This month we’re going to look at permissions, in MacOS X. In past articles I’ve explained that MacOS X is a multi-user environment, due to its UNIX underpinnings. UNIX systems, since their introduction, were designed to be multi-users machines. There are various real and virtual users on your Mac belonging to groups, such as staff, admin and wheel. By default we Mac users belong either to the admin group or the staff group. If you’ve already tried to install any applications on you Mac you will have had to authorize the installation by giving your username and password. If you were successful, it was most likely due to the fact that you belong to the admin group.
You may have also been exposed to File Sharing in earlier versions of MacOS. Access to file servers and other services are also controlled using the same model as that designed into early UNIX systems. Every single file and every directory has a property that controls how it can be accessed. There is the owner or user, the group he belongs to, and everyone else or others. Along with each of these three associations, is whether the user or group can read, write or execute the file or folder.
Let’s have a closer look, as I explain more. Open up the Terminal application (Applications >> Utilities >> Terminal.) Once again we start in your ho0me directory. At the prompt, type ls -l to do a long list. You’ll see a variety of files and folders listed:
-rw-r–r– 1 timmitra staff 4707 Jun 12 2002 stickers.pdf
-rw-r–r– 1 timmitra staff 37 Feb 2 19:59 test.txt
drw-r–r– 1 timmitra staff 387 Oct 23 22:27 systems
At the beginning of the list we can see the type of item and the permissions. After that we can see the user, the group, the size in bytes, the modification date and finally the name.
Lets create a directory where we can play with the permissions. Type mkdir test and we’ll make a directory called test (Choose a different name if you already have a file or folder called test.) Type cd test to call (or enter) the directory test. Let’s make some files; Enter touch file1 file2 file3 and we’ll create three files at once. Type ls – l to check our progress.
[timsg3:~/test] timmitra% ls -l
-rw-r–r– 1 timmitra staff 0 Apr 9 00:42 file1
-rw-r–r– 1 timmitra staff 0 Apr 9 00:42 file2
-rw-r–r– 1 timmitra staff 0 Apr 9 00:42 file3
What we see in the permissions area is 10 characters. The first in either a – for a file or a d if the item is a directory. The next nine characters are groups of three, The first three are for the owner, the second the group and the third everyone else. In the example the user timmitra can read and write. Members of the group staff can read and so can everyone else (other).
To change the permissions we’ll use the chmod program. There are two ways to use chmod , We’ll look at the relative method today. User is represented by the letter u, group is g, others is o and to change all three we’ll use a for all. To add a permission we’ll use “+”, to take away “-” and we’ll use “=” to make it exact. The syntax is chmod permissions file(s).
Try this: chmod go+x file1 then type ls -la to see the result. You should see that we’ve added execute to file1;
-rw-r-xr-x 1 timmitra staff 0 Apr 9 00:42 file1
Here’s how permissions work. With directories the read permission means a user can list the contents with ls. The write permission means the user can add, rename and delete items in the directory. The execute permissions allows a user to access (cd) the directory. The user also has to have access to the parent directories. This how your files are protected from and or shared with other users. (Note: system superuser aka root can access any file on the system.)
With respect to files, the permissions affect the contents of the file. Read allows a user to read, write allows a user to modify the file. Execute allows the user to run the file if it’s a program (like a shell script.)
I’ll leave you with some examples to try. (Note: I’ll use commas to separate user permissions.)
To protect a file from others use: chmod u+rwx,go-rwx filename
The owner can read, write and execute while group and others will have no access. To protect a file from accidental writing use: chmod a-w filename
No one will be able to modify the file. To protect a directory from group and others: chmod go-rwx directoryname
To give read only access to a directory use: chmod u=rwx,go=rx directoryname
Next month we’re going to look at remote access, where permissions also play a big part.