chmod
: Change access permissionschmod
changes the access permissions of the named files. Synopsis:
chmod [option]… {mode | --reference=ref_file} file…
chmod
doesn’t change the permissions of symbolic links, since
the chmod
system call cannot change their permissions on most systems,
and most systems ignore permissions of symbolic links.
However, for each symbolic link listed on the command
line, chmod
changes the permissions of the pointed-to file.
In contrast, chmod
ignores symbolic links encountered during
recursive directory traversals. Options that modify this behavior
are described below.
Only a process whose effective user ID matches the user ID of the file, or a process with appropriate privileges, is permitted to change the file mode bits of a file.
A successful use of chmod
clears the set-group-ID bit of a
regular file if the file’s group ID does not match the user’s
effective group ID or one of the user’s supplementary group IDs,
unless the user has appropriate privileges. Additional restrictions
may cause the set-user-ID and set-group-ID bits of mode or
ref_file to be ignored. This behavior depends on the policy and
functionality of the underlying chmod
system call. When in
doubt, check the underlying system behavior.
If used, mode specifies the new file mode bits.
For details, see the section on File permissions.
If you really want mode to have a leading ‘-’, you should
use -- first, e.g., ‘chmod -- -w file’. Typically,
though, ‘chmod a-w file’ is preferable, and chmod -w
file
(without the --) complains if it behaves differently
from what ‘chmod a-w file’ would do.
The program accepts the following options. Also see Common options.
Verbosely describe the action for each file whose permissions actually change.
Do not act on symbolic links themselves but rather on what they point to. This is the default for command line arguments, but not for symbolic links encountered when recursing.
Combining this dereferencing option with the --recursive option may create a security risk: During the traversal of the directory tree, an attacker may be able to introduce a symlink to an arbitrary target; when the tool reaches that, the operation will be performed on the target of that symlink, possibly allowing the attacker to escalate privileges.
Act on symbolic links themselves instead of what they point to. On systems that do not support this, no diagnostic is issued, but see --verbose.
Do not print error messages about files whose permissions cannot be changed.
Fail upon any attempt to recursively change the root directory, /. Without --recursive, this option has no effect. See Treating / specially.
Cancel the effect of any preceding --preserve-root option. See Treating / specially.
Verbosely describe the action or non-action taken for every file.
Change the mode of each file to be the same as that of ref_file. See File permissions. If ref_file is a symbolic link, do not use the mode of the symbolic link, but rather that of the file it refers to.
Recursively change permissions of directories and their contents.
If --recursive (-R) is specified and a command line argument is a symbolic link to a directory, traverse it. This is the default if none of -H, -L, or -P is specified. See Traversing symlinks.
In a recursive traversal, traverse every symbolic link to a directory that is encountered.
Combining this dereferencing option with the --recursive option may create a security risk: During the traversal of the directory tree, an attacker may be able to introduce a symlink to an arbitrary target; when the tool reaches that, the operation will be performed on the target of that symlink, possibly allowing the attacker to escalate privileges.
See Traversing symlinks.
Do not traverse any symbolic links. See Traversing symlinks.
An exit status of zero indicates success, and a nonzero value indicates failure.
Examples:
# Change file permissions of FOO to be world readable # and user writable, with no other permissions. chmod 644 foo chmod a=r,u+w foo # Add user and group execute permissions to FOO. chmod +110 file chmod ug+x file # Set file permissions of DIR and subsidiary files to # be the umask default, assuming execute permissions for # directories and for files already executable. chmod -R a=,+rwX dir