Editing Chmod (section)

===Symbolic notation===
The {{code|chmod}} command accepts symbolic notation that specifies how to modify the existing permissions.<ref>{{cite web|title=AIX 5.5 Commands Reference|url=http://www-01.ibm.com/support/knowledgecenter/#!/ssw_aix_53/com.ibm.aix.cmds/doc/aixcmds1/chmod.htm?cp=ssw_aix_53%2F1-2-0-2-78|website=IBM Knowledge Center|publisher=IBM|access-date=30 August 2015}}</ref> The command accepts a comma-separate list of specifiers like: <code>[''classes'']+|-|=''operations''</code>

Classes map permissions to users. A change specifier can select one class by including its symbol, multiple by including each class's symbol with no delimiter or if not specified, then all classes are selected and further the bits of [[umask]] mask will be unchanged.<ref>{{Cite web|url=http://teaching.idallen.com/cst8207/19w/notes/510_umask.html|title=Permissions masking with umask, chmod, 777 octal permissions|website=teaching.idallen.com}}</ref> Class specifiers include:

{| class="wikitable"
|+ Class specifiers
|-
! symbol !! description
|-
| {{Mono|u}} || user: file owner
|-
| {{Mono|g}} || group: members of the file's group
|-
| {{Mono|o}} || others: users who are neither the file's owner nor members of the file's group
|-
| {{Mono|a}} || all three classes; same as {{code|ugo}}
|}

As ownership is key to access control, and since the symbolic specification uses the abbreviation ''o'', some incorrectly think that it means ''owner'', when, in fact, it is short for ''others''.

The change operators include:
{| class="wikitable"
|+ Operators
|-
! symbol !! description
|-
| {{Mono|+}} || add operations/flags
|-
| {{Mono|-}} || remove operations/flags
|-
| {{Mono|{{=}}}} || set the entire operations/flags field; grants the specified operations and denies others
|}

Operations can be specified as follows:

{| class="wikitable"
|+ Operation specifiers
|-
! symbol !! description
|-
| {{Mono|r}} || '''r'''ead a regular file or list a directory's contents
|-
| {{Mono|w}} || '''w'''rite to a file
|-
| {{Mono|x}} || e'''x'''ecute a regular file or recurse a directory tree
|-
| {{Mono|X}} || special execute: selects to apply execute to directories (regardless of their current permissions) and apply execute to files that already have at least one execute permission granted (for any class); only useful with operation {{code|+}} and usually in combination with option {{code|-R}} for giving group or others access to a directory tree without setting execute permission on regular files, which would normally happen if with {{code|chmod -R a+rx .}}; instead use {{code|chmod -R a+rX .}}
|-
| {{Mono|s}} || '''s'''etuid mode or '''s'''etgid mode
|-
| {{Mono|t}} || s'''t'''icky mode
|}

Most {{code|chmod}} implementations support the specification of the special modes in octal, but some do not which requires using the symbolic notation.

The [[ls|{{code|ls}}]] command can report file permissions in a symbolic notation that is similar to the notation used with {{code|chmod}}. {{code|ls -l}} reports permissions in a notation that consists of 10 letters. The first indicates the type of the file system entry, such as dash for regular file and 'd' for directory. Following that are three sets of three letters that indicate read, write and execute permissions grouped by user, group and others classes. Each position is either dash to indicate lack of permission or the single-letter abbreviation for the permission to indicate that it's granted. For example:

<syntaxhighlight lang="console">
$ ls -l findPhoneNumbers.sh
-rwxr-xr--  1 dgerman  staff  823 Dec 16 15:03 findPhoneNumbers.sh
</syntaxhighlight>

The permission specifier {{code|-rwxr-xr--}} starts with a dash which indicates that {{code|findPhoneNumbers.sh}} is a regular file; not a directory. The next three letters {{code|rwx}} indicate that the file can be read, written, and executed by the owning user {{code|dgerman}}. The next three letters {{code|r-x}} indicate that the file can be read and executed by members of the {{code|staff}} group. And the last three letters {{code|r--}} indicate that the file is read-only for other users.