Linux command chmod (modify file permissions) __linux

Source: Internet
Author: User
Tags chmod file permissions

<!--@page {margin:2cm} P {margin-bottom:0.21cm}-->

chmod Command

Use

Change the file mode.

Grammar

to change the file mode with a symbol

chmod [-R] [-H] [f] [[u] [g] [o] | [A]] {{-| + | =} [r] [w] [x] [x] [s] [t]} {File ... | Directory ...}

to change the file mode with numbers

chmod [-R] [-H] [F] permissioncode {File ... | Directory ...}

Description

The chmod command modifies the way bit and the Extended Access Control Table (ACL) for the specified file or directory. You can use symbols or numbers to define ways (completely).

When you encounter a symbolic link and you do not specify the-H flag, the chmod command changes the way the file or directory is pointed to by the link, not the link itself. If you specify the-H flag, the chmod command prevents this method from changing.

If you specify the-H flag and the-R flag, the chmod command recursively descending the specified directory, and does not change the way the link points to the file or directory when the symbolic link is encountered.

Sign

-F

Disables all error reporting (except for invalid permissions and usage statements).

-H

Prevents changes to the file or directory that are encountered by symbolic links.

Note: This behavior is slightly different from the-H flag on the CHGRP and Chown commands because you cannot set the way bit on the symbolic link.

-R

Recursive descending directory only, as pattern file...| Directory ... Specified. The-r flag changes the file way bits for each directory and all files that match the specified pattern. See Example 6.

When a symbolic link is encountered and the link points to a directory, change the file mode bit of the directory without further traversing the directory.

Symbolic Mode

To specify the way in symbolic format, you must specify three set of flags.

Note: Do not use spaces to separate labels.

The first set of flags specifies who authorizes or rejects the specified permission, as described below:

U

The file owner.

G

Group and extended ACL entries that are intrinsic to the filegroup.

O

All other entries.

A

Users, groups, and all other entries. A flag has the same effect as the specified UGO flag. If you do not specify these flags, the default value is flag A and the file creation mask (umask) is applied.

The second set of flags specifies whether permissions are to be dropped, applied, or set:

-

Removes the specified permission.

+

Applies the specified permissions.

=

Clears the selected permission field and sets it to the specified license. If you do not specify a permission after = =, the chmod command removes all permissions from the selected field.

The third set of flags specifies the license rights to be dropped, applied, or set:

R

Read the license right.

W

Write permission right.

X

Permission to execute the file, or to search for the directory.

X

If the current (unmodified) way bit sets at least one user, group, or other execution bit, the permission to execute the file is executed. If the File parameter is specified and no execution bit is set in the current way bit, the X flag is ignored.

Permissions to search for directories.

S

If you specify or suppress a U flag, the user identity permission is set at execution time. If you specify or suppress the G flag, set the group identity permission at execution time.

T

For a directory, it means that only the file owner can link or unlink files in the specified directory. For a file, it sets the Save-text property.

number or full way

The chmod command also allows you to use the octal notation for that method. A numeric method is a summary of one or more of the following values:

4000

Sets the user identity at execution time.

2000

Sets the group identity at execution time.

1000

Set the Save-text property for the directory to set the link permissions or for the file.

0400

Allow owner to read.

0200

Allow all people to write.

0100

Allows the owner to perform or search.

0040

Allow group read.

0020

Allow group write.

0010

Allow group execution or search.

0004

Allow other people to read.

0002

Allow others to write it.

0001

Allow others to perform or search.

Note:

1. Digitally specify to disable any extended ACLs. Refer to the "Access control List" in the AIX 5L V5.2 System User's Guide: operating systems and devices for more information.

2. Changing group access rights with symbols also affects extension ACL entries. Group entries in the same ACL as all groups of files deny any permissions that are removed from the method. Refer to the Access Control table for more information.

3. You can specify multiple symbolic methods separated by commas. Perform actions in the order they appear from left to right.

4. When a group identity permission is dropped from the directory when the settings are executed, the method must be specified with a symbol or 4 character Fu Ba, with a line spacing of 0 (for example, 0755).

Security

Access control: This program should be installed as a normal user program in the trusted computing base.

Only the file owner or the root user can change the file's way.

Exit Status

This command returns the following export values:

0

The command was successfully executed and all requested changes have been performed.

>0

An error has occurred.

Sample

1. To add a license right type to several files:

chmod g+w Chap1 CHAP2

This adds the write permissions of the group member to the file Chap1 and CHAP2.

2. Several permission changes are to be made immediately:

chmod go-w+x Mydir

This denies group members and others the permission to create or delete files in Mydir (GO-W) and allow group members and others to search for Mydir or use it in the path name (go+x). This is equivalent to the command sequence:

chmod g-w Mydir

chmod o-w Mydir

chmod g+x Mydir

chmod o+x Mydir

3. To allow only all people to use the shell step as a command:

chmod u=rwx,go= cmd

This authorization file (U=RWX) owner reads, writes, and executes the permission rights. It also denies the group and other people the right to access cmd in any way (go=).

If you have permission to execute a cmd shell command file, you can run it by entering the following command:

Cmd

Note: Depending on the path shell variable, you may need to specify the full path of the cmd file.

4. To use the setting identification (Set-id) method:

chmod ug+s cmd

When the cmd command is executed, valid user identities and group identities are set to those owners who own the cmd file. Only change the valid identity associated with the child process running the cmd command. The valid identity of the shell session remains unchanged.

This feature allows you to access restricted files. Assume that the CMD program has enabled the set user identification (Set-user-id) method and is owned by a user named DBMS. In fact, the user DBMS is not a person, but may be associated with a database management system. User Betty does not have permission to access data files for any DBMS. However, she has permission to execute the cmd command. When she does so, her valid user identity is temporarily changed to a DBMS, so the CMD program can access the data files owned by the user's DBMS.

In this way, user Betty can use the cmd command to access data files, but she will not be in the process of using standard shell command to accidentally destroy them.

5. Full-mode format to use the chmod command:

chmod 644 Text

This sets the read and write permission for the owner, and it sets the read-only way for groups and other users. This also removes any extension ACLs that may be associated with the file.

6. To recursively descending the directory and change the file and directory permissions given to the tree structure:

./dir1/dir2/file1

./dir1/dir2/file2

./dir1/file1

Please enter this command sequence:

Chmod-r 777 f*

This will change the license rights of./dir1/file1.

But for the following tree structure:

./dir1/fdir2/file1

./dir1/fdir2/file2

./dir1/file3

Command sequence:

Chmod-r 777 f*

The permissions for the following content will be changed:

./dir1/fdir2

./dir1/fdir2/file1

./dir1/fdir2/file2

./dir1/file3

file

/usr/bin/chmod

Contains the chmod command.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.