User:Kernigh/chmod

From Wikibooks, open books for an open world
Jump to: navigation, search

This is an example layout page belonging to User:Kernigh. This page is intended to demonstrate what might happen if Guide to UNIX commands was modified so that each page has its own command.

I am currently using this page to test Template:Guide to UNIX:clink. --Kernigh 01:09, 23 October 2005 (UTC)


<-- chown chmod find -->

Template:Guide to UNIX:clink

chmod changes permissions of files. One must be familiar with Unix file permissions to understand this command. There are three permissions: read ("r"), write ("w"), and execute ("x"). There are three sets of permissions: for the owning user of the file ("u"), for the group of the file ("g"), and for other users ("o").

For a file, "execute" means to run it as a program. For a directory, "execute" permission is required to use anything in that directory tree, so doing anything with "/usr/share/doc/README" requires execute permissions on all of "/", "/usr", "/usr/share", and "/usr/share/doc".

If you are interested in more advanced topics like the set-uid, set-gid, sticky bits and octal numbers, try reading the FreeBSD manual page at http://www.FreeBSD.org/cgi/man.cgi (type "chmod" in the form and submit).

Options[edit]

 -R recursively change or set permissions on an entire directory tree

Examples[edit]

chmod
changes file mode (pretemplate version)

We wrote a shell script called "configure". We make it executable ("+x") and then execute it as a command. Usually, "+x" is the same as "u+x" or "ug+x", depending on the status of the file mode creation mask.

> chmod +x configure
> ./configure

Only allow the owning user to run "configure":

> chmod u+x configure

Deny the group and other users from running "configure":

> chmod go-x configure

For all users except the owner ("gw"), disable all access to "~/mail" and "~/private" ("-rwx"). This way, the contents are private and only their owner (or root) can access them.

> chmod go-rwx ~/mail ~/private

Note that in the previous example, "-R" was not specified. By disabling the execute bit ("-x"), all files inside ~/{mail,private} are protected even if their group and other read bits are enabled. Thus, simply moving some file from inside ~/{mail,private} to some public place like "/tmp" can make the files available to other users again.

The "root" user wants to set up "/usr/local/src" so that all users in group "wsrc" (including "tux") can create files there. Root will continue to own the directory. This is done by changing the group of "/usr/local/src" to "wsrc" and then by granting to the group ("g") the read, write, and execute permissions ("+rwx").

> chown :wsrc /usr/local/src
> chmod g+rwx /usr/local/src

All Unix-like systems should allow all users to create temporary files in "/tmp" and "/var/tmp". Thus root gives everyone ("a", short for "ugo") all permissions ("+rwx") on the files.

> chmod a+rwx /tmp /var/tmp

The problem with the above is that because all users have write access to /tmp and /var/tmp, every user can delete and rename files, even ones not created by them. For example, "tux" could create "/tmp/socket.3908" and another user could delete it or rename it to "/tmp/garbage", thus annoying Tux. To keep temporary files safe, we use the sticky bit called "t". This limits the deletion and renaming of files in /tmp to root, the owner of /tmp (also root), and the owner of the file (Tux for "/tmp/socket.3908"). It does the same for /var/tmp. So what we should do is:

> chmod a+rwxt /tmp /var/tmp

Category Guide to UNIX/Commands/File system utilities