8.5.3 chmod command (specifies permissions as numeric values)
Syntax
chmod [-fhR] mode path-name
You can create this command by using thescript_chmod2 sample script file as the base. For details about how to create the command, see (2) Preparations for using the script-format UNIX-compatible commands (Windows only).
Description
This command deletes the existing access control list (ACL) and specifies a new ACL using numeric values for the mode specification.
Use this command to set access permissions as numeric values for the following purposes:
Suppressing write and read by users other than owner
Permitting write and read by all users
Suppressing write by all users including owner
Arguments
- -f
Ignores the specification.
- -h
Ignores the specification.
- -R
Ignores the specification.
- mode
The table below lists the mode values and the corresponding access permissions in access control entries (ACEs) that are set. If any other mode is specified, the command outputs the message chmod: invalid file mode: mode to the standard error output, in which case the access permissions are not changed.
Mode value
Access permission that is set
777
Owner: F, Everyone: F
766
Owner: F, Everyone: C
755
Owner: F, Everyone: R
744
Owner: F, Everyone: R
733
Owner: F, Everyone: W
722
Owner: F, Everyone: W
700
Owner: F
666
Owner: C, Everyone: C
655
Owner: C, Everyone: R
644
Owner: C, Everyone: R
633
Owner: C, Everyone: W
622
Owner: C, Everyone: W
600
Owner: C
555
Owner: R, Everyone: R
544
Owner: R, Everyone: R
533
Owner: R, Everyone: W
522
Owner: R, Everyone: W
500
Owner: R
444
Owner: R, Everyone: R
433
Owner: R, Everyone: W
422
Owner: R, Everyone: W
400
Owner: R
333
Owner: W, Everyone: W
322
Owner: W, Everyone: W
300
Owner: W
222
Owner: W, Everyone: W
200
Owner: W
- Legend:
In the table, F, C, R, and W correspond to the following access permissions of the cacls command:
F: Full control
C: Change permission
R: Read permission
W: Write permission
The mode read and write permissions combined (mode bit 6) are defined as the change permission. All permissions combined (mode bit 7) are defined as full control.
A mode specification equivalent to execution permissions is ignored. Therefore, mode bit 5 is defined as being equivalent to mode bit 4, and mode bit 3 is defined as being equivalent to mode bit 2.
- path-name
Specifies the target file or folder. You can specify multiple files or folders.
Return code
Return code |
Meaning |
---|---|
0 |
Normal termination |
1 or greater |
Error termination |
Notes
This command deletes the existing ACL and sets only those ACEs listed in the explanation of mode. If there are ACEs for accounts that you want to keep, add them to the cacls command definition in the sample script.
The Other users account is set to Everyone. Therefore, if Owner's access permissions are lower than Other users' access permissions, Owner can use Everyone's access permissions.
If the executing user does not have permissions to access files and folders, the cacls command outputs the message Access denied to the standard error output and then results in an error, in which case the permissions cannot be changed. Grant the executing user the permissions to change access permissions and then re-execute the command.
-
If symbolic link is specified for the argument path name, link destination file and directory are changed. Use the command provided by OS if you change the symbolic link itself.
Examples
The following shows example definitions of job definition scripts. These examples assume that the chmod command has been created by using the script_chmod2 sample script file as the base.
Set a specified file to be readable by all users:
chmod 444 test.txt
Specify a mode whose specification is not permitted:
chmod 611 test.txt
In this example, the following message is output to the standard error output:
chmod: invalid file mode: 611