Saturday, February 12, 2011

My Mac OS X Filesystem Permissions Cheat Sheet

With Mac OS X being a Unix-based Operating System, we can use the Terminal application to get under the hood of the OS and perform many advanced operations. One the the most basic Unix or Linux command line operations or set of operations deals with file permissions. Here, I have accumulated revavent information and commands to filesystem permissions general to *nix and also specific to a mac.

Users and Groups


dscl . -list /Groups PrimaryGroupID
dscl . -list /Users UniqueID

Creating a non-standard user

First, choose a User ID and a Group ID which is not already in use, which must be a positive integer, lower than 500.
sudo dscl . -create /Groups/_tomcat PrimaryGroupID 107
sudo dscl . -create /Groups/_tomcat RealName "Tomcat Users"
sudo dscl . -create /Groups/_tomcat Password \*
sudo dscl . -create /Users/_tomcat UniqueID 107
sudo dscl . -create /Users/_tomcat PrimaryGroupID 107
sudo dscl . -create /Users/_tomcat HomeDirectory /usr/local/tomcat
sudo dscl . -create /Users/_tomcat UserShell /usr/bin/false
sudo dscl . -create /Users/_tomcat RealName "Tomcat Administrator"
sudo dscl . -create /Users/_tomcat Password \*
Choosing /usr/bin/false as the UserShell, and setting the Password to “*” turns this account unusable as a standard user account. The _name convention is used for non-standard accounts.

List Files - ls

ls -lhFa


-l long format, displaying Unix file types, permissions, number of hard links, owner, group, size, date, and filename
-F appends a character revealing the nature of a file, for example, * for an executable, or / for a directory. Regular files have no suffix.
-a lists all files in the given directory, including those whose names start with "." (which are hidden files in Unix). By default, these files are excluded from the list.
-R recursively lists subdirectories. The command ls -R / would therefore list all files.
-d shows information about a symbolic link or directory, rather than about the link's target or listing the contents of a directory.
-t sort the list of files by modification time.
-h print sizes in human readable format. (e.g., 1K, 234M, 2G, etc.)


drwxr-xr-x@ 14 root wheel 476B Feb 12 00:12 ./
drwxr-xr-x 6 root wheel 204B Feb 10 22:11 ../
-rw-r--r--@ 1 root wheel 55K Feb 4 13:51 LICENSE
-rw-r--r--@ 1 root wheel 1.2K Feb 4 13:51 NOTICE
-rw-r--r--@ 1 root wheel 8.6K Feb 4 13:51 RELEASE-NOTES
-rw-r--r--@ 1 root wheel 6.5K Feb 4 13:51 RUNNING.txt
drwxr-xr-x@ 26 root wheel 884B Feb 12 00:55 bin/
drwxr-xr-x@ 9 root wheel 306B Feb 12 01:07 conf/
drwxr-xr-x@ 21 root wheel 714B Feb 10 23:40 lib/
drwxrws---@ 24 _tomcat admin 816B Feb 12 00:55 logs/
drwxrws--- 6 _tomcat admin 204B Feb 12 00:12 static/
drwxrws---@ 6 _tomcat admin 204B Feb 12 12:40 temp/
drwxrws---@ 12 _tomcat admin 408B Feb 12 00:49 webapps/
drwxrws---@ 4 _tomcat admin 136B Feb 12 01:08 work/
d=directory, -=normal file, l=symbolic link
rwx=red/write/execute, rwx truple=user/group/others
@=attributes, use xattr -l filename to view them
next comes the user owner, then the group owner, then file size, then last modified, then name



-R recursive


sudo chown root file.txt
sudo chown -R root:wheel .
sudo chown root:_tomcat conf/tomcat-users.xml
sudo chown _tomcat:admin logs temp webapps work
root=user, wheel=group



-R recursive


sudo chmod 644 conf/*
sudo chmod 640 conf/tomcat-users.xml
sudo chmod 2770 logs temp webapps work
sudo chmod -R 2770 /usr/local/tomcat/static
rwx=red/write/execute, rwx truple=user/group/others
7 full
6 read and write
5 read and execute
4 read only
3 write and execute
2 write only
1 execute only
0 none
2770, the first bit (2) in a 4-bytle chmod is for setuid and setgid permissions. See:


Joel's Writings

No comments: