The File Permissions System

Mac OS X uses the Unix file permission system to control who has access to the filesystem’s files, folders, and disks, and what they can do with them.

Ownership and permissions are central to security. It’s important to get them right, even when you’re the only user, because odd things can happen if you don’t. For most users’ interaction with Mac OS X, the system will do the right thing, without their having to think much about it. (Things get a little trickier when viewing the system as an administrator, though.)

Permissions refer to the ways in which someone can use a file. There are three such permissions under Unix:

Read

Allows you to look at a file’s contents.

Write

Allows you to change or delete a file.

Execute

Allows you to run a file as a program. (This isn’t so important when using Mac OS X’s GUI, though; see the sidebar What About the Execute Bit? later in this section.)

When each file is created, the system assigns some default permissions that work most of the time. For instance, it gives you both read and write permission, but most of the world has only read permission. If you have a reason to be paranoid, you can set things up so that other people have no permissions at all.

There are times when defaults don’t work, though. For instance, if you create a shell script or Perl program in the Terminal, you’ll have to assign executable permission so that you can run it. We’ll show how to do that later in this section, after we get through ...

Get Mac OS X in a Nutshell now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.