In Unix, how do I change the permissions for a file?
You can change file permissions with the chmod
command.
In Unix, file permissions, which establish who may have
different types of access to a file, are specified by both access
classes and access types. Access classes are groups of users, and
each may be assigned specific access types. The access classes are
"user", "group", "other", and "all". These refer, respectively, to
the user who owns the file, a specific group
of users, the other remaining users who are not in the group, and all
three sets of users. Access types (read, write, and execute)
determine what may be done with the file by each access class.
There are two basic ways of using chmod
to change file
permissions:
Symbolic method
The first and probably easiest way is the relative (or symbolic)
method, which lets you specify access classes and types with single
letter abbreviations. A chmod
command with this form of
syntax consists of at least three parts from the following lists:
Access Class | Operator | Access Type |
---|---|---|
u (user) | + (add access) | r (read) |
g (group) | - (remove access) | w (write) |
o (other) | = (set exact access) | x (execute) |
a (all: u, g, and o) |
For example, to add permission for everyone to read a file in the
current directory named myfile
, at the Unix prompt, you
would enter:
chmod a+r myfile
The a
stands for "all", the +
for "add", and the r
for "read".
Note: This assumes that everyone already has access
to the directory where myfile
is located and its parent
directories; that is, you must set the directory permissions
separately.
If you omit the access class, it's assumed to be all, so you could
also enter the previous example as:
chmod +r myfile
You can also specify multiple classes and types with a single command.
For example, to remove read and write permission for group and other
users (leaving only yourself with read and write permission) on a file
named myfile
, you would enter:
chmod go-rw myfile
You can also specify that different permissions be added and removed
in the same command. For example, to remove write permission and add
execute for all users on myfile
, you would enter:
chmod a-w+x myfile
In each of these examples, the access types that aren't specified are
unchanged. The previous command, for example, doesn't change any
existing settings specifying whether users besides yourself may have
read ( r
) access to myfile
. You
could also use the exact form to explicitly state that group and other
users' access is set only to read with the =
operator:
chmod go=r myfile
The chmod
command also operates on directories. For
example, to remove write permission for other users on a subdirectory
named mydir
, you would enter:
chmod o-w mydir
To do the same for the current directory, you would enter:
chmod o-w
Be careful when setting the permissions of directories, particularly
your home directory; you don't want to lock yourself out by removing
your own access. Also, you must have execute permission on a directory
to switch ( cd
) to it.
Absolute form
The other way to use the chmod
command is the absolute
form. In this case, you specify a set of three numbers that together
determine all the access classes and types. Rather than being able to
change only particular attributes, you must specify the entire state
of the file's permissions.
The three numbers are specified in the order: user (or owner), group,
other. Each number is the sum of values that specify read (4), write
(2), and execute (1) access, with 0 (zero) meaning no access. For
example, if you wanted to give yourself read, write, and execute
permissions on myfile
; give users in your group read and
execute permissions; and give others only execute permission, the
appropriate number would be calculated as (4+2+1)(4+0+1)(0+0+1) for
the three digits 751. You would then enter the command as:
chmod 751 myfile
As another example, to give only yourself read, write, and execute
permission on the current directory, you would calculate the digits
as (4+2+1)(0+0+0)(0+0+0) for the sequence 700, and enter the command:
chmod 700
If it seems clearer to you, you can also think of the three digit
sequence as the sum of attributes you select from the following table:
400 read by owner
200 write by owner
100 execute by owner
040 read by group
020 write by group
010 execute by group
004 read by others
002 write by others
001 execute by others
To create an access mode, sum all the accesses you wish to permit.
For example, to give read privileges to all, and write and execute
privileges to the owner only for a file, you would sum:
400+200+100+040+004 = 744. Then, at the Unix prompt, you would enter:
chmod 744 myfile.ext
Some other frequently used examples are:
777 | anyone can do anything (read, write, or execute) |
755 | you can do anything; others can only read and execute |
711 | you can do anything; others can only execute |
644 | you can read and write; others can only read |
More information
For more information about chmod
, consult the manual
page. At the Unix prompt, enter:
man chmod
Post a Comment