chmod
[OPTION]... MODE[,MODE]...
FILE...
chmod [OPTION]... OCTAL-MODE FILE...
chmod [OPTION]... --reference=RFILE
FILE...
Step 2
To recursively give directories read&execute privileges:
find /path/to/base/dir -type d -exec chmod 755 {} +
To recursively give files read privileges:
find /path/to/base/dir -type f -exec chmod 644 {} +
Or, if there are many objects to process:
chmod 755 $(find /path/to/base/dir -type d)
chmod 644 $(find /path/to/base/dir -type f)
Or, to reduce chmod spawning:
find /path/to/base/dir -type d -print0 | xargs -0 chmod 755
find /path/to/base/dir -type f -print0 | xargs -0 chmod 644
If you are using Linux with a relatively modern filesystem (ext3/ext4, btrfs, ntfs), this can be done with POSIX ACLs:
Enable ACLs for the filesystem. This is only necessary for ext3 and ext4 on kernels older than 2.6.38. All other filesystems that support ACLs enable them automatically.
mount -o remount,acl /
tune2fs -o acl /dev/<partition>
Give tom access to the folder:
setfacl -m user:tom:rwx /home/samantha/folder
If the OS or the filesystem does not support ACLs, another way is to use groups.
Create a group.
Some Linux distributions create a separate group for each
user: tom would automatically be in a group
also named tom.
If not, create a group. This should work on Linux...
groupadd tom
gpasswd -a tom tom
...and this - on BSD:
groupadd tom
usermod -G tom tom
chgrp the directory to that group, and give
permissions with chmod:
chgrp tom /home/samantha/folder
chmod g+rwx /home/samantha/folder
The chmod command (abbreviated from change mode) is a Unix
command that lets an operator tell the system how much (or
little) access it should permit to a file. Command chmod
666 means that all users will have read and write
permissions.
it's as easy as:
find / -perm 0777
if you only want to match files, use this instead:
find / -type f -perm 0777
* doesn't include hidden files by default, but if
you're in bash, you can do this with:
shopt -s dotglob
Read more about it in bash's
builtin manual:
If set, Bash includes filenames beginning with a `.' in the results of filename expansion.
This will make * include hidden files too.
chmod -R 775 *
Disable it with:
shopt -u dotglob
That's not how the Unix protection model works, you can't set permissions recursively. You need to set them on each directory, all the way "down".
Of course you can do the setting recursively, but that only means "go through and set these permissions on all files and folders below", which is not how I understand your question.
To do do that, use the -R option to chmod:
$ chmod -R 0755 /my-cool-directory
I think you want this:
chown username:groupname *
If you also want to recursively change subdirectories, you'll
need the -R (-r is deprecated) switch:
chown -R username:groupname *
First of all, stop the command if it is still running!
Now everything will belong to root and that is quite problematic.
You should try to restore information from your latest backup.
It is also important not to restart the system before checking all the applications running and the user launching them on boot. If you do, some of them may not start properly due to permissions problems.
Good luck.
As far as I understand Linux ACLs, setfacl -Rdm
g:mygroup:rwx share_name does exactly what you want.
Experiment:
umask 007
mkdir foo
chgrp mygroup foo
chmod 2700 foo
setfacl -d -m group:mygroup:rwx foo
setfacl -m group:mygroup:rwx foo
touch foo/data
echo '#!/bin/ls' >foo/exec
chmod +x foo/exec
Then as a different user in group mygroup:
$ cat foo/*
#!/bin/ls
#!/bin/ls
$ ./foo/data
ash: ./foo/data: Permission denied
$ ./foo/exec
./foo/exec
What's going on?
$ getfacl foo/data
# file: foo/data
# owner: myuser
# group: mygroup
user::rw-
group::---
group:mygroup:rwx #effective:rw-
mask::rw-
other::---
The effective ACL for mygroup is the result of
and'ing the ACL_GROUP entry for mygroup
(rwx) with the ACL_MASK entry (rw-).
The acl(5) man page explains calculation this under
“Access check algorithms”. It doesn't explain how
ACL_MASK entries are generated, but in practice the
right thing seems to happen.
The setting you're looking for is called the umask, and that's also the name of
the command that changes it. To make a persistent change, add a
umask command to your shell startup file -- probably
named .profile or .bash_profile, in
your home directory; if you don't seem to have any such file,
post the output of these commands:
$ grep $LOGNAME /etc/passwd
$ (cd; ls -ld .??*)
I can offer a workaround: Make a separate "drop" directory, run a separate minijob there that fixes the permissions and then moves the files into the application's data directory. You can use incron for that so there would be virtually no noticeable time delay.
If you are using Linux with a relatively modern filesystem (ext3/ext4, btrfs, ntfs), this can be done with POSIX ACLs:
Enable ACLs for the filesystem. This is only necessary for ext3 and ext4 on kernels older than 2.6.38. All other filesystems that support ACLs enable them automatically.
mount -o remount,acl /
tune2fs -o acl /dev/<partition>
Give tom access to the folder:
setfacl -m user:tom:rwx /home/samantha/folder
If the OS or the filesystem does not support ACLs, another way is to use groups.
Create a group.
Some Linux distributions create a separate group for each
user: tom would automatically be in a group
also named tom.
If not, create a group. This should work on Linux...
groupadd tom
gpasswd -a tom tom
...and this - on BSD:
groupadd tom
usermod -G tom tom
chgrp the directory to that group, and give
permissions with chmod:
chgrp tom /home/samantha/folder
chmod g+rwx /home/samantha/folder
Run find on -type d
(directories) with the -exec primary to
perform the chmod only on folders:
find /your/path/here -type d -exec chmod o+x {} \;
To be sure it only performs it on desired objects, you can run
just find /your/path/here -type d first; it will
simply print out the directories it finds.
This manual page documents the GNU version of chmod. chmod changes the file mode bits of each given file according to mode, which can be either a symbolic representation of changes to make, or an octal number representing the bit pattern for the new mode bits.
The format of a symbolic mode is [ugoa...][[+-=][perms...]...], where perms is either zero or more letters from the set rwxXst, or a single letter from the set ugo. Multiple symbolic modes can be given, separated by commas.
A combination of the letters ugoa controls which users’ access to the file will be changed: the user who owns it (u), other users in the file’s group (g), other users not in the file’s group (o), or all users (a). If none of these are given, the effect is as if a were given, but bits that are set in the umask are not affected.
The operator + causes the selected file mode bits to be added to the existing file mode bits of each file; - causes them to be removed; and = causes them to be added and causes unmentioned bits to be removed except that a directory’s unmentioned set user and group ID bits are not affected.
The letters rwxXst select file mode bits for the affected users: read (r), write (w), execute (or search for directories) (x), execute/search only if the file is a directory or already has execute permission for some user (X), set user or group ID on execution (s), restricted deletion flag or sticky bit (t). Instead of one or more of these letters, you can specify exactly one of the letters ugo: the permissions granted to the user who owns the file (u), the permissions granted to other users who are members of the file’s group (g), and the permissions granted to users that are in neither of the two preceding categories (o).
A numeric mode is from one to four octal digits (0-7), derived by adding up the bits with values 4, 2, and 1. Omitted digits are assumed to be leading zeros. The first digit selects the set user ID (4) and set group ID (2) and restricted deletion or sticky (1) attributes. The second digit selects permissions for the user who owns the file: read (4), write (2), and execute (1); the third selects permissions for other users in the file’s group, with the same values; and the fourth for other users not in the file’s group, with the same values.
chmod never changes the permissions of symbolic links; the chmod system call cannot change their permissions. This is not a problem since the permissions of symbolic links are never used. However, for each symbolic link listed on the command line, chmod changes the permissions of the pointed-to file. In contrast, chmod ignores symbolic links encountered during recursive directory traversals.
Change the mode
of each FILE to MODE. With --reference,
change the mode of each FILE to that of RFILE.
-c, --changes
like verbose but report only when a change is made
-f, --silent, --quiet
suppress most error messages
-v, --verbose
output a diagnostic for every file processed
--no-preserve-root
do not treat ’/’ specially (the default)
--preserve-root
fail to operate recursively on ’/’
--reference=RFILE
use RFILE’s mode instead of MODE values
-R, --recursive
change files and directories recursively
--version
output version information and exit
Each MODE is of the form ’[ugoa]*([-+=]([rwxXst]*|[ugo]))+|[-+=][0-7]+’.
Copyright © 2012 Free Software Foundation, Inc. License GPLv3+:
GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute
it. There is NO WARRANTY, to the extent permitted by law.
Report chmod bugs to bug-coreutils[:at:]gnu[:dot:]org
GNU coreutils home page:
<http://www.gnu.org/software/coreutils/>
General help using GNU software:
<http://www.gnu.org/gethelp/>
Report chmod translation bugs to
<http://translationproject.org/team/>
The restricted deletion flag or sticky bit is a single bit, whose interpretation depends on the file type. For directories, it prevents unprivileged users from removing or renaming a file in the directory unless they own the file or the directory; this is called the restricted deletion flag for the directory, and is commonly found on world-writable directories like /tmp. For regular files on some older systems, the bit saves the program’s text image on the swap device so it will load more quickly when run; this is called the sticky bit.
chmod clears the set-group-ID bit of a regular file if the file’s group ID does not match the user’s effective group ID or one of the user’s supplementary group IDs, unless the user has appropriate privileges. Additional restrictions may cause the set-user-ID and set-group-ID bits of MODE or RFILE to be ignored. This behavior depends on the policy and functionality of the underlying chmod system call. When in doubt, check the underlying system behavior.
chmod preserves a directory’s set-user-ID and set-group-ID bits unless you explicitly specify otherwise. You can set or clear the bits with symbolic modes like u+s and g-s, and you can set (but not clear) the bits with a numeric mode.
chmod
The full documentation for chmod is maintained as a Texinfo manual. If the info and chmod programs are properly installed at your site, the command
info coreutils 'chmod invocation'
should give you access to the complete manual.
Written by David MacKenzie and Jim Meyering.