3 @c Copyright (C) 1994-2012 Free Software Foundation, Inc.
5 @c Permission is granted to copy, distribute and/or modify this document
6 @c under the terms of the GNU Free Documentation License, Version 1.3 or
7 @c any later version published by the Free Software Foundation; with no
8 @c Invariant Sections, with no Front-Cover Texts, and with no Back-Cover
9 @c Texts. A copy of the license is included in the ``GNU Free
10 @c Documentation License'' file as part of this distribution.
12 Each file has a set of @dfn{file mode bits} that control the kinds of
13 access that users have to that file. They can be represented either in
14 symbolic form or as an octal number.
17 * Mode Structure:: Structure of file mode bits.
18 * Symbolic Modes:: Mnemonic representation of file mode bits.
19 * Numeric Modes:: File mode bits as octal numbers.
20 * Directory Setuid and Setgid:: Set-user-ID and set-group-ID on directories.
24 @section Structure of File Mode Bits
26 The file mode bits have two parts: the @dfn{file permission bits},
27 which control ordinary access to the file, and @dfn{special mode
28 bits}, which affect only some files.
30 There are three kinds of permissions that a user can have for a file:
34 @cindex read permission
35 permission to read the file. For directories, this means permission to
36 list the contents of the directory.
38 @cindex write permission
39 permission to write to (change) the file. For directories, this means
40 permission to create and remove files in the directory.
42 @cindex execute/search permission
43 permission to execute the file (run it as a program). For directories,
44 this means permission to access files in the directory.
47 There are three categories of users who may have different permissions
48 to perform any of the above operations on a file:
54 other users who are in the file's group;
59 @cindex owner, default
60 @cindex group owner, default
61 Files are given an owner and group when they are created. Usually the
62 owner is the current user and the group is the group of the directory
63 the file is in, but this varies with the operating system, the
64 file system the file is created on, and the way the file is created. You
65 can change the owner and group of a file by using the @command{chown} and
66 @command{chgrp} commands.
68 In addition to the three sets of three permissions listed above, the
69 file mode bits have three special components, which affect only
70 executable files (programs) and, on most systems, directories:
76 Set the process's effective user ID to that of the file upon execution
77 (called the @dfn{set-user-ID bit}, or sometimes the @dfn{setuid bit}).
78 For directories on a few systems, give files created in the directory
79 the same owner as the directory, no matter who creates them, and set
80 the set-user-ID bit of newly-created subdirectories.
84 Set the process's effective group ID to that of the file upon execution
85 (called the @dfn{set-group-ID bit}, or sometimes the @dfn{setgid bit}).
86 For directories on most systems, give files created in the directory
87 the same group as the directory, no matter what group the user who
88 creates them is in, and set the set-group-ID bit of newly-created
92 @cindex swap space, saving text image in
93 @cindex text image, saving in swap space
94 @cindex restricted deletion flag
95 Prevent unprivileged users from removing or renaming a file in a directory
96 unless they own the file or the directory; this is called the
97 @dfn{restricted deletion flag} for the directory, and is commonly
98 found on world-writable directories like @file{/tmp}.
100 For regular files on some older systems, save the program's text image on the
101 swap device so it will load more quickly when run; this is called the
105 In addition to the file mode bits listed above, there may be file attributes
106 specific to the file system, e.g., access control lists (ACLs), whether a
107 file is compressed, whether a file can be modified (immutability), and whether
108 a file can be dumped. These are usually set using programs
109 specific to the file system. For example:
110 @c should probably say a lot more about ACLs... someday
114 On @acronym{GNU} and @acronym{GNU}/Linux the file attributes specific to
115 the ext2 file system are set using @command{chattr}.
118 On FreeBSD the file flags specific to the FFS
119 file system are set using @command{chflags}.
122 Even if a file's mode bits allow an operation on that file,
123 that operation may still fail, because:
127 the file-system-specific attributes or flags do not permit it; or
130 the file system is mounted as read-only.
133 For example, if the immutable attribute is set on a file,
134 it cannot be modified, regardless of the fact that you
135 may have just run @code{chmod a+w FILE}.
138 @section Symbolic Modes
140 @cindex symbolic modes
141 @dfn{Symbolic modes} represent changes to files' mode bits as
142 operations on single-character symbols. They allow you to modify either
143 all or selected parts of files' mode bits, optionally based on
144 their previous values, and perhaps on the current @code{umask} as well
145 (@pxref{Umask and Protection}).
147 The format of symbolic modes is:
150 @r{[}ugoa@dots{}@r{][}+-=@r{]}@var{perms}@dots{}@r{[},@dots{}@r{]}
154 where @var{perms} is either zero or more letters from the set
155 @samp{rwxXst}, or a single letter from the set @samp{ugo}.
157 The following sections describe the operators and other details of
161 * Setting Permissions:: Basic operations on permissions.
162 * Copying Permissions:: Copying existing permissions.
163 * Changing Special Mode Bits:: Special mode bits.
164 * Conditional Executability:: Conditionally affecting executability.
165 * Multiple Changes:: Making multiple changes.
166 * Umask and Protection:: The effect of the umask.
169 @node Setting Permissions
170 @subsection Setting Permissions
172 The basic symbolic operations on a file's permissions are adding,
173 removing, and setting the permission that certain users have to read,
174 write, and execute or search the file. These operations have the following
178 @var{users} @var{operation} @var{permissions}
182 The spaces between the three parts above are shown for readability only;
183 symbolic modes cannot contain spaces.
185 The @var{users} part tells which users' access to the file is changed.
186 It consists of one or more of the following letters (or it can be empty;
187 @pxref{Umask and Protection}, for a description of what happens then). When
188 more than one of these letters is given, the order that they are in does
193 @cindex owner of file, permissions for
194 the user who owns the file;
196 @cindex group, permissions for
197 other users who are in the file's group;
199 @cindex other permissions
202 all users; the same as @samp{ugo}.
205 The @var{operation} part tells how to change the affected users' access
206 to the file, and is one of the following symbols:
210 @cindex adding permissions
211 to add the @var{permissions} to whatever permissions the @var{users}
212 already have for the file;
214 @cindex removing permissions
215 @cindex subtracting permissions
216 to remove the @var{permissions} from whatever permissions the
217 @var{users} already have for the file;
219 @cindex setting permissions
220 to make the @var{permissions} the only permissions that the @var{users}
224 The @var{permissions} part tells what kind of access to the file should
225 be changed; it is normally zero or more of the following letters. As with the
226 @var{users} part, the order does not matter when more than one letter is
227 given. Omitting the @var{permissions} part is useful only with the
228 @samp{=} operation, where it gives the specified @var{users} no access
233 @cindex read permission, symbolic
234 the permission the @var{users} have to read the file;
236 @cindex write permission, symbolic
237 the permission the @var{users} have to write to the file;
239 @cindex execute/search permission, symbolic
240 the permission the @var{users} have to execute the file,
241 or search it if it is a directory.
244 For example, to give everyone permission to read and write a regular file,
245 but not to execute it, use:
251 To remove write permission for all users other than the file's
259 The above command does not affect the access that the owner of
260 the file has to it, nor does it affect whether other users can
261 read or execute the file.
263 To give everyone except a file's owner no permission to do anything with
264 that file, use the mode below. Other users could still remove the file,
265 if they have write permission on the directory it is in.
272 Another way to specify the same thing is:
278 @node Copying Permissions
279 @subsection Copying Existing Permissions
281 @cindex copying existing permissions
282 @cindex permissions, copying existing
283 You can base a file's permissions on its existing permissions. To do
284 this, instead of using a series of @samp{r}, @samp{w}, or @samp{x}
286 operator, you use the letter @samp{u}, @samp{g}, or @samp{o}. For
294 adds the permissions for users who are in a file's group to the
295 permissions that other users have for the file. Thus, if the file
296 started out as mode 664 (@samp{rw-rw-r--}), the above mode would change
297 it to mode 666 (@samp{rw-rw-rw-}). If the file had started out as mode
298 741 (@samp{rwxr----x}), the above mode would change it to mode 745
299 (@samp{rwxr--r-x}). The @samp{-} and @samp{=} operations work
302 @node Changing Special Mode Bits
303 @subsection Changing Special Mode Bits
305 @cindex changing special mode bits
306 In addition to changing a file's read, write, and execute/search permissions,
307 you can change its special mode bits. @xref{Mode Structure}, for a
308 summary of these special mode bits.
310 To change the file mode bits to set the user ID on execution, use
311 @samp{u} in the @var{users} part of the symbolic mode and
312 @samp{s} in the @var{permissions} part.
314 To change the file mode bits to set the group ID on execution, use
315 @samp{g} in the @var{users} part of the symbolic mode and
316 @samp{s} in the @var{permissions} part.
318 To set both user and group ID on execution, omit the @var{users} part
319 of the symbolic mode (or use @samp{a}) and use @samp{s} in the
320 @var{permissions} part.
322 To change the file mode bits to set the restricted deletion flag or sticky bit,
323 omit the @var{users} part of the symbolic mode (or use @samp{a}) and use
324 @samp{t} in the @var{permissions} part.
326 For example, to set the set-user-ID mode bit of a program,
327 you can use the mode:
333 To remove both set-user-ID and set-group-ID mode bits from
334 it, you can use the mode:
340 To set the restricted deletion flag or sticky bit, you can use
347 The combination @samp{o+s} has no effect. On @acronym{GNU} systems
348 the combinations @samp{u+t} and @samp{g+t} have no effect, and
349 @samp{o+t} acts like plain @samp{+t}.
351 The @samp{=} operator is not very useful with special mode bits.
352 For example, the mode:
359 does set the restricted deletion flag or sticky bit, but it also
360 removes all read, write, and execute/search permissions that users not in the
361 file's group might have had for it.
363 @xref{Directory Setuid and Setgid}, for additional rules concerning
364 set-user-ID and set-group-ID bits and directories.
366 @node Conditional Executability
367 @subsection Conditional Executability
369 @cindex conditional executability
370 There is one more special type of symbolic permission: if you use
371 @samp{X} instead of @samp{x}, execute/search permission is affected only if the
372 file is a directory or already had execute permission.
374 For example, this mode:
381 gives all users permission to search directories, or to execute files if
382 anyone could execute them before.
384 @node Multiple Changes
385 @subsection Making Multiple Changes
387 @cindex multiple changes to permissions
388 The format of symbolic modes is actually more complex than described
389 above (@pxref{Setting Permissions}). It provides two ways to make
390 multiple changes to files' mode bits.
392 The first way is to specify multiple @var{operation} and
393 @var{permissions} parts after a @var{users} part in the symbolic mode.
395 For example, the mode:
402 gives users other than the owner of the file read permission and, if
403 it is a directory or if someone already had execute permission
404 to it, gives them execute/search permission; and it also denies them write
405 permission to the file. It does not affect the permission that the
406 owner of the file has for it. The above mode is equivalent to
414 The second way to make multiple changes is to specify more than one
415 simple symbolic mode, separated by commas. For example, the mode:
422 gives everyone permission to read the file and removes write
423 permission on it for all users except its owner. Another example:
430 sets all of the permission bits for the file explicitly. (It
431 gives users who are not in the file's group no permission at all for
434 The two methods can be combined. The mode:
441 gives all users permission to read the file, and gives users who are in
442 the file's group permission to execute/search it as well, but not permission
443 to write to it. The above mode could be written in several different
450 @node Umask and Protection
451 @subsection The Umask and Protection
453 @cindex umask and modes
454 @cindex modes and umask
455 If the @var{users} part of a symbolic mode is omitted, it defaults to
456 @samp{a} (affect all users), except that any permissions that are
457 @emph{set} in the system variable @code{umask} are @emph{not affected}.
458 The value of @code{umask} can be set using the
459 @code{umask} command. Its default value varies from system to system.
461 @cindex giving away permissions
462 Omitting the @var{users} part of a symbolic mode is generally not useful
463 with operations other than @samp{+}. It is useful with @samp{+} because
464 it allows you to use @code{umask} as an easily customizable protection
465 against giving away more permission to files than you intended to.
467 As an example, if @code{umask} has the value 2, which removes write
468 permission for users who are not in the file's group, then the mode:
475 adds permission to write to the file to its owner and to other users who
476 are in the file's group, but @emph{not} to other users. In contrast,
484 ignores @code{umask}, and @emph{does} give write permission for
485 the file to all users.
488 @section Numeric Modes
490 @cindex numeric modes
491 @cindex file mode bits, numeric
492 @cindex octal numbers for file modes
494 alternative to giving a symbolic mode, you can give an octal (base 8)
495 number that represents the mode.
496 This number is always interpreted in octal; you do not have to add a
497 leading @samp{0}, as you do in C. Mode @samp{0055} is the same as
500 A numeric mode is usually shorter than the corresponding symbolic
501 mode, but it is limited in that normally it cannot take into account the
502 previous file mode bits; it can only set them absolutely.
503 (As discussed in the next section, the set-user-ID and set-group-ID
504 bits of directories are an exception to this general limitation.)
506 The permissions granted to the user,
507 to other users in the file's group,
508 and to other users not in the file's group each require three
509 bits, which are represented as one octal digit. The three special
510 mode bits also require one bit each, and they are as a group
511 represented as another octal digit. Here is how the bits are arranged,
512 starting with the lowest valued bit:
515 Value in Corresponding
518 Other users not in the file's group:
523 Other users in the file's group:
534 1000 Restricted deletion flag or sticky bit
535 2000 Set group ID on execution
536 4000 Set user ID on execution
539 For example, numeric mode @samp{4755} corresponds to symbolic mode
540 @samp{u=rwxs,go=rx}, and numeric mode @samp{664} corresponds to symbolic mode
541 @samp{ug=rw,o=r}. Numeric mode @samp{0} corresponds to symbolic mode
544 @node Directory Setuid and Setgid
545 @section Directories and the Set-User-ID and Set-Group-ID Bits
547 On most systems, if a directory's set-group-ID bit is set, newly
548 created subfiles inherit the same group as the directory, and newly
549 created subdirectories inherit the set-group-ID bit of the parent
550 directory. On a few systems, a directory's set-user-ID bit has a
551 similar effect on the ownership of new subfiles and the set-user-ID
552 bits of new subdirectories. These mechanisms let users share files
553 more easily, by lessening the need to use @command{chmod} or
554 @command{chown} to share new files.
556 These convenience mechanisms rely on the set-user-ID and set-group-ID
557 bits of directories. If commands like @command{chmod} and
558 @command{mkdir} routinely cleared these bits on directories, the
559 mechanisms would be less convenient and it would be harder to share
560 files. Therefore, a command like @command{chmod} does not affect the
561 set-user-ID or set-group-ID bits of a directory unless the user
562 specifically mentions them in a symbolic mode, or sets them in
563 a numeric mode. For example, on systems that support
564 set-group-ID inheritance:
567 # These commands leave the set-user-ID and
568 # set-group-ID bits of the subdirectories alone,
569 # so that they retain their default values.
576 mkdir -m u=rwx,go=rx F
579 If you want to try to set these bits, you must mention them
580 explicitly in the symbolic or numeric modes, e.g.:
583 # These commands try to set the set-user-ID
584 # and set-group-ID bits of the subdirectories.
587 chmod u=rwx,go=rx,a+s H
589 mkdir -m u=rwx,go=rx,a+s J
592 If you want to try to clear these bits, you must mention them
593 explicitly in a symbolic mode, e.g.:
596 # This command tries to clear the set-user-ID
597 # and set-group-ID bits of the directory D.
601 This behavior is a @acronym{GNU} extension. Portable scripts should
602 not rely on requests to set or clear these bits on directories, as
603 @acronym{POSIX} allows implementations to ignore these requests.