Previous Table of Contents Next


Changing File Permissions

Use the chmod command to change the permissions on a file or directory. Only the owner of a file or superuser can change file and directory permissions.

You can set permissions with the chmod command in one of two ways:

  Absolute mode—Use numbers to represent file permissions. When you change permissions by using the absolute mode, you represent permissions by specifying an octal mode triplet, such as 700 or 666.
  Symbolic mode—Use combinations of letters and symbols to add or remove permissions.

Refer to Table 18-3 on page 416 for the octal values used to set file permissions in absolute mode.

Table 18-7 lists the symbols for setting file permissions in symbolic mode. You can use symbols to specify whose permissions are to be set or changed, the operation to be performed, or the permissions being assigned or changed.

Table 18-7 Symbolic Values for File and Directory Permissions
Symbol Function*Description
u Who User (owner)
g Who Group
o Who Others
A Who All
= Operation Assign
+ Operation Add
- Operation Remove
r Permission Read
w Permission Write
x Permission Execute
l Permission Mandatory locking, setgid bit is on, group execution bit is off
s Permission setuid or setgid bit is on
S Permission suid bit is on, user execution bit is off
t Permission Sticky bit is on, execution bit for others is on
T Permission Sticky bit is on, execution bit for others is off
*The who, operator, and permissions designations in the function column specify the symbols that change the permissions on the file or directory.

Use the following steps to change permissions in absolute mode:

1.  If you are not the owner of the file or directory, become superuser.
2.  Type chmod <nnn> <filename> and press Return.
3.  Type ls -l <filename> and press Return to verify that the permissions of the file have changed.

Use the following steps to change permissions in symbolic mode:

1.  If you are not the owner of the file or directory, become superuser.
2.  Type chmod <who> <operator> <permission> <filename> and press Return.
3.  Type ls -l <filename> and press Return to verify that the permissions of the file have changed.

The following example changes permissions in absolute mode for the file local.cshrc to 666.

castle% chmod 666 local.cshrc
castle% ls -l local.cshrc
-rw-rw-rw-   1 winsor   staff        124 Sep 12 10:32 local.cshrc
castle%

The following example removes read permission from others for the file filea:

castle% chmod o-r filea

The following example adds read and execute permissions for user, group, and others for the file fileb.

castle% chmod a+rx fileb

The following example adds read, write, and execute permissions for group for the file filec.

castle% chmod g=rwx filec

Special File Permissions (setuid, setgid, and Sticky Bit)

Three special types of permissions are available for executable files and public directories.

  setuid permission
  setgid permission
  Sticky bit

When these permissions are set for an executable file, any user who runs that file assumes the permissions of the owner or group of the executable file.

CAUTION! Be extremely careful when setting special permissions because they constitute a security risk. For example, a user can gain superuser permission by executing a program that sets the UID to root.

Monitor your system for any unauthorized use of the setuid and setgid permissions to gain superuser privileges. See "Searching for Files with Special Permissions" for information on how to search for file systems and print out a list of all of the programs using these permissions. A suspicious listing would be one that grants ownership of such a program to a user rather than to bin or sys. Only superuser can set these permissions.


Previous Table of Contents Next