chmod in Mac OS X
By: Strauss K
Change access permissions (file modes)
Syntax chmod [-fv] [-R [-H | -L | -P]] mode file ... chmod [-fv] [-R [-H | -L | -P]] [-a | +a | =a] ACE file ... chmod [-fhv] [-R [-H | -L | -P]] [ACL_Option] file ... Options -R Recurse: Change the mode of file hierarchies rooted in the files instead of just the files themselves. -R -H Follow symbolic links on the command line (by default Symbolic links within the tree are not followed.) -R -L All symbolic links are followed. -R -P No symbolic links are followed. (default) -f Do not display a diagnostic message if chmod could not modify the mode for file. -h If the file is a symbolic link, change the mode of the link itself rather than the file that the link points to. -v Verbose, show filenames as the mode is modified * -v -v Very Verbose: display both old and new modes of the file in both octal and symbolic notation * ACL_Options -E Read the ACL information from stdin, as a sequential list of ACEs, separated by newlines. If the information parses correctly, the existing information is replaced. -C Returns false if any of the named files have ACLs in non-canonical order. -N Remove the ACL from the named file(s). ACL_manipulation_options +a mode Insert a new ACL entry +a# mode Insert a new ACL entry with specific ordering -a mode Delete an ACL entry =a# mode Rewrite an Individual entry -i Remove the 'inherited' bit from all entries in the named file(s) ACLs. -I Remove all inherited entries from the named file(s) ACL(s).
chmod changes the permissions of each given file according to mode, which can be either an octal number representing the bit pattern for the new permissions or a symbolic representation of changes to make, (+-= rwxXstugoa)
* The -v option is non-standard and its use in scripts is not recommended.
Numeric (absolute) mode:
From
one to four octal digits
Any omitted digits are assumed to be leading zeros.
The first digit = selects attributes for the set user ID (4)
and set group ID (2)
and save text image (1)
The second digit = permissions for the user who owns the
file: read (4),
write (2),
and execute (1)
The third digit = permissions for other users in the file's group:
read (4),
write (2),
and execute (1)
The fourth digit = permissions for other users NOT in the file's group: read (4),
write (2),
and execute (1)
The
octal (0-7) value is calculated by adding up the values for each digit
User (rwx) = 4+2+1 = 7
Group(rx) = 4+1 = 5
World (rx) = 4+1 = 5
chmod mode = 0755
Numeric Mode Examples:
Allow read permission to everyone:
$ chmod 444 file
Allow everyone to read, and execute the file:
$ chmod 755 fileMake a file readable and writable by the group and others:
$ chmod 066 file
Symbolic Mode
The
format of a symbolic mode is [who...][[+-=][perm...]...][,...]
Multiple symbolic operations can be given, separated by commas.
who -
a combination of the letters `ugoa' controls which users'
access to the file will be changed:
u The User who owns it
g other users in the file's Group
o Other users not in the file's group
a All users, this is equivalent to (ugo)
If none of these are given, the effect is as if (a) were given, but bits that are set in the umask are not affected.
+-=
The operator '+'
causes the permissions selected to be added to the existing permissions of each
file;
'-'
causes them to be removed; and '='
causes them to be the only permissions that the file has.
if = is
specified with no who then
all (owner, group and other) will be cleared.
perm
The letters 'rwxXstugo' select the new permissions for
the affected users:
r Read
w Write
x Execute/search (or access for directories)
X Execute/search only if the file is a directory or already has execute permission for some user
s Set user or group ID on execution
t The sticky bit
u User permission
g Group permission
o Other permission (users not in the file's group)
Symbolic Mode Examples:
Deny execute permission to everyone:
$ chmod a-x file
Allow read permission to everyone:
$ chmod a+r file
Make a file readable and writable by the group and others:
$ chmod go+rw fileMake a shell script executable by the user/owner
$ chmod u+x myscript.sh
Allow everyone to read, write, and execute the file and turn on the set group-ID:
$ chmod =rwx,g+s file
ACL - Access Control List manipulation
Each file has one ACL, containing an ordered list of entries. Each entry refers to a user or group, and grants or denies a set of permissions.
Filesystem object permissions:
delete Delete
the item. Deletion may be granted by either this permission on an object or the
delete_child right on the containing directory.
readattr Read
an objects basic attributes. This is implicitly granted if the object can be
looked up and not explicitly denied.
writeattr Write
an object's basic attributes.
readextattr Read
extended attributes.
writeextattr Write
extended attributes.
readsecurity Read
an object's extended security information (ACL).
writesecurity Write
an object's security information (ownership, mode,ACL).
chown Change
an object's ownership.
Directory permissions:
list List
entries.
search Look
up files by name.
add_file Add
a file.
add_subdirectory Add
a subdirectory.
delete_child Delete
a contained object. See the file delete permission above.
Non-directory
filesystem object permissions:
read Open
for reading.
write Open
for writing.
append Open
for writing, but in a fashion that only allows writes into areas of the file not
previously written.
execute Execute
the file as a script or program.
Directory ACL inheritance permissions:
file_inherit Inherit
to files.
directory_inherit Inherit
to directories.
limit_inherit for
subdirectory inheritance; this causes the directory_inherit flag to be cleared,
preventing further subdirectories from also inheriting the entry.
only_inherit The
entry is inherited by created items but not considered when processing the ACL.
In cases where a user and a group exist with the same name, the user/group name can be prefixed with "user:" or "group:" in order to specify the type of name.
ACL Examples
$ chmod +a "admin allow write" myfile.txt
$ chmod +a "guest deny read" myfile.txt
$ chmod +a "admin allow delete" myfile.txt
$ chmod +ai "others allow read" myfile.txt
$ chmod +a# 2 "others deny read" myfile.txt
$ chmod -a# 1 myfile.txt
$ chmod -a "admin allow write" myfile.txt
$ chmod =a# 1 "admin allow write,chown"
Notes:
Only the owner of a file or the super-user is permitted to change the mode of a file.
The return status is zero if the mode is successfully changed, non-zero otherwise.
When
chmod is applied to a directory:
read = list files in the directory
write = add new files to the directory
execute = access files in the directory
chmod never changes the permissions of symbolic links. This is not a problem
since the permissions of symbolic links are never used. However, for each
symbolic link listed on the command line, chmod changes the permissions of the
pointed-to file. In contrast, chmod ignores symbolic links encountered during
recursive directory traversals.
Archived Comments
1. Brettkip
View Tutorial By: Brettkip at 2017-07-20 15:14:13
Most Viewed Articles (in macos ) |
Latest Articles (in macos) |
Comment on this tutorial