File Protections
A Macintosh may have many users with login accounts. To maintain privacy and security, most users can access only some files on the system, not all. This access control is embodied in two questions:
- Who has permission?
Every file and directory has an owner who has permission to do anything with it. Typically the user who created a file is its owner, but relationships can be more complex.
Additionally, a predefined group of users may have permission to access a file. Groups are defined by the system administrator and are covered in Group Management.
Finally, a file or directory can be opened to all users with login accounts on the system. You’ll also see this set of users called the world or simply other.
- What kind of permission is granted?
File owners, groups, and the world may each have permission to read, write (modify), and execute (run) particular files. Permissions also extend to directories, which users may read (access files within the directory), write (create and delete files within the directory), and execute (enter the directory with
cd
).
To see the ownership and permissions of a file, run the ls -l
command, described in more detail in
Basic File Operations:
➜ ls -l myfile
-rw-r--r-- 1 smith staff 7384 Jan 04 22:40 myfile
In the output, the file permissions are the 10 leftmost characters:
-rw-r--r--
a string of r
(read), w
(write), x
(execute), dashes, and sometimes other
letters and symbols. Reading from left to right (positions 1–10), the permissions
mean:
Position ... |
Get Macintosh Terminal Pocket Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.