Changing file permissions on macOS (and using flags)

Using file flags on macOS

While performing system hardening on macOS, you may encounter a typical chmod error. Something like this:

chmod: Unable to change file mode on /usr/bin/gcc: Operation not permitted

Even with root permissions, you can’t change the permissions of some files. How is this possible? This is caused by flags.

Showing file permissions and flags

To see if a file has any flags set, use the ls command with the l (el) and O (capital o).

ls -lO /usr/bin/gcc

This will show if the file is immutable, or any other file characteristics.

Changing flags on files

If you want to change the permissions of a file, you first need to turn off the related immutable flag.

chflags nouchg /usr/bin/gcc

Next step is changing the permissions.

chmod 750 /usr/bin/gcc

Then turn on the immutable flag again.

chflags uchg /usr/bin/gcc


See man chflags for more details about flags.

Automate security audits and know your risks
Lynis Enterprise screenshot to help with system hardening

This blog post is part of our Linux security series to get Linux and Unix-based systems more secure.

Is system hardening taking a lot of time for you? Don't know where to start? We solved that problem: Lynis Enterprise.

Leave a Reply

Your email address will not be published. Required fields are marked *