By Graham K. Rogers

Ever since the first Macs appeared, they have been known for the graphical user interface (GUI): icons instead of command line work which before the mid-1980s was the norm. Paradoxically, the arrival of OS X brought with it easy access to the command line should users ever want this, although it is possible to use the computer without ever needing to work at the command line at all.

In OS X there is a system of permissions which was developed from what is used in Unix sytems. This controls who is able to use a file (or directory/folder) and what they may do with it. Permissions will control the functions that allow a user to read, write or execute.

To see the permissions in the OS X Finder, we can highlight a file and either use "Get Info" (File menu) or simply press the Command + i keys. At the bottom of the panel that opens is a section marked Sharing & Permissions. Usually three names are shown. Alongside are the permissions.

For example, if I highlight Apple's Calculator in the Applications folder, I see "system", "wheel" and "everyone". The name wheel is used for those users who have su (sudo) rights.

It is possible to change the permissions, but this is rare nd should only be done when really necessary. An example might be with a file copied from another user with incorrect permissions (for example to give "write" access where "read only" was available before).

A warning tale here. A local user who asks me questions from time to time phoned me one morning because he had used "Get Info" on the hard disk icon and was disturbed to see that for the group, Everyone, it was marked as "Read only." He did not want others to be able to read his hard disk and thought that changing the permissions from "Read only" to "No Access" would improve security. He phoned me just after the computer failed to start up.

With some online help, I sent the commands to startup in single user mode and mount the disk to his phone in a text message, then talked him through the needed permissions change.

In a Unix file listing we may see the permissions displayed when the "list" option is used

ls -l

A quick check of what I have in the eXtensions "current month" folder on my MacBook Pro,

Rogerss-MacBook-Pro-2:~ graham$ ls -l /Users/graham/Sites/amitiae/10_2012_1
total 752
-rw-r--r--@ 1 graham staff 22599 Oct 1 08:00 cassandra_10_01.html
-rw-r--r--@ 1 graham staff 29890 Oct 3 07:20 cassandra_10_03.html
-rw-r--r--@ 1 graham staff 33240 Oct 5 07:37 cassandra_10_05.html
-rw-r--r--@ 1 graham staff 30177 Oct 8 07:53 cassandra_10_08.html
-rw-r--r--@ 1 graham staff 29412 Oct 10 07:50 cassandra_10_10.html
-rw-r--r--@ 1 graham staff 31952 Oct 12 08:22 cassandra_10_12.html
-rw-r--r--@ 1 graham staff 26705 Oct 15 07:40 cassandra_10_15.html
drwxr-xr-x 13 graham staff 442 Oct 9 22:28 images
-rw-r--r--@ 1 graham staff 17289 Oct 13 19:10 terminal_10.html
-rw-r--r--@ 1 graham staff 16215 Oct 13 19:10 terminal_11.html
-rw-r--r--@ 1 graham staff 21918 Oct 13 19:10 terminal_12.html
-rw-r--r--@ 1 graham staff 18224 Oct 13 19:10 terminal_13.html
-rw-r--r--@ 1 graham staff 20023 Oct 13 21:07 terminal_14.html
-rw-r--r--@ 1 graham staff 16932 Oct 15 21:06 terminal_15.html
-rw-r--r--@ 1 graham staff 17945 Oct 13 19:11 terminal_8.html
-rw-r--r--@ 1 graham staff 19788 Oct 13 19:11 terminal_9.html

shows 15 visible files and one directory (folder).

Like the information in the Finder, the information is displayed (left to right) as Owner, Group and All (other) in the form, r, w, x or - to indicate read, write, execute or no setting (off). As the owner, I may read and write. The group (staff) and everyone may read only. The @ indicates a "symbolic link". Other characters (*, =, %, |) may also appear in some listings.

With three groups and three options for each, the settings are either on or off. When expressed in binary form this may be either a 1 (ON) or a 0 (OFF). If all are off in a group, in a binary form this is 000, while all on would be 111. The binary number 111 is 7 in base 10.

The command chmod is used to change a file's permissions. We type the command, followed by the options and then the filename, so to change a file from rw- rw- rw- to rwxrwxrwx the command used would be

chmod filename 777

In a reverse of that, to change from rwxrwxrwx (111 111 111 or 777) to rw- rw- rw- we would use 110 110 110 or 666

chmod filename 666

In addition,

• r-- is 4
• -w- is 2
• --x is 1

The manual entry for this command

man chmod

shows that there are a number of other -- and more sophisticated -- command options that may be used.

As ever, If in doubt, Don't.

See Also -