Only the owner of the file, or the root user, may change a file's permissions. The current permissions on the file or on its parent directory are irrelevant¹. This is specified in POSIX:
The application shall ensure that the effective user ID of the process matches the owner of the file or the process has appropriate privileges in order to do this.
On most unices, “appropriate privileges” means running as root. If these conditions are not met, chmod
usually fails with EPERM
, though other behaviors such as aborting the program due to a security violation are permitted.
In addition, some unix variants have system-specific ways of authorizing or forbidding chmod
. For example, Linux has a capability (CAP_FOWNER
) that allows processes to change a file's permissions and other metadata regardless of its owner.
There are other reasons chmod
might fail even though the file exists, is accessible and has the appropriate owner. Common ones include a read-only filesystem or a filesystem that does not support permissions such as FAT. Less common ones include system-specific restrictions such as the immutable attribute on Linux's ext2 filesystem and successors.
¹ Except insofar as he process running chmod
must be able to access the file, so it must have execute permission on the directory containing the file and any other directory that it traverses to do so.
Ramesh's answer is perfectly accurate, but I wanted to chime in and provide a more in depth explanation of file modes.
While numbers like 755
and 777
may seem special and only mean something for file modes, they're actually pretty basic.
These numbers are actually octal numbers. Decimal numbers are base-10, hex numbers are base-16, binary is base-2, and octal numbers are base-8. Meaning that as you count, you go 1 2 3 4 5 6 7 10 11 12 13 14 15 16 17 20 ...
. So the number 007
, is just octal 7
. The octal number 755
is just a number, and is equivalent to 493
in decimal.
Now how you differentiate an octal number from any other base is that octal numbers are prefixed with a 0
. So to say 755
is octal, you should really refer to it as 0755
. The chmod
command just assumes that all input numbers are octal since that is the most common way of referring to file modes.
Now, why do file modes use octal? Well first we need to understand that the mode is just a bitmask that looks like this:
111111111111 - 12 binary bits
============
1 - Other execute
1 - Other write
1 - Other read
1 - Group execute
1 - Group write
1 - Group read
1 - User execute
1 - User write
1 - User read
1 - Sticky bit
1 - Set group ID
1 - Set user ID
Note that there are 3 bits for each of "other", "group", & "user". Binary 111
is 7
, which is the highest single digit octal value. So by using octal numbering, each of the other, group, & user permissions gets a single digit, plus an extra digit for the sticky+setuid+setgid.
So with this, we can go back to your original question of "what is chmod 7
"?
Well, now that we know it's just a octal number, and that it's just a bitmask, we can figure this out. Octal 7
is binary 111
. Using the above bit positions, we can determine that this sets all 3 of the 'other' bits, granting 'other' execute, read, & write access. And since this is just a number, all the other bits are 0, and become unset.
Best Answer
It's history time, kids! Stevens, "APUE", chapter 4, section 10 quotes thusly:
"The S_ISVTX bit has an interesting history ... if it was set ... a copy of the program's text was saved in the swap area ... this caused the program to load into memory faster the next time ... later versions of Unix referred to this as the saved-text bit, hence the constant S_ISVTX."