Using Terminal to Set File Permissions

As most of you will know Mac OS X is a UNIX-based Operating System based upon the Mach Kernel (see here).

As such a lot of the functionality found in UNIX and UNIX-like operating systems, and BSD for that matter, is present and in most cases identical, as well as the binaries. The GUI just provides the interface to issue calls and system calls to lower level components.

Throughout my career in IT, I have seen a lot of misconceptions about command line but most importantly dangerous and bad practices to avoid using it.

Worst one being: enabling the “root” user, logging into the GUI as root, and using Finder to change file/folder permissions.

This practice is dangerous and should never be used. It is especially worrying that people often enable and operate their systems as the root user so they have complete access over the machine. But this is a completely different discussion. So let’s talk about file/folder permissions, namely, “chown” and “chmod”.

You may have guessed already that we can use chown to change file/folder ownership and chmod to change file/folder permissions. There are a number of ways to use these tools but let’s look at OCTETS.

Once you understand the OCTETS you can then navigate the file system and perform tasks, without the need to enable root, as a local admin user (use sudo).

Understanding the OCTETS.

We’ll assume you have a file called “file.txt” located in /private/etc/. The local admin does not have access to modify permissions those files, only root does. Best practice dictates to use terminal to change permissions.

Now,we’ll assume that you wanted to grant everyone using the machine permissions to access that file. These can be achieved by issuing this command

sudo chmod 777 /private/etc/file.txt

But what are those 7s you may ask? They are called OCTETS. Now we will see the output of a terminal command “ls –l” and pay attention to the first column.

What do those letters stand for?

r = read access

w = write access

x = execute

d = indicates a directory

l = indicates a symbolic link i.e. shortcut/pointer to another file/folder

Column 3 indicates “owner of the file” and Column 4 “indicates group”. Each file/folder has a series of bit indicating “who has what access.” You will also notice 9 permission bits.

From left to right, the first 3 “owner permissions,”  second 3 “group permissions” and last 3 “everyone’s permissions.” Everyone implies all other users of the system (it is itself a group).

Use this as an example. Do not change permissions of files within /private/etc/ unless you know what you are doing.

In the above example, afpovertcp.cfg has the following permissions:

  • User “root” has read, write access
  • Group “wheel” has read access only
  • Everyone else has read access only

To change ownership of the file you can issue this command:

sudo chown ladmin:admin  afpovertcp.cfg

This will change the owner of the file from root to ladmin and group ownership from wheel to the admin group.

To change permissions you can use:

sudo chmod 777 afpovertcp.cfg

Now, let’s see what the OCTETS indicate:

Value

Permission

Directory Listing

0

No read, no write, no execute

1

No read, no write, execute

–x

2

No read, write, no execute

-w-

3

No read, write, execute

-wx

4

Read, no write, no execute

r–

5

Read, no write, execute

r-x

6

Read, write, no execute

rw-

7

Read, write, execute

rwx

Based on that, the command would be:

sudo chmod 123

which would change permissions of file “file.txt” to be:

  • Owner: Only Execute
  • Group: Only Write
  • Everyone: Write, Execute

To apply the same permissions to a folder and all of its sub contents you can add the “-R” flag after chmod or chown and that will propagate permissions across all the folders/files within the folder you selected.

**BE CAREFUL

Disclaimer

While the author has taken care to provide our readers with accurate information, please use your discretion before acting upon information based on the blog post. Amsys will not compensate you in any way whatsoever if you ever happen to suffer a loss/inconvenience/damage because of/while making use of information in this blog.

1 Reply to "Using Terminal to Set File Permissions"

  • I have unix/aix/linux experience but am new to MacOS. When I run ls -l I have seen “t” in the execute permission place for everyone, and sometimes “@” after the permission flags. What do these mean?

Leave a Reply

Your email address will not be published. Required fields are marked *