Changing file permissions on macOS (and using flags)

Using file flags on macOS

While performing system hardening on macOS, you may encounter a typical chmod error. Something like this:

chmod: Unable to change file mode on /usr/bin/gcc: Operation not permitted

Even with root permissions, you can’t change the permissions of some files. How is this possible? This is caused by flags.

Showing file permissions and flags

To see if a file has any flags set, use the ls command with the l (el) and O (capital o).

ls -lO /usr/bin/gcc

This will show if the file is immutable, or any other file characteristics.

Changing flags on files

If you want to change the permissions of a file, you first need to turn off the related immutable flag.

chflags nouchg /usr/bin/gcc

Next step is changing the permissions.

chmod 750 /usr/bin/gcc

Then turn on the immutable flag again.

chflags uchg /usr/bin/gcc

 

See man chflags for more details about flags.

Lynis Enterprise

Lynis Enterprise screenshot to help with system hardening

This blog post is part of our Linux security series and the mission to get Linux and Unix-based systems more secure.

Does system hardening take a lot of time, or do you have any compliance in your company? Have a look at Lynis Enterprise.

Or start today with the open source security scanner Lynis (GitHub)


Leave a Reply

Your email address will not be published. Required fields are marked *