chmod: change file mode bits
Usage (octal mode):
chmod <octal-mode> files... Usage (symbolic mode):
chmod <references><operator><modes> files.. references is a combination of the letters ugoa, which specify which user's access to the files will be modified:
uthe user who owns itgother users in thefile's groupoother users not in the file's groupaall users
If the omitted, it defaults to all users, but only permissions allowed by the umask are modified.
operator is one of the characters +-=:
+add the specified file mode bits to the existing file mode bits of eachfile-removes the specified file mode bits to the existing file mode bits of eachfile=adds the specified bits and removes unspecified bits, except thesetuidandsetgidbits set for directories, unless explicitly specified.
mode consists of a combination of the letters rwxXst, which specify which permission bit is to be modified:
rreadwwritexexecute (or search for directories)Xexecute/search only if the file is a directory or already has execute bit set for some userssetuid or setgid (depending on the specifiedreferences)trestricted deletion flag or sticky bit
Alternatively, the mode can consist of one of the letters ugo, in which case case the mode corresponds to the permissions currently granted to the owner (u), member's of the file's group (g) or permissions of users in neither of the preceding categories (o).
chattr: change file attributesUsage:
chattr <operator><attribute> files...
operator is one of the characters +-=:
+adds the selected attributes to be to the existingattributesof thefiles-removes the selectedattributes=overwrites the current set of attributes the files have with the specifiedattributes.
attribute is a combination of the letters acdeijstuADST, which correspond the attributes:
aappend onlyccompresseddno dumpeextent formatiimmutablejdata journallingssecure deletiontno tail-merginguundeletableAnoatimeupdatesDsynchronous directory updatesSsynchronous updatesTtop of directory hierarchy
setfattr: change extended file attributes
Usage (set attribute):
setfattr -n <name> -v <value> files... Usage (remove):
setfattr -x <name> files... name is the name of the extended attribute to set or remove
value is the new value of the extended attribute
setfacl: change file access control lists
Usage:
setfacl <option> [default:][<target>:][<param>][:<perms>] files... option must include one of the following:
--setset the ACL of a file or a directory, replacing the previous ACL-m|--modifymodify the ACL of a file or directory-x|--removeremove ACL entries of a file or directory
target is one of the letters ugmo (or the longer form shown below):
u,userspermission of a named user identified byparam, defaults to file owneruidif omittedg,grouppermission of a named group identified byparam, default to owning groupuidif omittedm,maskeffective rights masko,otherpermissions of others
perms is a combination of the letters rwxX, which correspond to the permissions:
rreadwwritexexecuteXexecute only if the file is a directory or already has execute permission for some user
Alternatively, perms may be an octal digit (0-7) indicating the set of permissions.
setcap: change file capabilities
Usage:
setcap <capability-clause> file A capability-clause consists of a comma-separated list of capability names followed by a list of operator-flag pairs.
The available operators are =, + and -. The available flags are e, i and p which correspond to the Effective, Inheritable and Permitted capability sets.
The = operator will raise the specified capability sets and reset the others. If no flags are given in conjunction with the = operator all the capability sets will be reset. The + and - operators will raise or lower the one or more specified capability sets respectively.
chcon: change file SELinux security context
Usage:
chcon [-u <user>] [-r <role>] [-t <type>] files... user is the SELinux user, such as user_u, system_u or root.
role is the SELinux role (always object_r for files)
type is the SELinux subject type
Usage:
chsmack -a <value> file value is the SMACK label to be set for the SMACK64 extended file attribute