chmod
change file mode bits
Synopsis
chmod
[OPTION]... MODE[,MODE]...
FILE...
chmod [OPTION]... OCTAL-MODE FILE...
chmod [OPTION]... --reference=RFILE
FILE...
add an example, a script, a trick and tips
examples
source
chmod 707 .
chmod -R 707 data
source
How to chmod 755 all directories but no file (recursively)?
To recursively give directories read&execute
privileges:
find /path/to/base/dir -type d -exec chmod 755 {} +
To recursively give files read privileges:
find /path/to/base/dir -type f -exec chmod 644 {} +
Or, if there are many objects to process:
chmod 755 $(find /path/to/base/dir -type d)
chmod 644 $(find /path/to/base/dir -type f)
Or, to reduce chmod
spawning:
find /path/to/base/dir -type d -print0 | xargs -0 chmod 755
find /path/to/base/dir -type f -print0 | xargs -0 chmod 644
source
Allow specific user permission to read/write my folder
If you are using Linux with a relatively modern
filesystem (ext3/ext4, btrfs, ntfs), this can be done with
POSIX ACLs:
-
Enable ACLs for the filesystem. This is only necessary for
ext3 and ext4 on kernels older than 2.6.38. All other
filesystems that support ACLs enable them automatically.
mount -o remount,acl /
tune2fs -o acl /dev/<partition>
-
Give tom
access to the folder:
setfacl -m user:tom:rwx /home/samantha/folder
If the OS or the filesystem does not support ACLs, another way is
to use groups.
-
Create a group.
-
Some Linux distributions create a separate group for each
user: tom
would automatically be in a group
also named tom
.
-
If not, create a group. This should work on Linux...
groupadd tom
gpasswd -a tom tom
...and this - on BSD:
groupadd tom
usermod -G tom tom
-
chgrp
the directory to that group, and give
permissions with chmod
:
chgrp tom /home/samantha/folder
chmod g+rwx /home/samantha/folder
source
What is the meaning of "chmod 666"?
The chmod command (abbreviated from change mode) is a Unix
command that lets an operator tell the system how much (or
little) access it should permit to a file. Command chmod
666
means that all users will have read and write
permissions.
source
Find all files on server with 777 permissions
it's as easy as:
find / -perm 0777
if you only want to match files, use this instead:
find / -type f -perm 0777
source
How to chmod and chown hidden files in Linux?
*
doesn't include hidden files by default, but if
you're in bash, you can do this with:
shopt -s dotglob
Read more about it in bash's
builtin
manual:
If set, Bash includes filenames beginning with a `.' in the
results of filename expansion.
This will make *
include hidden files too.
chmod -R 775 *
Disable it with:
shopt -u dotglob
source
Chmod to allow read and write permissions for directory
That's not how the Unix protection model works, you can't set
permissions recursively. You need to set them on each directory,
all the way "down".
Of course you can do the setting recursively, but that
only means "go through and set these permissions on all files and
folders below", which is not how I understand your question.
To do do that, use the -R option to chmod:
$ chmod -R 0755 /my-cool-directory
source
How to chown/chmod all files in current directory?
I think you want this:
chown username:groupname *
If you also want to recursively change subdirectories, you'll
need the -R
(-r
is deprecated) switch:
chown -R username:groupname *
source
"chown -R root /" how screwed am I?
First of all, stop the command if it is still running!
Now everything will belong to root and that is quite problematic.
You should try to restore information from your latest backup.
It is also important not to restart the system before checking
all the applications running and the user launching them on boot.
If you do, some of them may not start properly due to permissions
problems.
Good luck.
source
Setting differing ACLs on directories and files
As far as I understand Linux ACLs, setfacl -Rdm
g:mygroup:rwx share_name
does exactly what you want.
Experiment:
umask 007
mkdir foo
chgrp mygroup foo
chmod 2700 foo
setfacl -d -m group:mygroup:rwx foo
setfacl -m group:mygroup:rwx foo
touch foo/data
echo '#!/bin/ls' >foo/exec
chmod +x foo/exec
Then as a different user in group mygroup
:
$ cat foo/*
#!/bin/ls
#!/bin/ls
$ ./foo/data
ash: ./foo/data: Permission denied
$ ./foo/exec
./foo/exec
What's going on?
$ getfacl foo/data
# file: foo/data
# owner: myuser
# group: mygroup
user::rw-
group::---
group:mygroup:rwx #effective:rw-
mask::rw-
other::---
The effective ACL for mygroup
is the result of
and'ing the ACL_GROUP
entry for mygroup
(rwx
) with the ACL_MASK entry (rw-
).
The acl(5) man page explains calculation this under
“Access check algorithms”. It doesn't explain how
ACL_MASK
entries are generated, but in practice the
right thing seems to happen.
source
Can I, as a user, change the default chmod settings for my account?
The setting you're looking for is called the umask
, and that's also the name of
the command that changes it. To make a persistent change, add a
umask
command to your shell startup file -- probably
named .profile
or .bash_profile
, in
your home directory; if you don't seem to have any such file,
post the output of these commands:
$ grep $LOGNAME /etc/passwd
$ (cd; ls -ld .??*)
source
How to set default permissions for files moved or copied to a directory?
I can offer a workaround: Make a separate "drop" directory, run a
separate minijob there that fixes the permissions and then moves
the files into the application's data directory. You can use
incron for that so there would be virtually no noticeable time
delay.
source
Allow specific user permission to read/write my folder
If you are using Linux with a relatively modern
filesystem (ext3/ext4, btrfs, ntfs), this can be done with
POSIX
ACLs:
-
Enable ACLs for the filesystem. This is only necessary for
ext3 and ext4 on kernels older than 2.6.38. All other
filesystems that support ACLs enable them automatically.
mount -o remount,acl /
tune2fs -o acl /dev/<partition>
-
Give tom
access to the folder:
setfacl -m user:tom:rwx /home/samantha/folder
If the OS or the filesystem does not support ACLs, another way is
to use groups.
-
Create a group.
-
Some Linux distributions create a separate group for each
user: tom
would automatically be in a group
also named tom
.
-
If not, create a group. This should work on Linux...
groupadd tom
gpasswd -a tom tom
...and this - on BSD:
groupadd tom
usermod -G tom tom
-
chgrp
the directory to that group, and give
permissions with chmod
:
chgrp tom /home/samantha/folder
chmod g+rwx /home/samantha/folder
source
How can I do a recursive chmod only on directories?
Run find
on -type d
(directories) with the -exec
primary to
perform the chmod
only on folders:
find /your/path/here -type d -exec chmod o+x {} \;
To be sure it only performs it on desired objects, you can run
just find /your/path/here -type d
first; it will
simply print out the directories it finds.
source
chmod 777: how to make all files become "RWX"
description
This manual
page documents the GNU version of chmod. chmod
changes the file mode bits of each given file according to
mode, which can be either a symbolic representation
of changes to make, or an octal number representing the bit
pattern for the new mode bits.
The format of a
symbolic mode is
[ugoa...][[+-=][perms...]...], where
perms is either zero or more letters from the set
rwxXst, or a single letter from the set ugo.
Multiple symbolic modes can be given, separated by
commas.
A combination
of the letters ugoa controls which users’
access to the file will be changed: the user who owns it
(u), other users in the file’s group
(g), other users not in the file’s group
(o), or all users (a). If none of these are
given, the effect is as if a were given, but bits
that are set in the umask are not affected.
The operator
+ causes the selected file mode bits to be added to
the existing file mode bits of each file; - causes
them to be removed; and = causes them to be added and
causes unmentioned bits to be removed except that a
directory’s unmentioned set user and group ID bits are
not affected.
The letters
rwxXst select file mode bits for the affected users:
read (r), write (w), execute (or search for
directories) (x), execute/search only if the file is
a directory or already has execute permission for some user
(X), set user or group ID on execution (s),
restricted deletion flag or sticky bit (t). Instead
of one or more of these letters, you can specify exactly one
of the letters ugo: the permissions granted to the
user who owns the file (u), the permissions granted
to other users who are members of the file’s group
(g), and the permissions granted to users that are in
neither of the two preceding categories (o).
A numeric mode
is from one to four octal digits (0-7), derived by
adding up the bits with values 4, 2, and 1. Omitted digits
are assumed to be leading zeros. The first digit selects the
set user ID (4) and set group ID (2) and restricted deletion
or sticky (1) attributes. The second digit selects
permissions for the user who owns the file: read (4), write
(2), and execute (1); the third selects permissions for
other users in the file’s group, with the same values;
and the fourth for other users not in the file’s
group, with the same values.
chmod
never changes the permissions of symbolic links; the
chmod system call cannot change their permissions.
This is not a problem since the permissions of symbolic
links are never used. However, for each symbolic link listed
on the command line, chmod changes the permissions of
the pointed-to file. In contrast, chmod ignores
symbolic links encountered during recursive directory
traversals.
options
Change the mode
of each FILE to MODE. With --reference,
change the mode of each FILE to that of RFILE.
-c, --changes
like verbose but report only
when a change is made
-f,
--silent, --quiet
suppress most error
messages
-v,
--verbose
output a diagnostic for every
file processed
--no-preserve-root
do not treat ’/’
specially (the default)
--preserve-root
fail to operate recursively on
’/’
--reference=RFILE
use RFILE’s mode instead
of MODE values
-R,
--recursive
change files and directories
recursively
--help
display this help and exit
--version
output version information and
exit
Each MODE is of
the form
’[ugoa]*([-+=]([rwxXst]*|[ugo]))+|[-+=][0-7]+’.
copyright
Copyright © 2012 Free Software Foundation, Inc. License GPLv3+:
GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute
it. There is NO WARRANTY, to the extent permitted by law.
reporting bugs
Report chmod bugs to bug-coreutils[:at:]gnu[:dot:]org
GNU coreutils home page:
<http://www.gnu.org/software/coreutils/>
General help using GNU software:
<http://www.gnu.org/gethelp/>
Report chmod translation bugs to
<http://translationproject.org/team/>
restricted deletion flag or sticky bit
The restricted deletion flag or sticky bit is a single bit, whose
interpretation depends on the file type. For directories, it
prevents unprivileged users from removing or renaming a file in
the directory unless they own the file or the directory; this is
called the restricted deletion flag for the directory, and
is commonly found on world-writable directories like /tmp.
For regular files on some older systems, the bit saves the
program’s text image on the swap device so it will load more
quickly when run; this is called the sticky bit.
setuid and setgid bits
chmod clears the set-group-ID bit of a regular file if the
file’s group ID does not match the user’s effective group ID or
one of the user’s supplementary group IDs, unless the user has
appropriate privileges. Additional restrictions may cause the
set-user-ID and set-group-ID bits of MODE or RFILE
to be ignored. This behavior depends on the policy and
functionality of the underlying chmod system call. When in
doubt, check the underlying system behavior.
chmod preserves a directory’s set-user-ID and set-group-ID
bits unless you explicitly specify otherwise. You can set or
clear the bits with symbolic modes like u+s and
g-s, and you can set (but not clear) the bits with a
numeric mode.
see also
chmod
The full
documentation for chmod is maintained as a Texinfo
manual. If the info and chmod programs are
properly installed at your site, the command
info
coreutils 'chmod invocation'
should give you
access to the complete manual.
author
Written by
David MacKenzie and Jim Meyering.