Changing file permissions on macOS (and using flags)

Using file flags on macOS

While performing system hardening on macOS, you may encounter a typical chmod error. Something like this:

chmod: Unable to change file mode on /usr/bin/gcc: Operation not permitted

Even with root permissions, you can’t change the permissions of some files. How is this possible? This is caused by flags.

Showing file permissions and flags

To see if a file has any flags set, use the ls command with the l (el) and O (capital o).

ls -lO /usr/bin/gcc

This will show if the file is immutable, or any other file characteristics.

Changing flags on files

If you want to change the permissions of a file, you first need to turn off the related immutable flag.

chflags nouchg /usr/bin/gcc

Next step is changing the permissions.

chmod 750 /usr/bin/gcc

Then turn on the immutable flag again.

chflags uchg /usr/bin/gcc

See man chflags for more details about flags.

Feedback

Small picture of Michael Boelen

This article has been written by our Linux security expert Michael Boelen. With focus on creating high-quality articles and relevant examples, he wants to improve the field of Linux security. No more web full of copy-pasted blog posts.

Discovered outdated information or have a question? Share your thoughts. Thanks for your contribution.

Mastodon icon