Changing file permissions on macOS (and using flags)

Using file flags on macOS

While performing system hardening on macOS, you may encounter a typical chmod error. Something like this:

chmod: Unable to change file mode on /usr/bin/gcc: Operation not permitted

Even with root permissions, you can’t change the permissions of some files. How is this possible? This is caused by flags.

Showing file permissions and flags

To see if a file has any flags set, use the ls command with the l (el) and O (capital o).

ls -lO /usr/bin/gcc

This will show if the file is immutable, or any other file characteristics.

Changing flags on files

If you want to change the permissions of a file, you first need to turn off the related immutable flag.

chflags nouchg /usr/bin/gcc

Next step is changing the permissions.

chmod 750 /usr/bin/gcc

Then turn on the immutable flag again.

chflags uchg /usr/bin/gcc

 

See man chflags for more details about flags.

One more thing...

Keep learning

So you are interested in Linux security? Join the Linux Security Expert training program, a practical and lab-based training ground. For those who want to become (or stay) a Linux security expert.

See training package




Lynis Enterprise screenshot to help with system hardeningSecurity scanning with Lynis and Lynis Enterprise

Run automated security scans and increase your defenses. Lynis is an open source security tool to perform in-depth audits. It helps with system hardening, vulnerability discovery, and compliance.


Download

Leave a Reply

Your email address will not be published. Required fields are marked *