The –R option was specified, but some file or directory in the directory structure was inaccessible. This may happen because of permissions.
- read directory name
- Read permissions are not on the specified directory.
Portability
POSIX.2, X/Open Portability Guide.
The –f and –h options and the t permission are extensions of the POSIX standard.
Related information
ls, setfacl, umask