CLI - Permissions - Macintosh

Key concepts and commands for managing permission on a Macintosh in the CLI interface.

  1. ls -alh; to list a directory.
  2. d or "-" indicates directory or file respectively.
  3. rwx; first the owner, then group, then world's permissions.
  4. "+" or "@" indicates ACL's or extended attributes respectively.
  5. ls -e; view the ACL's of an item.
  6. chown; change ownership. To change the owner and group associated with a file or folder.
    1. sudo chown user:group path/to/item
  7. chmod; change permissions. Two ways of notating this command.
    1. u for owner, g for group, o for everyone.
    2. ug=rwx,o=r yields read, write, execute for owner and group but read-only for everyone.
    3. octal notation: 0 for no access, 1 for execute only, 2 for write-only, 4 for read-only.
    4. 777=control for everyone.
    5. 755=control for owner, read-write for group and everyone.
    6. 644=read-write for owner, read-only for group and everyone.
    7. 444=read-only for all.
    8. 440=read-only for owner and group, nothing for everyone. This is very secure and is still useful.
  8. t; as the last item in the permissions list a "t" means the "sticky bit" is set. The "sticky bit" is applied to a folder and it means that only the owner of the item inside can delete it.
    1. chmod +t path/to/item
    2. chmod -R +t path/to/folder, to add sticky bit to all items inside.
    3. chmod -t path/to/item, to remove sticky bit.
    4. chmod -R-t path/to/folder, to remove the sticky bit from the folder and contents.
  9. Locked files cannot be changed even with sudo. Use the chflags to check the lock flag.
    1. ls -lO path/to/item, that is a cap "o", will show the "uchg" in the item listing.
    2. sudo chflags nouchg path/to/item to remove the lock.
  10. sudo chmod -N path/to/item; to clear ACLs from an item.
  11. sudo /usr/libexec/repair_packages --list-standard-pkg; will list all items that repair permissions will work on. Repair permissions does not work on anything else including user data, applications, etc.