Key concepts and commands for managing permission on a Macintosh in the CLI interface.

1. ls -alh; to list a directory.
2. d or "-" indicates directory or file respectively.
3. rwx; first the owner, then group, then world's permissions.
4. "+" or "@" indicates ACL's or extended attributes respectively.
5. ls -e; view the ACL's of an item.
6. chown; change ownership. To change the owner and group associated with a file or folder.
   1. sudo chown user:group path/to/item
7. chmod; change permissions. Two ways of notating this command.
   1. u for owner, g for group, o for everyone.
   2. ug=rwx,o=r yields read, write, execute for owner and group but read-only for everyone.
   3. octal notation: 0 for no access, 1 for execute only, 2 for write-only, 4 for read-only.
   4. 777=control for everyone.
   5. 755=control for owner, read-write for group and everyone.
   6. 644=read-write for owner, read-only for group and everyone.
   7. 444=read-only for all.
   8. 440=read-only for owner and group, nothing for everyone. This is very secure and is still useful.
8. t; as the last item in the permissions list a "t" means the "sticky bit" is set. The "sticky bit" is applied to a folder and it means that only the owner of the item inside can delete it.
   1. chmod +t path/to/item
   2. chmod -R +t path/to/folder, to add sticky bit to all items inside.
   3. chmod -t path/to/item, to remove sticky bit.
   4. chmod -R-t path/to/folder, to remove the sticky bit from the folder and contents.
9. Locked files cannot be changed even with sudo. Use the chflags to check the lock flag.
   1. ls -lO path/to/item, that is a cap "o", will show the "uchg" in the item listing.
   2. sudo chflags nouchg path/to/item to remove the lock.
10. sudo chmod -N path/to/item; to clear ACLs from an item.
11. sudo /usr/libexec/repair_packages --list-standard-pkg; will list all items that repair permissions will work on. Repair permissions does not work on anything else including user data, applications, etc.