Mac OS X uses permissions to restrict access to applications, files, and folders. Utilizing this security control can help protect your data from unauthorized access. Whether you use your Mac in public places or share it with other users, you may want to change the permissions on your documents to ensure the confidentiality and integrity of your data.
Of course, it can be difficult to strike a balance between convenience and security when using permissions. Users who are too restricted won’t be able to perform basic tasks. And if you give users too much power, you risk privilege escalation or worse. Use trial and error to find an adequate level of security that everyone can live with.
File Permissions Crash Course
Every file and folder on your Mac has a configurable set of permissions. Permissions control three types of access: reading, writing, and executing. You can mix and match any of the types to grant seven levels of access, as illustrated below.
Read, write, and execute permissions overlap to create seven octal permission notations.
You’ll learn how to modify permissions using the Info window in the next section. But to really leverage permissions, you need to learn the Unix-based symbolic and octal permission notations, which are hidden beneath the Mac OS X graphical user interface. All of the available permissions are shown in the table below.
Permissions | No permission | Execute | Write | Write and execute | Read | Read and execute | Read and write | Read, write and execute |
Octal Notation | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 |
Symbolic notation | --- | --x | -w- | -wx | r-- | r-x | rw- | rwx |
The Terminal application allows you to use octal notation to set permissions for the owner, a group, and everyone else. To create a “write only” drop box folder, you could set directory permissions to 622 to give the owner read and write permissions, and the group and everyone else write only permissions. The three groups of notations are shown below.
Symbolic and octal permission notations for owner, group, and everyone.
Mac OS X automatically sets permissions to limit a user’s access to system files and other user directories. If that protection isn’t good enough, you can change permissions to prevent other users from doing stuff like editing your "Great American Novel," reading private financial documents, or opening a specific application.
How to Modify Permissions with the Info Window
The Info window allows you to modify permissions for users, groups, and everyone else. It doesn’t provide the same level of granular control as the chmod command, which you’ll learn about in the next section, but it’s a good way to quickly limit access to a file or folder.
Here’s how to modify permissions with the Info window:
- Click a file or folder to select it.
- From the File menu, select Get Info. One of the windows shown below appears.
- Click the disclosure triangle next to Sharing & Permissions to display permissions for the selected file or folder.
- Click the lock and authenticate with an administrator account.
- Use the menus next to users and groups to change the permissions.
- When you’re finished, close the Info window.
Changes are effective immediately.
How to Modify Permissions with chmod
For total control over permissions, you can use two Unix commands -
ls
and chmod
- to display permissions and modify them. Assume you want to find a folder’s current permissions and then change them to 755. This would give you as the owner read, write and execute permissions, and everyone else read and execute permissions.Here’s how to find a folder’s current permissions and change them:
- Open the Terminal application.
- Type
ls –l
, and then press Return. The symbolic permissions of the files and folders in your home directory are displayed, as shown below. - Type chmod 755 foldername, and then press Return. This changes the permissions of the folder to rwxr-xr-x.
When it comes to using the
ls
and chmod
commands, practice makes perfect. Try modifying the permissions on a couple of sample files. If you need more help, use the man
command to display the manual pages for these commands (e.g., man ls
).Final Thoughts
Permissions as a security control are more effective in some environments than others. Schools and offices have a real need for permissions - there are lots of users, and the information stored on the computers can be valuable. In single-user households, where only one person uses a Mac, convenience might outweigh any perceived security threats. It’s all about finding the right balance for your environment.
submitted by guest blogger
sandr lowe, South Korea
Retweet this story
submitted by guest blogger
sandr lowe, South Korea