8.5.4 chmod command (specifies permissions as symbols or numeric values)
Syntax
chmod [-fhR] mode path-name
You can create this command by using the script_chmod3 sample script file as the base. For details about how to create the command, see (2) Preparations for using the script-format UNIX-compatible commands (Windows only).
Description
This command deletes all ACEs except for those for Owner and Everyone and changes or sets access permissions according to the mode specified as symbols or numeric values.
Use this command to set access permissions as symbols or numeric values for the following purposes:
Migrating to a Windows system job definition scripts in which chmod command modes are specified as symbols
Adding or suppressing Owner's or all users' access permissions
Arguments
- -f
Ignores the specification.
- -h
Ignores the specification.
- -R
Ignores the specification.
- mode
The table below lists the mode values and the corresponding access permissions in access control entries (ACEs) that are set. If any other mode is specified, the command outputs the message chmod: invalid file mode: mode to the standard error output, in which case the access permissions are not changed.
Mode value
(execution results of the adshscripttool -fmode command)
Access permission that is set
u+r (A00000000)
Owner: R is added.
u+rw (AA0000000)
Owner: C is added.
u+rwx (AAA000000)
Owner: F is added.
u+w (0A0000000)
Owner: W is added.
u-rwx (DDD000000)
Owner's ACE is deleted.
u=r (RDD000000)
Owner: Replaced with R.
u=rw (RRD000000)
Owner: Replaced with C.
u=rwx (RRR000000)
Owner: Replaced with F.
u=w (DRD000000)
Owner: Replaced with W.
o+r (000000A00)
Everyone: R is added.
o+rw (000000AA0)
Everyone: C is added.
o+rwx (000000AAA)
Everyone: F is added.
o+w (0000000A0)
Everyone: W is added.
o-rwx (000000DDD)
Everyone's ACE is deleted.
o=r (000000RDD)
Everyone: Replaced with R.
o=rw (000000RRD)
Everyone: Replaced with C.
o=rwx (000000RRR)
Everyone: Replaced with F.
o=w (000000DRD)
Everyone: Replaced with W.
+r / ugo+r (A00A00A00)
Owner: R, Everyone: R is added.
+rw / ugo+rw (AA0AA0AA0)
Owner: C, Everyone: C is added.
+rwx / ugo+rwx (AAAAAAAAA)
Owner: F, Everyone: F is added.
+w / ugo+w (0A00A00A0)
Owner: W, Everyone: W is added.
-rwx / ugo-rwx (DDDDDDDDD)
Owner's and Everyone's ACEs are deleted.
=r / ugo=r (RDDRDDRDD)
Owner: R, Everyone: Replaced with R.
=rw / ugo=rw (RRDRRDRRD)
Owner: C, Everyone: Replaced with C.
=rwx / ugo=rwx (RRRRRRRRR)
Owner: F, Everyone: Replaced with F.
=w / ugo=w (DRDDRDDRD)
Owner: W, Everyone: Replaced with W.
777 (RRRRRRRRR)
Owner: F, Everyone: Replaced with F.
766 (RRRRRDRRD)
Owner: F, Everyone: Replaced with C.
755 (RRRRDRRDR)
Owner: F, Everyone: Replaced with R.
744 (RRRRDDRDD)
Owner: F, Everyone: Replaced with R.
733 (RRRDRRDRR)
Owner: F, Everyone: Replaced with W.
722 (RRRDRDDRD)
Owner: F, Everyone: Replaced with W.
700 (RRRDDDDDD)
Owner: Replaced with F.
666 (RRDRRDRRD)
Owner: C, Everyone: Replaced with C.
655 (RRDRDRRDR)
Owner: C, Everyone: Replaced with R.
644 (RRDRDDRDD)
Owner: C, Everyone: Replaced with R.
633 (RRDDRRDRR)
Owner: C, Everyone: Replaced with W.
622 (RRDDRDDRD)
Owner: C, Everyone: Replaced with W.
600 (RRDDDDDDD)
Owner: Replaced with C.
555 (RDRRDRRDR)
Owner: R, Everyone: Replaced with R.
544 (RDRRDDRDD)
Owner: R, Everyone: Replaced with R.
533 (RDRDRRDRR)
Owner: R, Everyone: Replaced with W.
522 (RDRDRDDRD)
Owner: R, Everyone: Replaced with W.
500 (RDRDDDDDD)
Owner: Replaced with R.
444 (RDDRDDRDD)
Owner: R, Everyone: Replaced with R.
433 (RDDDRRDRR)
Owner: R, Everyone: Replaced with W.
422 (RDDDRDDRD)
Owner: R, Everyone: Replaced with W.
400 (RDDDDDDDD)
Owner: Replaced with R.
333 (DRRDRRDRR)
Owner: W, Everyone: Replaced with W.
322 (DRRDRDDRD)
Owner: W, Everyone: Replaced with W.
300 (DRRDDDDDD)
Owner: Replaced with W.
222 (DRDDRDDRD)
Owner: W, Everyone: Replaced with W.
200 (DRDDDDDDD)
Owner: Replaced with W.
- Legend:
In the table, F, C, R, and W correspond to the following access permissions of the cacls command:
F: Full control
C: Change permission
R: Read permission
W: Write permission
The mode read and write permissions combined (mode bit 6) are defined as the change permission. All permissions combined (mode bit 7) are defined as full control.
A mode specification equivalent to execution permissions is ignored. Therefore, mode bit 5 is defined as being equivalent to mode bit 4, and mode bit 3 is defined as being equivalent to mode bit 2.
- path-name
Specifies the target file or folder. You can specify multiple files or folders.
Return code
Return code |
Meaning |
---|---|
0 |
Normal termination |
1 or greater |
Error termination |
Notes
This command deletes all ACEs except for those for Owner and Everyone and sets only those ACEs listed in the explanation of mode. If there are ACEs for accounts that you want to keep, add them to the cacls command definition in the sample script.
The Other users account is set to Everyone. Therefore, if Owner's access permissions are lower than Other users' access permissions, Owner can use Everyone's access permissions.
If the executing user does not have permissions to access files and folders, the cacls command outputs the message Access denied to the standard error output and then results in an error, in which case the permissions cannot be changed. Grant the executing user the permissions to change access permissions and then re-execute the command.
-
If symbolic link is specified for the argument path name, link destination file and directory are changed. Use the command provided by OS if you change the symbolic link itself.
Examples
The following shows example definitions of job definition scripts. These examples assume that the chmod command has been created by using the script_chmod3 sample script file as the base.
Add write permission to Other users:
chmod o+w test.txt
Specify a mode whose specification is not permitted:
chmod g-w test.txt
In this example, the following message is output to the standard error output:
chmod: invalid file mode: g-w