System Administration Guide: Security Services

File Permission Modes

The chmod command enables you to change the permissions on a file. You must be superuser or the owner of a file or directory to change its permissions.

You can use the chmod command to set permissions in either of two modes:

The following table lists the octal values for setting file permissions in absolute mode. You use these numbers in sets of three to set permissions for owner, group, and other, in that order. For example, the value 644 sets read and write permissions for owner, and read-only permissions for group and other.

Table 7–4 Setting File Permissions in Absolute Mode

Octal Value 

File Permissions Set 

Permissions Description 

0

---

No permissions 

1

--x

Execute permission only 

2

-w-

Write permission only 

3

-wx

Write and execute permissions 

4

r--

Read permission only 

5

r-x

Read and execute permissions 

6

rw-

Read and write permissions 

7

rwx

Read, write, and execute permissions 

The following table lists the symbols for setting file permissions in symbolic mode. Symbols can specify whose permissions are to be set or changed, the operation to be performed, and the permissions that are being assigned or changed.

Table 7–5 Setting File Permissions in Symbolic Mode

Symbol 

Function 

Description 

u

who

User (owner) 

g

who

Group 

o

who

Others 

a

who

All 

=

operator

Assign 

+

operator

Add 

-

operator

Remove 

r

permissions

Read 

w

permissions

Write 

x

permissions

Execute 

l

permissions

Mandatory locking, setgid bit is on, group execution bit is off

s

permissions

setuid or setgid bit is on

t

permissions

Sticky bit is on, execution bit for others is on 

The who operator permissions designations in the function column specify the symbols that change the permissions on the file or directory.

who

Specifies whose permissions are to be changed.

operator

Specifies the operation to be performed.

permissions

Specifies what permissions are to be changed.

You can set special permissions on a file in absolute mode or symbolic mode. However, you must use symbolic mode to set or remove setuid permissions on a directory. In absolute mode, you set special permissions by adding a new octal value to the left of the permission triplet. The following table lists the octal values for setting special permissions on a file.

Table 7–6 Setting Special File Permissions in Absolute Mode

Octal Value 

Special File Permissions 

1

Sticky bit 

2

setgid

4

setuid