chmod
chmod (from English: change mode ) is a command line program under Unix with which the classic Unix file rights can be changed. The chmod
command has been around since the first version of the AT&T Unix (early 1970s).
The attribute changes can only be made by the owner of the file or the root
user.
use
The program is used in the Unix shell as follows:
$ chmod [options] mode file1 …
Options are initially possible; options can thereby -v
for verbose output ( verbose ) and -R
for recursive all runaway subdirectories to be.
mode stands for the rights mask to be applied to the file or files. This can be done in a numerical notation or a symbolic notation .
Symbolic notation
chmod
enables an abbreviation to easily combine file rights. Here u stands for the owner ( user ), g for the group ( group ) and o for all other users ( other ). Finally there is also a , which encloses all three user groups ( all ). For example, to give all possible users the execution rights of a file, is enough .
chmod a+x dateiname
These user classes are linked to the file rights with three possible operators :
-
+
adds the corresponding file rights to the corresponding user classes (only overwrites the rights concerned) -
-
revokes the corresponding (and affected) file rights from the corresponding user classes -
=
sets the corresponding file rights for the user classes, regardless of their previous rights to the object (override).
The corresponding file rights are then specified. These are r
, w
, x
, s
and t
according to the classical symbolic notation . There is also the special character X
( special execute ). This is not a file right, but a substitute for x
which sets the execute right for directories (regardless of whether you have set it before) and only sets an execute right for files that already have an execute right have set for at least one user class. It therefore only makes sense if it is used with +
and the -R
option to give the corresponding user classes access to a directory tree without setting the execute bit for normal files (not programs), which would normally chmod -R a+rx
happen when calling . With, X
however, you can chmod -R a+rX
use.
Numerically
The numerical use of chmod is structured as follows:
chmod SUGO beispiel.txt
S
stands for the so-called S ticky-bit , it usually has a value of 0
U
... for the user (English u ser ) or owner (and owner) of the file
G
... for the group and
O
... for the English o ther (s) , so all other users
The four octal digits after the command chmod
have a value from 0 to 7 for the digits of S, U, G or O. With U, G and O, 4 stands for read, 2 for write and 1 for execute.
# | authorization | rwx |
---|---|---|
7th | Full | 111 |
6th | Read and write | 110 |
5 | Read and execute | 101 |
4th | Just read | 100 |
3 | Write and execute | 011 |
2 | Only writing | 010 |
1 | Just run | 001 |
0 | No | 000 |
The sticky bit results in a different behavior for directories and files. With directories in most modern UNIX implementations, a set sticky bit creates the property that (with the appropriate remaining rights) every user can write files to the directory, but can only edit or delete his own. The values 4 and 2 are also possible, which enter the directory owner or the directory group for files as the file owner. B. Users of different primary group membership can easily share the files in a directory.
# | authorization |
---|---|
4th | SUID (set user of the directory for files) |
2 | SGID (set group of directory for files) |
1 | Only the owner (and superuser) can delete and rename files |
0 | No |
The sticky bit is a security risk, especially for executable files , as it sets the context of the file owner instead of that of the executor. The original meaning of keeping executable files in the main memory in order to generate a gain in performance is no longer important.
Examples
Beispiel 1 $ chmod u=rw MyFile Beispiel 2 $ chmod g-rx MyFile Beispiel 3 $ chmod o+r MyFile Beispiel 4 $ chmod 0700 Beispiel.txt Beispiel 5 $ chmod g+w,o-x MyFile
Explanation:
- sets the rights of the “MyFile” file of the owner (the file) to read (r) and write (w), if necessary deletes the execution right because not set. These rights are useful, for example, if a user wants to protect a document in a directory that is visible across a computer or group. These rights settings do not make sense for a directory or executable program of the user, since he can no longer list it afterwards (the execution right is missing).
- withdraws the (owning) group the right to read (r) and execute (x), but does not affect the right to write. Depending on the previous status, the group may still have the right to write (w) so that the file could be used as an "inbox". Writing with an interactive editor will not be possible, but by group members with a command like echo content> MyFile.
- adds the right to read (r) for everyone else (if not already available).
- With the numerical method, all rights are withdrawn from everyone except the owner of the file, but the owner can read (4), write (2) and execute (1) the file.
- Adds the right to write (w) to the owning group and removes the right to execute from anyone who does not own the file or own the file.
Graphic alternatives
In many graphical file managers and FTP clients, for example Konqueror / KDE , Nautilus / GNOME , the file rights can be edited graphically.
See also
Web links
-
chmod(1)
: change the file modes - Open Group Base Specification -
chmod(1)
: change file modes - OpenBSD General Commands Manual -
chmod(1)
: Change file mode bits - Debian GNU / Linux executables or shell commands man page