What is the meaning of chmod -R a-x,a=rX,u+w?
chmod changes file permissions, -R makes it be done recursively but what are:
a-xa=rXu+w
here?
Asked
Active
Viewed 5,166 times
2 Answers
7
a-x clears the executable bit for everyone (user, group, other).
a=rX sets the read bit for everyone, and the executable bit on directories; see What is a capital X in posix / chmod? for details. It clears all other bits. (This can’t be combined with a-x, because X here would set the executable bit for any non-directory with an executable bit set too; applying a-x first ensures that only directories get their executable bit set.)
u+w sets the write bit for the user.
The result is that all directories end up with 755 permissions, and everything else with 644 permissions. Here are a few examples:
| Step | Regular file | Executable | Directory |
|---|---|---|---|
a-x |
??-??-??- |
??-??-??- |
??-??-??- |
a=rX |
r--r--r-- |
r--r--r-- |
r-xr-xr-x |
u+w |
rw-r--r-- |
rw-r--r-- |
rwxr-xr-x |
If we leave out the a-x step, one of the executable’s x bits would be set (otherwise it wouldn’t be an executable), and the a=rX step would handle it like a directory.
If you prefer reasoning in terms of “read, write, execute”, then a=r,u+w,a+X might be easier to understand:
| Step | Regular file | Executable | Directory |
|---|---|---|---|
a=r |
r--r--r-- |
r--r--r-- |
r--r--r-- |
u+w |
rw-r--r-- |
rw-r--r-- |
rw-r--r-- |
a+X |
r--r--r-- |
r--r--r-- |
rwxr-xr-x |
This would also work better on at least some versions of macOS where X is only recognised with + operations, not =.
See Understanding UNIX permissions and file types for more context, and Combine find-chmod for directories and find-chmod for regular files for other approaches.
Stephen Kitt
- 434,908
1
Those are a symbolic way of specifying permissions, so you don't have to remember the value of each and be able to add those together.
, is just a separator, allowing you to specify multiple permissions (changes to permissions), in your example there are three separate permissions a-x, a=rX and u+w.
Each permission start with a specification of who it applies to, that can be either user, group, others (be careful not to think o is for owner) or all (or a compositions of those, you can use e.g. ug to specify something for both user and group.
Then follows either a +, - or =, to say whether you want to add permissions, remove permissions or specify permissions precisely.
Last is the actual permissions, the most common are read, write and execute (meaning search for directories), but there is also characters for setuid/setgid (s), stickiness (t), and X that is described in the man page as "execute/search only if the file is a directory or already has execute permission for some user".
In your example a-x means remove (-) the execute permission for everybody (all), and u+w means add (+) write permission for the user. Lastly (except that I have explained them in a different order from how they were given = how they are applied) the permissions for everybody (all) are set to read and execute (on directories, exexcute on files were removed before).
Note that if they were evaluted in the order I've explained them u+w would be pointless, as a rule for everybody follows - but I've explained them in a different order from given to get the most complicated (the 'X') last.
