Originální popis anglicky:
chmod - change the file modes
Návod, kniha: POSIX Programmer's Manual
chmod [-R] mode file ...
The
chmod utility shall change any or all of the file mode bits of the
file named by each
file operand in the way specified by the
mode
operand.
It is implementation-defined whether and how the
chmod utility affects
any alternate or additional file access control mechanism (see the Base
Definitions volume of IEEE Std 1003.1-2001, Section 4.4, File
Access Permissions) being used for the specified file.
Only a process whose effective user ID matches the user ID of the file, or a
process with the appropriate privileges, shall be permitted to change the file
mode bits of a file.
The
chmod utility shall conform to the Base Definitions volume of
IEEE Std 1003.1-2001, Section 12.2, Utility Syntax Guidelines.
The following option shall be supported:
- -R
- Recursively change file mode bits. For each file
operand that names a directory, chmod shall change the file mode
bits of the directory and all files in the file hierarchy below it.
The following operands shall be supported:
- mode
- Represents the change to be made to the file mode bits of
each file named by one of the file operands; see the EXTENDED
DESCRIPTION section.
- file
- A pathname of a file whose file mode bits shall be
modified.
Not used.
None.
The following environment variables shall affect the execution of
chmod:
- LANG
- Provide a default value for the internationalization
variables that are unset or null. (See the Base Definitions volume of
IEEE Std 1003.1-2001, Section 8.2, Internationalization
Variables for the precedence of internationalization variables used to
determine the values of locale categories.)
- LC_ALL
- If set to a non-empty string value, override the values of
all the other internationalization variables.
- LC_CTYPE
- Determine the locale for the interpretation of sequences of
bytes of text data as characters (for example, single-byte as opposed to
multi-byte characters in arguments).
- LC_MESSAGES
- Determine the locale that should be used to affect the
format and contents of diagnostic messages written to standard error.
- NLSPATH
- Determine the location of message catalogs for the
processing of LC_MESSAGES .
Default.
Not used.
The standard error shall be used only for diagnostic messages.
None.
The
mode operand shall be either a
symbolic_mode expression or a
non-negative octal integer. The
symbolic_mode form is described by the
grammar later in this section.
Each
clause shall specify an operation to be performed on the current
file mode bits of each
file. The operations shall be performed on each
file in the order in which the
clauses are specified.
The
who symbols
u,
g, and
o shall specify the
user,
group, and
other parts of the file mode bits,
respectively. A
who consisting of the symbol
a shall be
equivalent to
ugo.
The
perm symbols
r,
w, and
x represent the
read,
write, and
execute/
search portions of file
mode bits, respectively. The
perm symbol
s shall represent the
set-user-ID-on-execution (when
who contains or implies
u)
and
set-group-ID-on-execution (when
who contains or implies
g) bits.
The
perm symbol
X shall represent the execute/search portion of
the file mode bits if the file is a directory or if the current (unmodified)
file mode bits have at least one of the execute bits (S_IXUSR, S_IXGRP, or
S_IXOTH) set. It shall be ignored if the file is not a directory and none of
the execute bits are set in the current file mode bits.
The
permcopy symbols
u,
g, and
o shall represent the
current permissions associated with the user, group, and other parts of the
file mode bits, respectively. For the remainder of this section,
perm
refers to the non-terminals
perm and
permcopy in the grammar.
If multiple
actionlists are grouped with a single
wholist in the
grammar, each
actionlist shall be applied in the order specified with
that
wholist. The
op symbols shall represent the operation
performed, as follows:
- +
- If perm is not specified, the '+' operation
shall not change the file mode bits.
If
who is not specified, the file mode bits represented by
perm
for the owner, group, and other permissions, except for those with
corresponding bits in the file mode creation mask of the invoking process,
shall be set.
Otherwise, the file mode bits represented by the specified
who and
perm values shall be set.
- -
- If perm is not specified, the '-' operation
shall not change the file mode bits.
If
who is not specified, the file mode bits represented by
perm
for the owner, group, and other permissions, except for those with
corresponding bits in the file mode creation mask of the invoking process,
shall be cleared.
Otherwise, the file mode bits represented by the specified
who and
perm values shall be cleared.
- =
- Clear the file mode bits specified by the who value,
or, if no who value is specified, all of the file mode bits
specified in this volume of IEEE Std 1003.1-2001.
If
perm is not specified, the
'=' operation shall make no further
modifications to the file mode bits.
If
who is not specified, the file mode bits represented by
perm
for the owner, group, and other permissions, except for those with
corresponding bits in the file mode creation mask of the invoking process,
shall be set.
Otherwise, the file mode bits represented by the specified
who and
perm values shall be set.
When using the symbolic mode form on a regular file, it is
implementation-defined whether or not:
- *
- Requests to set the set-user-ID-on-execution or
set-group-ID-on-execution bit when all execute bits are currently clear
and none are being set are ignored.
- *
- Requests to clear all execute bits also clear the
set-user-ID-on-execution and set-group-ID-on-execution bits.
- *
- Requests to clear the set-user-ID-on-execution or
set-group-ID-on-execution bits when all execute bits are currently clear
are ignored. However, if the command ls -l file
writes an s in the position indicating that the
set-user-ID-on-execution or set-group-ID-on-execution is set, the commands
chmod u-s file or chmod g-s
file, respectively, shall not be ignored.
When using the symbolic mode form on other file types, it is
implementation-defined whether or not requests to set or clear the
set-user-ID-on-execution or set-group-ID-on-execution bits are honored.
If the
who symbol
o is used in conjunction with the
perm
symbol
s with no other
who symbols being specified, the
set-user-ID-on-execution and set-group-ID-on-execution bits shall not be
modified. It shall not be an error to specify the
who symbol
o
in conjunction with the
perm symbol
s.
The
perm symbol
t shall specify the S_ISVTX bit. When used with a
file of type directory, it can be used with the
who symbol
a, or
with no
who symbol. It shall not be an error to specify a
who
symbol of
u,
g, or
o in conjunction with the
perm
symbol
t, but the meaning of these combinations is unspecified. The
effect when using the
perm symbol
t with any file type other
than directory is unspecified.
For an octal integer
mode operand, the file mode bits shall be set
absolutely.
For each bit set in the octal number, the corresponding file permission bit
shown in the following table shall be set; all other file permission bits
shall be cleared. For regular files, for each bit set in the octal number
corresponding to the set-user-ID-on-execution or the
set-group-ID-on-execution, bits shown in the following table shall be set; if
these bits are not set in the octal number, they are cleared. For other file
types, it is implementation-defined whether or not requests to set or clear
the set-user-ID-on-execution or set-group-ID-on-execution bits are honored.
| Octal |
Mode Bit |
Octal |
Mode Bit |
Octal |
Mode Bit |
Octal |
Mode Bit |
| 4000 |
S_ISUID |
0400 |
S_IRUSR |
0040 |
S_IRGRP |
0004 |
S_IROTH |
| 2000 |
S_ISGID |
0200 |
S_IWUSR |
0020 |
S_IWGRP |
0002 |
S_IWOTH |
| 1000 |
S_ISVTX |
0100 |
S_IXUSR |
0010 |
S_IXGRP |
0001 |
S_IXOTH |
When bits are set in the octal number other than those listed in the table
above, the behavior is unspecified.
The grammar and lexical conventions in this section describe the syntax for the
symbolic_mode operand. The general conventions for this style of
grammar are described in
Grammar Conventions . A valid
symbolic_mode can be represented as the non-terminal symbol
symbolic_mode in the grammar. This formal syntax shall take precedence
over the preceding text syntax description.
The lexical processing is based entirely on single characters. Implementations
need not allow <blank>s within the single argument being processed.
%start symbolic_mode
%%
symbolic_mode : clause
| symbolic_mode ',' clause
;
clause : actionlist
| wholist actionlist
;
wholist : who
| wholist who
;
who : 'u' | 'g' | 'o' | 'a'
;
actionlist : action
| actionlist action
;
action : op
| op permlist
| op permcopy
;
permcopy : 'u' | 'g' | 'o'
;
op : '+' | '-' | '='
;
permlist : perm
| perm permlist
;
perm : 'r' | 'w' | 'x' | 'X' | 's' | 't'
;
The following exit values shall be returned:
- 0
- The utility executed successfully and all requested changes
were made.
- >0
- An error occurred.
Default.
The following sections are informative.
Some implementations of the
chmod utility change the mode of a directory
before the files in the directory when performing a recursive (
-R
option) change; others change the directory mode after the files in the
directory. If an application tries to remove read or search permission for a
file hierarchy, the removal attempt fails if the directory is changed first;
on the other hand, trying to re-enable permissions to a restricted hierarchy
fails if directories are changed last. Users should not try to make a
hierarchy inaccessible to themselves.
Some implementations of
chmod never used the process'
umask when
changing modes; systems conformant with this volume of
IEEE Std 1003.1-2001 do so when
who is not specified.
Note the difference between:
which removes all write permissions, and:
which removes write permissions that would be allowed if
file was created
with the same
umask.
Conforming applications should never assume that they know how the set-user-ID
and set-group-ID bits on directories are interpreted.
| Mode |
Results |
| a+= |
Equivalent to a+, a=; clears all file mode bits. |
| go+-w |
Equivalent to go+, go- w; clears group and other
write bits. |
| g=o-w |
Equivalent to g= o, g- w; sets group bit to
match other bits and then clears group write bit. |
| g-r+w |
Equivalent to g- r, g+ w; clears group read
bit and sets group write bit. |
| uo=g |
Sets owner bits to match group bits and sets other bits to match group
bits. |
The functionality of
chmod is described substantially through references
to concepts defined in the System Interfaces volume of
IEEE Std 1003.1-2001. In this way, there is less duplication of
effort required for describing the interactions of permissions. However, the
behavior of this utility is not described in terms of the
chmod()
function from the System Interfaces volume of
IEEE Std 1003.1-2001 because that specification requires certain
side effects upon alternate file access control mechanisms that might not be
appropriate, depending on the implementation.
Implementations that support mandatory file and record locking as specified by
the 1984 /usr/group standard historically used the combination of set-group-ID
bit set and group execute bit clear to indicate mandatory locking. This
condition is usually set or cleared with the symbolic mode
perm symbol
l instead of the
perm symbols
s and
x so that the
mandatory locking mode is not changed without explicit indication that that
was what the user intended. Therefore, the details on how the implementation
treats these conditions must be defined in the documentation. This volume of
IEEE Std 1003.1-2001 does not require mandatory locking (nor
does the System Interfaces volume of IEEE Std 1003.1-2001), but
does allow it as an extension. However, this volume of
IEEE Std 1003.1-2001 does require that the
ls and
chmod utilities work consistently in this area. If
ls -l
file indicates that the set-group-ID bit is set,
chmod
g-s file must clear it (assuming appropriate privileges exist to
change modes).
The System V and BSD versions use different exit status codes. Some
implementations used the exit status as a count of the number of errors that
occurred; this practice is unworkable since it can overflow the range of valid
exit status values. This problem is avoided here by specifying only 0 and
>0 as exit values.
The System Interfaces volume of IEEE Std 1003.1-2001 indicates
that implementation-defined restrictions may cause the S_ISUID and S_ISGID
bits to be ignored. This volume of IEEE Std 1003.1-2001 allows
the
chmod utility to choose to modify these bits before calling
chmod() (or some function providing equivalent capabilities) for
non-regular files. Among other things, this allows implementations that use
the set-user-ID and set-group-ID bits on directories to enable extended
features to handle these extensions in an intelligent manner.
The
X perm symbol was adopted from BSD-based systems because it
provides commonly desired functionality when doing recursive (
-R
option) modifications. Similar functionality is not provided by the
find utility. Historical BSD versions of
chmod, however, only
supported
X with
op+; it has been extended in this volume of
IEEE Std 1003.1-2001 because it is also useful with
op=.
(It has also been added for
op- even though it duplicates
x, in
this case, because it is intuitive and easier to explain.)
The grammar was extended with the
permcopy non-terminal to allow
historical-practice forms of symbolic modes like
o=
u -g
(that is, set the "other" permissions to the permissions of
"owner" minus the permissions of "group").
None.
ls ,
umask , the System Interfaces volume of
IEEE Std 1003.1-2001,
chmod()
Portions of this text are reprinted and reproduced in electronic form from IEEE
Std 1003.1, 2003 Edition, Standard for Information Technology -- Portable
Operating System Interface (POSIX), The Open Group Base Specifications Issue
6, Copyright (C) 2001-2003 by the Institute of Electrical and Electronics
Engineers, Inc and The Open Group. In the event of any discrepancy between
this version and the original IEEE and The Open Group Standard, the original
IEEE and The Open Group Standard is the referee document. The original
Standard can be obtained online at http://www.opengroup.org/unix/online.html
.
