Changing file permissions on macOS (and using flags)

Using file flags on macOS

While performing system hardening on macOS, you may encounter a typical chmod error. Something like this:

chmod: Unable to change file mode on /usr/bin/gcc: Operation not permitted

Even with root permissions, you can’t change the permissions of some files. How is this possible? This is caused by flags.

Showing file permissions and flags

To see if a file has any flags set, use the ls command with the l (el) and O (capital o).

ls -lO /usr/bin/gcc

This will show if the file is immutable, or any other file characteristics.

Changing flags on files

If you want to change the permissions of a file, you first need to turn off the related immutable flag.

chflags nouchg /usr/bin/gcc

Next step is changing the permissions.

chmod 750 /usr/bin/gcc

Then turn on the immutable flag again.

chflags uchg /usr/bin/gcc

 

See man chflags for more details about flags.

Automate security audits with Lynis and Lynis Enterprise
Lynis Enterprise screenshot to help with system hardening

This blog post is part of our Linux security series to get Linux (and Unix-based) systems more secure.

Daily security checks

Want to go to the next level of security scanning and system hardening? Start with automated security scans for Linux: Lynis and Lynis Enterprise.


Automate Scanning »

Leave a Reply

Your email address will not be published. Required fields are marked *