1.\" $OpenBSD: chmod.1,v 1.36 2011/07/13 08:12:10 sobrado Exp $ 2.\" $NetBSD: chmod.1,v 1.8 1995/03/21 09:02:07 cgd Exp $ 3.\" 4.\" Copyright (c) 1989, 1990, 1993, 1994 5.\" The Regents of the University of California. All rights reserved. 6.\" 7.\" This code is derived from software contributed to Berkeley by 8.\" the Institute of Electrical and Electronics Engineers, Inc. 9.\" 10.\" Redistribution and use in source and binary forms, with or without 11.\" modification, are permitted provided that the following conditions 12.\" are met: 13.\" 1. Redistributions of source code must retain the above copyright 14.\" notice, this list of conditions and the following disclaimer. 15.\" 2. Redistributions in binary form must reproduce the above copyright 16.\" notice, this list of conditions and the following disclaimer in the 17.\" documentation and/or other materials provided with the distribution. 18.\" 3. Neither the name of the University nor the names of its contributors 19.\" may be used to endorse or promote products derived from this software 20.\" without specific prior written permission. 21.\" 22.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32.\" SUCH DAMAGE. 33.\" 34.\" @(#)chmod.1 8.4 (Berkeley) 3/31/94 35.\" 36.Dd $Mdocdate: July 13 2011 $ 37.Dt CHMOD 1 38.Os 39.Sh NAME 40.Nm chmod 41.Nd change file modes 42.Sh SYNOPSIS 43.Nm chmod 44.Oo 45.Fl R 46.Op Fl H | L | P 47.Oc 48.Ar mode 49.Ar 50.Sh DESCRIPTION 51The 52.Nm 53utility modifies the file mode bits of the listed files 54as specified by the 55.Ar mode 56operand. 57The mode of a file dictates its permissions, among other attributes. 58.Pp 59The options are as follows: 60.Bl -tag -width Ds 61.It Fl H 62If the 63.Fl R 64option is also specified, symbolic links on the command line are followed. 65(Symbolic links encountered in the tree traversal are not followed.) 66.It Fl L 67If the 68.Fl R 69option is also specified, all symbolic links are followed. 70.It Fl P 71If the 72.Fl R 73option is also specified, no symbolic links are followed. 74.It Fl R 75Recursively descend through any specified directory arguments. 76Change the modes of the file hierarchies rooted in the files 77instead of just the files themselves. 78.El 79.Pp 80Symbolic links do not have modes, so unless the 81.Fl H 82or 83.Fl L 84option is set, 85.Nm 86on a symbolic link always succeeds and has no effect. 87The 88.Fl H , 89.Fl L , 90and 91.Fl P 92options are ignored unless the 93.Fl R 94option is specified. 95In addition, these options override each other and the 96command's actions are determined by the last one specified. 97.Pp 98Only the file's owner or the superuser is permitted to change 99the mode of a file. 100.Ss Absolute modes 101Absolute modes are specified according to the following format: 102.Bd -filled -offset indent 103.Nm chmod 104.Ar nnnn 105.Ar 106.Ed 107.Pp 108An absolute mode is an octal number (specified as 109.Ar nnnn , 110where 111.Ar n 112is a number from 0 to 7) constructed by ORing 113any of the following values: 114.Pp 115.Bl -tag -width 6n -compact -offset indent 116.It Li 0400 117Allow read by owner. 118.It Li 0200 119Allow write by owner. 120.It Li 0100 121Allow execution (or search in directories) by owner. 122.It Li 0700 123Allow read, write, and execute/search by owner. 124.It Li 0040 125Allow read by group. 126.It Li 0020 127Allow write by group. 128.It Li 0010 129Allow execution (or search in directories) by group. 130.It Li 0070 131Allow read, write, and execute/search by group. 132.It Li 0004 133Allow read by others. 134.It Li 0002 135Allow write by others. 136.It Li 0001 137Allow execution (or search in directories) by others. 138.It Li 0007 139Allow read, write, and execute/search by others. 140.El 141.Pp 142In addition to the file permission modes, the following mode bits are 143available: 144.Pp 145.Bl -tag -width 6n -compact -offset indent 146.It Li 4000 147Set-user-ID on execution. 148.It Li 2000 149Set-group-ID on execution. 150.It Li 1000 151Enable sticky bit; see 152.Xr sticky 8 153and 154.Xr chmod 2 . 155.El 156.Pp 157The execute bit for a directory is often referred to as the 158.Dq search 159bit. 160In order to access a file, a user must have execute permission in each 161directory leading up to it in the filesystem hierarchy. 162For example, to access the file 163.Pa /bin/ls , 164execute permission is needed on 165.Pa / , 166.Pa /bin , 167and, of course, the 168.Pa ls 169binary itself. 170.Ss Symbolic modes 171Symbolic modes are specified according to the following format: 172.Bd -filled -offset indent 173.Nm chmod 174.Sm off 175.Op Ar who 176.Ar op 177.Oo Ar perm Oc , Ar ... 178.Sm on 179.Ar 180.Ed 181.Pp 182The 183.Ar who 184symbols indicate whose permissions are to be changed or assigned: 185.Pp 186.Bl -tag -width 4n -compact -offset indent 187.It u 188User (owner) permissions. 189.It g 190Group permissions. 191.It o 192Others permissions. 193.It a 194All of the above. 195.El 196.Pp 197Do not confuse the 198.Sq o 199symbol with 200.Dq owner . 201It is the user bit, 202.Sq u , 203that refers to the owner of the file. 204.Pp 205The 206.Ar op 207symbols represent the operation performed, as follows: 208.Bl -tag -width 4n -offset indent 209.It + 210If no value is supplied for 211.Ar perm , 212the 213.Sq + 214operation has no effect. 215If no value is supplied for 216.Ar who , 217each permission bit specified in 218.Ar perm , 219for which the corresponding bit in the file mode creation mask 220is clear, is set. 221Otherwise, the mode bits represented by the specified 222.Ar who 223and 224.Ar perm 225values are set. 226.It \&\- 227If no value is supplied for 228.Ar perm , 229the 230.Sq \- 231operation has no effect. 232If no value is supplied for 233.Ar who , 234each permission bit specified in 235.Ar perm , 236for which the corresponding bit in the file mode creation mask 237is clear, is cleared. 238Otherwise, the mode bits represented by the specified 239.Ar who 240and 241.Ar perm 242values are cleared. 243.It = 244The mode bits specified by the 245.Ar who 246value are cleared, or, if no 247.Ar who 248value is specified, the user, group 249and other mode bits are cleared. 250Then, if no value is supplied for 251.Ar who , 252each permission bit specified in 253.Ar perm , 254for which the corresponding bit in the file mode creation mask 255is clear, is set. 256Otherwise, the mode bits represented by the specified 257.Ar who 258and 259.Ar perm 260values are set. 261.El 262.Pp 263The 264.Ar perm 265(permission symbols) represent the portions of the mode bits as follows: 266.Pp 267.Bl -tag -width Ds -compact -offset indent 268.It r 269Read bits. 270.It s 271Set-user-ID and set-group-ID on execution bits. 272.It t 273Sticky bit. 274.It w 275Write bits. 276.It x 277Execute/search bits. 278.It X 279The execute/search bits if the file is a directory or any of the 280execute/search bits are set in the original (unmodified) mode. 281Operations with the 282.Ar perm 283symbol 284.Sq X 285are only meaningful in conjunction with the 286.Ar op 287symbol 288.Sq + , 289and are ignored in all other cases. 290.It u 291User permission bits in the mode of the original file. 292.It g 293Group permission bits in the mode of the original file. 294.It o 295Other permission bits in the mode of the original file. 296.El 297.Pp 298Each clause (given in a comma-delimited list on the command line) specifies 299one or more operations to be performed on the mode bits, and each operation is 300applied in the order specified. 301.Pp 302Operations upon the 303.Dq other 304permissions (specified by the symbol 305.Sq o 306by itself), in combination with the 307.Ar perm 308symbols 309.Sq s 310or 311.Sq t , 312are ignored. 313.Sh EXIT STATUS 314.Ex -std chmod 315.Sh EXAMPLES 316Set file readable by anyone and writable by the owner only: 317.Pp 318.Dl $ chmod 644 file 319.Pp 320Deny write permission to group and others: 321.Pp 322.Dl $ chmod go-w file 323.Pp 324Set the read and write permissions to the usual defaults, but 325retain any execute permissions that are currently set: 326.Pp 327.Dl $ chmod =rw,+X file 328.Pp 329Make a directory or file searchable/executable by everyone if it is 330already searchable/executable by anyone: 331.Pp 332.Dl $ chmod +X file 333.Pp 334Any of these commands will make a file readable/executable by everyone and 335writable by the owner only: 336.Bd -literal -offset indent 337$ chmod 755 file 338$ chmod u=rwx,go=rx file 339$ chmod u=rwx,go=u-w file 340.Ed 341.Pp 342Clear all mode bits for group and others: 343.Pp 344.Dl $ chmod go= file 345.Pp 346Set the group bits equal to the user bits, but clear the group write bit: 347.Pp 348.Dl $ chmod g=u-w file 349.Sh SEE ALSO 350.Xr chflags 1 , 351.Xr chgrp 1 , 352.Xr find 1 , 353.Xr install 1 , 354.Xr chmod 2 , 355.Xr stat 2 , 356.Xr umask 2 , 357.Xr fts 3 , 358.Xr setmode 3 , 359.Xr symlink 7 , 360.Xr chown 8 , 361.Xr sticky 8 362.Sh STANDARDS 363The 364.Nm 365utility is compliant with the 366.St -p1003.1-2008 367specification. 368.Pp 369The flags 370.Op Fl HLP 371are extensions to that specification. 372.Sh HISTORY 373A 374.Nm 375command appeared in 376.At v1 . 377.Sh BUGS 378There's no 379.Ar perm 380option for the naughty bits. 381