chmod Command Oracle UNIX/Linux Tips by Burleson Consulting

The UNIX chmod command

The UNIX chmod command (pronounced ?schmod?) is used to change the execution permissions of a UNIX file. The chmod command is based on the permissions we covered in the umask section, and the chmod permissions can be assigned either by number (Table 4) or by a letter value.

Owner	Group	World	Meaning
7	7	7	Read + Write + execute
6	6	6	Write + execute
5	5	5	Read + execute
4	4	4	read only
2	2	2	write only
1	1	1	Execute only

Table 6: The UNIX numerical file permissions

For example, assume that we want to allow all UNIX users in the DBA group to write to our Oracle initialization files. We first need to check the existing permissions.

root> ls -al
total 56
drwxr-sr-x   2 oracle   dba          512 Aug 31 1999  ./
drwxr-sr-x   8 oracle   dba          512 Apr 13 08:28 ../
-rw-r--r--   1 oracle   dba          819 May 23 16:11 configPUS1.ora
-rw-r--r--   1 oracle   dba         4435 May 26 15:00 initPUS1.ora

Here we see that the ?rw-r--r- equates to a permission of 644 because ?rw equals 6 and r-- equals 4.  To add write permissions to the group entry, we must change the permissions from 644 to 664:

root> chmod 664 *

root> ls -al

total 56
drwxr-sr-x   2 oracle   dba          512 Aug 31 1999  ./
drwxr-sr-x   8 oracle   dba          512 Apr 13 08:28 ../
-rw-rw-r--   1 oracle   dba          819 May 23 16:11 configPUS1.ora*
-rw-rw-r--   1 oracle   dba         4435 May 26 15:00 initPUS1.ora*

We must remember that the default UNIX file permissions are dependent upon the value of the umask parameter.  To illustrate, let?s begin by creating several files on the UNIX server.

root> umask
022
root> touch t.exe u.ora v.sql
root> ls -al
total 6
drwxr-xr-x   2 oracle   dba          512 Sep  3 15:40 .
drwxr-xr-x  22 oracle   dba         2048 Sep  3 15:40 ..
-rw-r--r--   1 oracle   dba            0 Sep  3 15:40 t.exe
-rw-r--r--   1 oracle   dba            0 Sep  3 15:40 u.ora
-rw-r--r--   1 oracle   dba            0 Sep  3 15:40 v.sql

Note that because of the umask being equal to 022, each of the files are created with a permission of 644. Now, let?s use the chmod command to change the permissions to all of the files to 755:

root> chmod 755 *

root> ls -al
total 6
drwxr-xr-x   2 oracle   dba          512 Sep  3 15:40 .
drwxr-xr-x  22 oracle   dba         2048 Sep  3 15:40 ..
-rwxr-xr-x   1 oracle   dba            0 Sep  3 15:40 t.exe
-rwxr-xr-x   1 oracle   dba            0 Sep  3 15:40 u.ora
-rwxr-xr-x   1 oracle   dba            0 Sep  3 15:40 v.sql

As we have already noted, the chmod command can be used with letter-based permission masks (Table 5).

Owner (u)	Group (g)	World(o)	Meaning
rwx	rwx	rwx	Read + Write + execute
rw	rw	rw	Read + Write
rx	rx	rx	Read + execute
wx	wx	wx	Write + execute
r	r	r	Read only
w	w	w	Write Only
x	x	x	Execute only

Table 7: The UNIX chmod letter designations

Let?s see how this works.  In the absence of a designator (u, g, or o), the chmod command makes the change for owner, group and world.  In the chmod command below, we make all .ksh files executable for anyone:

root> ls -al
-rw-r--r--   1 oracle   dba            0 Sep  3 15:40 t.exe
-rw-r--r--   1 oracle   dba            0 Sep  3 15:40 u.ora
-rw-r--r--   1 oracle   dba            0 Sep  3 15:40 v.sql

root> chmod +x *

root>ls -al
-rwxr-xr-x   1 oracle   dba            0 Sep  3 15:40 t.exe
-rwxr-xr-x   1 oracle   dba            0 Sep  3 15:40 u.ora
-rwxr-xr-x   1 oracle   dba            0 Sep  3 15:40 v.sql

Of course, we do the same operation with the numeric chmod command.  Since the execution permissions are 644, we use 755 to make all executable:

root> ls -al
-rw-r--r--   1 oracle   dba            0 Sep  3 15:40 t.exe
-rw-r--r--   1 oracle   dba            0 Sep  3 15:40 u.ora
-rw-r--r--   1 oracle   dba            0 Sep  3 15:40 v.sql

root> chmod 755 *

root> ls -al
-rwxr-xr-x   1 oracle   dba            0 Sep  3 15:40 t.exe
-rwxr-xr-x   1 oracle   dba            0 Sep  3 15:40 u.ora
-rwxr-xr-x   1 oracle   dba            0 Sep  3 15:40 v.sql

As we noted, you can also preface the chmod command with a reference to the user (u), group (g) or others (o). For example, consider the chmod following command to allow others (o) to get write and execute permission:

root> ls -al
-rw-r--r--   1 oracle   dba            0 Sep  3 15:40 t.exe
-rw-r--r--   1 oracle   dba            0 Sep  3 15:40 u.ora
-rw-r--r--   1 oracle   dba            0 Sep  3 15:40 v.sql

root> chmod o+wx *

root>ls -al
-rw-r--rwx   1 oracle   dba            0 Sep  3 15:40 t.exe
-rw-r--rwx   1 oracle   dba            0 Sep  3 15:40 u.ora
-rw-r--rwx   1 oracle   dba            0 Sep  3 15:40 v.sql

Again, please note that this is equivalent to changing the permissions from 644 to 647 as shown below:

root> ls -al
-rw-r--r--   1 oracle   dba            0 Sep  3 15:40 t.exe
-rw-r--r--   1 oracle   dba            0 Sep  3 15:40 u.ora
-rw-r--r--   1 oracle   dba            0 Sep  3 15:40 v.sql

root> chmod 647 *

root> ls -al
-rw-r--rwx   1 oracle   dba            0 Sep  3 15:40 t.exe
-rw-r--rwx   1 oracle   dba            0 Sep  3 15:40 u.ora
-rw-r--rwx   1 oracle   dba            0 Sep  3 15:40 v.sql

We can also use the chmod command to revoke permissions on file.  In the example below, we revoke all permissions for read, write and execute access for everyone except the owner.  Essentially, we are changing the permissions from 647 to 700:

root> ls -al
-rw-r--rwx   1 oracle   dba            0 Sep  3 15:40 t.exe
-rw-r--rwx   1 oracle   dba            0 Sep  3 15:40 u.ora
-rw-r--rwx   1 oracle   dba            0 Sep  3 15:40 v.sql

root> chmod 700 *

root> ls -al
-rwx------   1 oracle   dba            0 Sep  3 15:40 t.exe
-rwx------   1 oracle   dba            0 Sep  3 15:40 u.ora
-rwx------   1 oracle   dba            0 Sep  3 15:40 v.sql

TIP ? Using chmod to save an Oracle password in a UNIX file.

There are times when you have shell scripts that access Oracle and want to store the Oracle password in a UNIX file, such that only the UNIX oracle user can read the file. In this example, we create a file with the Oracle SYSTEM password and chmod the file such that only the UNIX oracle user can view the contents:

root>echo manager>system_password.file

root> chmod 400 *.file

root> ls -al
-r--------   1 oracle   dba            8 Sep  3 16:17 system_password.file

This technique is very useful when you want to write a shell script to access Oracle and you want to keep the password in a single file.

The chmod command also has a set of plus operators (+) that can be used to add read (+r), write (+w) or execute (+x) to a file.  For example, let?s assume we are changing some Korn shell scripts and we want to make them un-executable for everyone until we have completed the change:.

root> chmod -x *.ksh

root> ls -al *.ksh

-rw-r--r--   1 oracle   dba          205 May 10 09:11 a.ksh
-rw-r--r--   1 oracle   dba          303 May 10 09:11 lert.ksh
-rw-r--r--   1 oracle   dba          312 Jul 19 11:32 back.ksh
-rw-r--r--   1 oracle   dba          567 May 10 09:12 coun.ksh

Once the maintenance is complete, the scripts can again be made executable with the chmod +x command:

root> chmod +x *.ksh

root> ls -al *.ksh

-rwxr-xr-x   1 oracle   dba          205 May 10 09:11 a.ksh*
-rwxr-xr-x   1 oracle   dba          303 May 10 09:11 lert.ksh*
-rwxr-xr-x   1 oracle   dba          312 Jul 19 11:32 back.ksh*
-rwxr-xr-x   1 oracle   dba          567 May 10 09:12 coun.ksh*

Next, let?s take a look at a very important area of Oracle UNIX administration, the management of UNIX directories.

If you like Oracle tuning, see the book "Oracle Tuning: The Definitive Reference", with 950 pages of tuning tips and scripts.  You can buy it direct from the publisher for 30%-off and get instant access to the code depot of Oracle tuning scripts.