Access Permissions   «Prev 

Function of chmod arguments

chmod: Change access modes on files.
Change the access mode of one or more files. Only the owner of a file or a privileged user may change its mode. Create mode by concatenating the characters from who, opcode, and permission. who is optional (if omitted, default is a); choose only one opcode.

Common Options

  1. -f, --quiet, --silent: Do not print error messages about files that cannot be changed.
  2. -R, --recursive: Recursively descend through the directory, including subdirectories and symbolic links, setting the specified group ID as it proceeds. The last of -H, -L, and -P takes effect when used with -R.

GNU/Linux and Mac OS X Optionw

-v, --verbose: Verbosely describe ownership changes.
  1. -c, --changes: Print information about files that are changed.
  2. --no-preserve-root: Do not treat the root directory, /, specially (the default).
  3. --preserve-root: Do not operate recursively on /, the root directory.
  4. --reference=filename: Change the group to that associated with filename. In this case, newgroup is not specified.
By default, the chmod command uses concatenation to assign permission bits to a specific file or folder. Therefore, chmod defaults to adding new values to any permissions values that might already exist on a file or directory.
Suppose that you have a file named userprogram. It has the following permissions: rw-rw-rw-.
If you enter
chmod u+x userprogram

you will be giving permission for a user to execute the program named userprogram. The permissions for this file would read

By using the + argument, you have simply added one extra user permission to the file. You can, of course, use the - argument to revoke such permissions.

The command
chmod u-x userprogram

would return the file's permissions to its original state.
You must understand that the + and - arguments add and remove permissions, but any permissions you do not specify will remain in force for this particular file or directory. Unless you explicitly add or subtract permissions from the user, group, and everyone blocks of the file or directory, the permissions will remain unchanged. The = argument, however, works in exactly the opposite way. It removes all permissions except those you explicitly provide.
For example, suppose that you have a file named passwd. Further, suppose that it has full access permissions noted in each block: rwxrwxrwx.
If you used chmod with the = argument, you could modify the permissions without having to revoke each permission individually.
Therefore, if you typed
the file's permissions would read r-xr-x--x.
If you compare the resulting permissions with those the file originally had, you can see that the use of = removed several permissions automatically because you did not explicitly assign them.
If you use the = argument without any modifiers, you will effectively remove all permissions associated with the group you have identified. For example, if you type

chmod u= userfile

users will not be able to read, write, or execute this file.