$ whatis chmod
chmod chmod (1) - change file mode bits
chmod chmod (1) - change the permissions mode of a file
chmod chmod (2) - change access permission mode of file
Examples:
The command 'chmod' is used to change the access permission for one or more files and directories. To better understand the change mode, 'chmod' command one better understand how the 'umask' comamnd and it is default settings works. As you can see from the commands below, I am logged in as user 'wahid' and the 'umask' value is '0022'. This means that any directories I create will have the permession of 'rwx' for owner, 'r-x' for group and 'r-x' for others. In addition, any files I create will have the permession of 'rw-' for owner 'wahid', 'r--' for group 'staff' and 'r--' for others. To better understande this, please see the tables below.
In the table below, I am showing the permession in both text format and octal values for a given permission. Please undertand that this permission settings can be used for owner, group and others. For instance, if one likes to make the owner 'rwx' octal value of '7' and 'rwx' for group octal value of '7', and 'rwx' for others octal value of '7', the the octal value equivalent to 'rwxrwxrwx', would be '777'. Bingo, with these three jackpot numbers '777' in UNIX you have full access permission.
| rwx | 7 | All permission are set for read, write and execute |
| rw- | 6 | Can read and write, but no executable accessr |
| r-x | 5 | Can read and excute but no wirte access. |
| r-- | 4 | Can only read, but no write and excute access. |
| -wx | 3 | Can wirte and execute but have no read access. (?) |
| -w- | 2 | Can write, but have no read and execute access (?) |
| --x | 1 | Can only execute, but no read and write access. |
| --- | 0 | No read, write and execute acesss at all |
Now, I am going to explain how these octal numbers are derived from the binary numbers. Since at the lowest level everything is represented as binaries numbers or bits of zeros '0' and ones '1' in the CPU registers. As you can see the three characters '---' have three positions from right to left, that is position zero, postion one and position two. Since binary numbers are base 2, we can easily find out the octal value fo each of the characters permission.
2 2 = 4 (read)
2 1 = 2 (write)
2 0 = 1(execute)
Let's follow some examples:
$ whoami
wahid
$ id
uid=101(wahid) gid=10(staff) groups=10(staff)
$ umask
0022
$ mkdir newdir
$ touch newfile
$ ls -ld newdir newfile
drwxr-xr-x 2 wahid staff 2 2011-01-15 21:09 newdir
-rw-r--r-- 1 wahid staff 0 2011-01-15 21:10 newfile
With the absense of '-' means the permission is set, otherwise the permission is not set. If al l permission is set, then we have rwx, which means 4 + 2 + 1 = 7, if we have rw-, then we have 4 + 2 + 0 = 6, and if permission is set to 'r-x', then we have 4 + 0 + 1 = 5. At this point you have a clear idea, but want to give one example of the 'rwxr-xr-x' which is eaquivalent to octal value of 755 or (4 + 2 + 1 = 7,4 + 0 + 1= 5, 4 + 0 + 1 = 5).
| File Type | Owner | Group | Others | Octal Value | Description |
|---|---|---|---|---|---|
|
d
The 'd' means it is a directory. |
rwx | rwx | rwx | 777 |
All (owner, group, and others) have
read, write and execute access permission to this directory. |
|
-
The '-' means it is a regular file. |
rw- | r-- | r-- | 644 |
Only owner could read and write
everone else only have read access. |
|
-
The '-' means it is a regular file. |
rwx | r-x | r-x | 755 |
Owner has read,write,and excute
access. The group and others have read and excute access.Good for a executable script. |
|
-
The '-' means it is a regular file. |
r-- | --- | --- | 400 |
Only the owner have read
access, everyone else has no access at all.This is good for /etc/shadow file since it is owned by root. |
|
-
The '-' means it is a regular file. |
rwx | rwx | rwx | 777 |
The symbolic link files are by default
read, write, and excutable for all. So, that it could be available for all. |
Now we are ready to show some examples of the 'chmod' commands. I run 'pwd' , and 'ls -l' to verify the current permission of files and directory under the 'pkgdir' directory.
$ pwd
/export/home/wahid/training/OpenSolaris/pkgdir
As you can see below, when I created the directory 'newdir', the permission was created as 'drwxr-xr-x'. The 'd' character represents it is a directory, and the next nine character is equivalent to octal value of '755'. That is derived from the umask. The same formula is used for calculating the file permission, except the umask is substrucated from the octal value of '666' for new created files. For instance the new file I created using 'touch this', the permission is '-rw-r--r--', which is a regular text file with read, write permission for owner 'wahid' and read only permission for group 'staff' and others.
777 - 022 = 755 directory permission.
666 - 022 = 644 file permission.
$ ls -l
total 16
drwxr-xr-x 2 wahid staff 2 2011-01-15 21:09 newdir
-rw-r--r-- 1 wahid staff 0 2011-01-15 21:10 newfile
-rw-r--r-- 1 wahid staff 11258 2011-01-03 22:09 pkg-publisher
drwxr-xr-x 2 wahid staff 8 2011-01-15 20:02 text
-rw-r--r-- 1 wahid staff 0 2011-01-15 21:29 this
Now, I give full access (read, write, and excute) for the directory 'newdir' to everyone.
$ chmod 777 newdir
$ ls -ld newdir
drwxrwxrwx 2 wahid staff 2 2011-01-15 21:09 newdir
I change the directory permission for 'newdir' back to '755' which is read, write, execute for owner, read, and execute for ghe roup and others.
$ chmod 755 newdir
$ ls -ld newdir
drwxr-xr-x 2 wahid staff 2 2011-01-15 21:09 newdir
Now, I changed the permission mode of the three files below to read,writable for owner and group and readable for others.
$ chmod 664 newfile pkg-publisher this
I list to verify the change I just made.
$ ls -l
total 16
drwxr-xr-x 2 wahid staff 2 2011-01-15 21:09 newdir
-rw-rw-r-- 1 wahid staff 0 2011-01-15 21:10 newfile
-rw-rw-r-- 1 wahid staff 11258 2011-01-03 22:09 pkg-publisher
drwxr-xr-x 2 wahid staff 8 2011-01-15 20:02 text
-rw-rw-r-- 1 wahid staff 0 2011-01-15 21:29 this
Now, I am going to make a simple script to show the permission
$ echo "df -hF zfs" > df-zfs.sh
$ ls -l df-zfs.sh
-rw-r--r-- 1 wahid staff 11 2011-01-17 13:01 df-zfs.sh
As you can see the permission of the script 'df-zfs.sh' is not executable. Therefore, when I tried to execute this script, it generated the error 'Permission denied' as shown below:
$ ./df-zfs.sh
bash: ./df-zfs.sh: Permission denied
Now, I use the born shell '-x' option to execute this script without changing the permission of the file. The '-x' script works like an interpreter, it displays every command with the plus '+' sign infront of it, and then if is is valid command or expression it display the result after it.
$ sh -x df-zfs.sh
$ df -hF zfs
Filesystem Size Used Avail Use% Mounted on
rpool/ROOT/opensolaris-1
20G 7.2G 12G 38% /
rpool/export 12G 22K 12G 1% /export
rpool/export/home 12G 22K 12G 1% /export/home
rpool/export/home/wahid
13G 771M 12G 6% /export/home/wahid
rpool 12G 81K 12G 1% /rpool
As shown below, I am changing the permission of this 'df-zfs.sh' script to executable for everyone so that I could run it as an executable script.
$ chmod 755 df-zfs.sh
$ ls -l df-zfs.sh
-rwxr-xr-x 1 wahid staff 11 2011-01-17 13:01 df-zfs.sh
Now, I am run it as an executable shell script.
$ ./df-zfs.sh
Filesystem Size Used Avail Use% Mounted on
rpool/ROOT/opensolaris-1
20G 7.2G 12G 38% /
rpool/export 12G 22K 12G 1% /export
rpool/export/home 12G 22K 12G 1% /export/home
rpool/export/home/wahid
13G 771M 12G 6% /export/home/wahid
rpool 12G 81K 12G 1% /rpool
Please click on " man chmod " to see the Manual Page for this command.
