$title = "Changing access permissions - chmod"; $area = "Unix Support"; $metadata = "unix, commands, file, permissions, chmod, file mode, numeric"; $pfloc = ""; require '/usr/local/wwwdocs/ucs/fragments/header.phtml'; require '/usr/local/wwwdocs/ucs/fragments/header-bc.phtml'; ?>
chmod mode filename
mode consists of three parts:
For example
chmod a+r *.pub
gives everyone permission to read all files with the extension .pub.
Warning: when using chmod, be careful not to compromise file security.
If you wish to remove access for a set of users, use a - in the command, rether than + or =. For example, if the file mode of the file myprog.for is currently rw-r--r--, read-access for others can be removed by the command:
chmod o-r myprog.for
Allowing other users access to one of your files consists of three steps:
chmod go=rx $HOME
For example, if you wish to permit others to be able to read the file ~/project/docs/myprog.for, the file modes of the directories project and docs both need to be set appropriately. You can check their current settings by typing:
ls -ld ~/project ~/project/docs
You may change the file modes to allow access by typing:
chmod go=rx ~/project ~/project/docs
To permit an individual file called, for example, myprog.for, first ensure that you are in the directory containing the file, then type:
chmod go+r myprog.for
Provided that you have also permitted your home directory and the intermediate directories as decribed above, all users will now be able to access your file. Others do not need to know the location of your home directory: they can use the ~ character to reference your file. So if, for example, your login name is nxyz2, then your could refer to the file myprog.for as ~nxyz2/project/docs/myprog.for
Search access rights, denoted by x in the file mode, are the minimum that you can give in order to allow any access to a directory.
If a directory is only permitted x then nobody can use ls in order to list the names of files stored there - read access to the directory is needed for that.
Whilst this might seem useful, in fact if your colleagues forget the names of your files which they want to copy, x alone does not permit them to list the directory and remind themselves. Therefore, when permitting directories, it is common to put search and read access rights together, by giving rx access. Although they can then see the list of all your files, they will only be able to read or copy those which you have also permitted r.
To make a file - for example one called myprog.for - read-only by yourself the command is:
chmod u=r myprog.for
If you later try to delete or otherwise change the file, you get a response like:
rm: override protection 400 for myprog.for?
If you type n, then the file is not removed; however if you really do want to delete it, respond with y
There is a shorthand way of setting permissions by using octal numbers. Read permission is given the value 4, write permission the value 2 and execute permission 1.
r w x 4 2 1
These values are added together for any one user category:
1 = execute only 2 = write only 3 = write and execute (1+2) 4 = read only 5 = read and execute (4+1) 6 = read and write (4+2) 7 = read and write and execute (4+2+1)
So access permissions can be expressed as three digits. For example:
user group others chmod 640 file1 rw- r-- --- chmod 754 file1 rwx r-x r-- chmod 664 file1 rw- rw- r--require '/usr/local/wwwdocs/ucs/fragments/footer.phtml'; ?>