mode of a new file is set based on the umask
--reference=reffile chmod [Options]… symbolic-mode file … use
chmod [Options]…
m m m
file …
reffile's mode
-R, --recursive |
Symbolic-Mode options:
[ugoa [+-=][rwx Xst]
ugoa specifies which users' access to the file will be changed:
all user's flags (which are not inhibited by umask).
|
|
|
rwxXst select the modes for the specified users:
read , write, execute
eXecute only if the file is a directory or already has execute permission for some user
set user or group ID on execution†
t Save program text on swap device ( perhaps a performance enhancer )
For a directory mode means: read:list files, write:add, execute:access
Examples
chmod a-w file chmod a+r filechmod g+rw filechmod =rx,g+s file
| first digit | special attributes usually not used |
| ||||||
| second digit | owner |
| ||||||
| third digit | group |
| ||||||
| fourth digit | other users NOT in the file's group |
|
The mode is calculated by adding the values.
User (owner) (rwx) = 400+200+100= 700 ; Group(rx) = 40+10 = 50; Other (x) = 1 results in:
mode = 751
Setting mode to 777 should be avoided as this permits anyone to modify the file.
chmod 750 file
ls -l file
-rwxr-x--- 1 dgerman team2 978 22 May 19:10 file
chmod 760 file
ls -l file
-rwxrw---- 1 dgerman team2 978 22 May 19:10 file
For symbolic links: the mode is not changed since they are not used.
The mode of the target file is changed except during recursive directory traversals.
This page documents the GNU version of chmod.
see also:
ls -l lists current permissions for --
u (owner) rwx -- g (group) rwx -- O (Other) rwx --
chgrp - Change group ownership
chown - Change file owner and group
umask - sets "allowed" filter
Windows equivalent commands:
ATTRIB - Change file attributes
CACLS - Change AccessControlList settings
XCACLS - Change file permissions
Fat file system only supports readonly, hidden, sys and archive. see
ATTRIB.exe
ATTRIB [ +| attribute ] [pathname] [/S [/D]] [/L]
Display or change file attributes.
+ : Turn an attribute ON
- : Clear an attribute OFF
pathname |
/S | |||||||||||||||||||||||||||||||||||||||
The numeric values can be used when changing attributes with VBS/WSH If no attribute is specified attrib will return the current attribute settings. Used with just the /S option ATTRIB will quickly search for a particular filename. In older versions of Windows, Explorer would display 'p' to indicate a 'sparse' file.
Hidden and System attributes take priority. If a file has both the Hidden and System attributes set, you can clear both attributes only with a single ATTRIB command.
For example, to clear the Hidden and System attributes for the RECORD.TXT file, type: ATTRIB -S -H RECORD.TXT
If a file has the System or Hidden attribute set, you must clear that attribute before you can change any other attributes with ATTRIB. Wildcards You can use wildcards (? and *) with the pathname parameter to display or change the attributes for a group of files.
Directory Attributes You can display or change some attributes for a directory/folder.
The Read-only attribute (R) does not apply to a folder. This is because a unlike a file, a folder object does not contain any content that can be edited. The Name of a folder can be changed but that is a rename operation not an edit of the contents.
The Read-only attribute of a folder can be set or cleared in Windows Explorer as a fast method of setting/clearing the Read-only attribute of all files within the folder. It does not actually set the attribute on the folder itself.
To use ATTRIB with a directory, you must explicitly specify the directory name; you cannot use wildcards to work with directories. So the following command would affect only files, not directories: ATTRIB +H C:*.*
To hide the directory C:\SECRET: ATTRIB +H C:\SECRET
Detect whether a path points to a file or a directory by reading the Extended Attribute for 'Directory' (as listed below).
The System attribute is used by Windows to determine that a folder is a special folder, such as My Documents, Favorites, Fonts, etc.
Archive attribute The Archive attribute (A) is used to mark files that have changed since they were previously backed up. The (A) flag is automatically updated by Windows as the file is saved. If the (A) flag is present - the file is new or has been changed since the last backup. The MSBACKUP, RESTORE, and XCOPY commands use these Archive attributes, as do most 3rd party backup solutions.
Temporary attribute DFSR will not replicate files if they have the Temporary attribute set. The temporary attribute can be removed by using PowerShell to subtract 0x100: PS C:\> Get-childitem D:\Data -recurse | ForEach-Object -process {if (($_.attributes -band 0x100) -eq 0x100) {$_.attributes = ($_.attributes -band 0xFEFF)}}
Extended Attributes are only available on NTFS volumes. File attributes can be read with FSUTIL usn readdata filename.ext Constants - the following attribute values are returned by the GetFileAttributes function:
Attribute Constant Dec Hex (R) Read-only file. Applications can read the file, but cannot write to it or delete it. This attribute is not honored on directories. FILE_ATTRIBUTE_READONLY 1 0x1 (H) Hidden. The file or directory is hidden. It is not included in an ordinary directory listing. FILE_ATTRIBUTE_HIDDEN 2 0x2 (S) System. A file or directory that the operating system uses a part of, or uses exclusively. FILE_ATTRIBUTE_SYSTEM 4 0x4 Directory. The handle that identifies a directory. FILE_ATTRIBUTE_DIRECTORY 16 0x10 (A) Archive. A file or directory that is an archive file or directory. Applications typically use this attribute to mark files for backup or removal . FILE_ATTRIBUTE_ARCHIVE 32 0x20 Device. This value is reserved for system use. FILE_ATTRIBUTE_DEVICE 64 0x40 Normal. A file that does not have other attributes set. This pseudo attribute is considered to be set if all other attributes (including the extended attributes) are reset. FILE_ATTRIBUTE_NORMAL 128 0x80 (T) Temporary. A file that is being used for temporary storage. The OS will prefer cache memory for files marked as temporary. FILE_ATTRIBUTE_TEMPORARY 256 0x100 Sparse file. A file that is a sparse file. A sparse file has an attribute that causes the I/O subsystem to allocate only meaningful (nonzero) data. Nonzero data is allocated on disk, and non-meaningful data (large strings of data composed of zeros) is not. FILE_ATTRIBUTE_SPARSE_FILE 512 0x200 Reparse point. A file or directory that has an associated reparse point, or a file that is a symbolic link. FILE_ATTRIBUTE_REPARSE_POINT 1024 0x400 (C) Compressed file or directory that is compressed. For a file, all of the data in the file is compressed. For a directory, compression is the default for newly created files and subdirectories. FILE_ATTRIBUTE_COMPRESSED 2048 0x800 (O) Offline. The data of a file is not available immediately. This attribute indicates that the file data is physically moved to offline storage. This attribute is used by Remote Storage, which is the hierarchical storage management software. Applications should not arbitrarily change this attribute. FILE_ATTRIBUTE_OFFLINE 4096 0x1000 (I) Not Indexed. The file or directory is not to be indexed by the content indexing service. FILE_ATTRIBUTE_NOT_CONTENT_INDEXED 8192 0x2000 (E) Encrypted file or directory. For a file, all data streams in the file are encrypted. For a directory, encryption is the default for newly created files and subdirectories. FILE_ATTRIBUTE_ENCRYPTED 16,384 0x4000 Integrity. The directory or user data stream is configured with 'integrity' (only supported on ReFS volumes) which gives ReFS the ability to reliably detect file corruption.. It is not included in an ordinary directory listing. FILE_ATTRIBUTE_INTEGRITY_STREAM 32,768 0x8000 Virtual. This value is reserved for system use. FILE_ATTRIBUTE_VIRTUAL 65,536 0x10000 (X) No Scrub. The user data stream not to be read by the background data integrity scanner (AKA scrubber) for proactive error correction. When set on a directory it only provides inheritance. This flag is only supported on Storage Spaces and ReFS volumes. It is not included in an ordinary directory listing. FILE_ATTRIBUTE_NO_SCRUB_DATA 131,072 0x20000 (U) UnPinned. FILE_ATTRIBUTE_UNPINNED 1,048,576 0x00100000 (P) Pinned. This refers to the "Always available on this device" setting for OneDrive files. FILE_ATTRIBUTE_PINNED 524,288 0x00080000 (M) Recall on Data Access. When this attribute is set, it means that the file or directory is not fully present locally. For a file that means that not all of its data is on local storage (e.g. it may be sparse with some data still in remote storage). For a directory it means that some of the directory contents are being virtualized from another location. Reading the file / enumerating the directory will be more expensive than normal, e.g. it will cause at least some of the file/directory content to be fetched from a remote store. Only kernel-mode callers can set this bit. FILE_ATTRIBUTE_RECALL_ON_DATA_ACCESS 4,194,304 0x00400000 For example, a file attribute of 0x120 indicates the Temporary + Archive attributes are set (0x100 + 0x20 = 0x120.)
CACLS - Change file permissions. An alternative way to display extended attributes is using FOR parameter attributes FSUTIL - File and Volume utilities. Show superhidden file extensions. Q326549 - Read-only & System attributes for folders. PowerShell equivalent:(Get-Item 'example.txt').Attributes / Get-ItemProperty / Set-ItemProperty - Example script Equivalent bash command (Linux): chmod - Change access permissions.