Like all major operating systems, macOS allows you to restrict access to files using a complex set of file permissions. You can set them yourself using the Finder application or by using the chmod command in your Mac terminal. Here’s how.
Setting Mac File Permissions Using Finder
If you want to set permissions for a file on your Mac without using the terminal, you’ll need to use the Finder app.
You can launch the Finder from the Dock at the bottom of your screen. The application is represented by the smiling Happy Mac logo icon.
In a Finder window, you can view and set permissions by right-clicking on a file or folder and selecting the “Get Info” option.
Detailed information about your file or folder can be found in the “Info” window that opens. To set file permissions, however, you must click the arrow next to the “Sharing and Permissions” option.
This will display a list of accounts or user groups on your Mac, with the access levels listed in the “Privilege” category.
If the account or user group for which you want to set permissions is not listed, select the Plus (+) icon at the bottom of the window.
Choose the user or group in the selection window, then click the “Select” button. This will add it to the list.
Access levels are self-explanatory – users with “Read only” access level cannot edit files, but they can access them. If an account is defined at the “Read and write” level, they can do both.
To change this for a user or group in the list, click the arrow next to the existing level for that account or group, then select “Read Only” or “Read and Write” from the list.
Authorizations are immediately defined. Close the “Info” window when you are done.
Setting Mac File Permissions Using the Terminal
If you have used the chmod command on Linux, then you will be aware of its power. With a single terminal command, you can set read, write, and executable permissions for files and directories.
However, the chmod command is not just a Linux command. Like many other Linux terminal commands, chmod dates back to Unix in the 1970s – Linux and macOS both share this heritage, which is why the chmod command is available in macOS today.
To use chmod, open a terminal window. You can do this by pressing the Launchpad icon on the Dock and clicking on the “Terminal” option in the “Other” folder.
You can also use Apple’s built-in function Spotlight Search to open the terminal.
View permissions on current files
To view the current permissions for a file, type:
ls – @ l file.txt
Replace “file.txt” with your own file name. This will show all user access levels, as well as any extended attributes relevant to macOS.
The file permissions for the file are displayed in the first 11 characters output by the ls command. The first character, a dash in (-), shows that it is a file. For files, it is replaced by a letter (d) instead.
The following nine characters are divided into groups of three.
The first group displays the access levels for the owner of the file / folder (1), the middle group displays the group permissions (2) and the last three display the permissions for any other user (3).
You will also see letters here, such as r (read), w (write) and x (run). These levels are always displayed in this order, for example:
— would mean no read or write access, and the file is not executable.
r– would mean that the file can be read, but not written, and that the file is not executable.
rw- would mean that the file can be read and written, but the file is not executable.
r-x means that the file can be read and executed, but not written.
rwx means that the file can be read, written and executed.
If the last character is an at (@) sign, it means that the file or folder has extensive file attributes related to security, giving some applications (such as Finder) persistent access to files.
This is partly related to new security features introduced in macOS Catalina, although file access control lists (ACLs) have been a Mac feature since macOS X 10.4 Tiger in 2005.
Setting file permissions
To set file permissions, you will use the chmod command on the terminal. To remove all existing permissions, set read and write access for the user while allowing read access for all other users, type:
chmod u = rw, g = r, o = r file.txt
The flag u defines the permissions for the owner of the file, g refers to the user group, while o refers to all other users. Using an equal sign (=) clears all previous permissions for this category.
In this case, the owner of the file gets read and write access, while the user group and other users get read access.
You can use a plus sign (+) to add access to a user level. For example:
chmod o + rw file.txt
This would grant all other users read and write access to the file.
You can use the minus (-) to remove this instead, for example:
chmod o-rw file.txt
This would remove read and write access for all other users of the file.
To delete, add or delete user permissions for all users, use the a flag instead. For example:
chmod a + rwx file.txt
This would give all users and user groups read and write access to your file, and allow all users to run the file.
Great power comes with great responsibility, and there is no doubt that the chmod command is a complete and powerful tool for modifying file permissions on the Mac. You can, for example, replace the letters (rwx) with a combination of three (or four) octal digits, up to 777 (to read, write and execute).
If you want to know more, type man chmod on the terminal to read the full list of available indicators and parameters.