O'Reilly logo

Mac® Security Bible by Joe Kissell

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

3.2. Understanding POSIX Permissions

As I mentioned, Mac OS X, as a variety of Unix, labels each and every file and folder with a series of permissions. Leopard and Snow Leopard follow the POSIX standard, which specifies, among other things, a way to express permissions. Most other varieties of Unix also use POSIX permissions.

3.2.1. Read, write, and execute

To begin at the simplest level, POSIX permissions include three main capabilities for any item: read (abbreviated r), write (abbreviated w), and execute (abbreviated x). Read, of course, means open a file and see what's inside. Write permission implies permission to modify or delete a file or folder. Execute permission means, in the case of a program, permission to run it — or, in the case of a folder, permission to list its contents.

Read, write, and execute permissions for a file or folder appear as a simple cluster of three characters, always in the same order: rwx. If all three characters are present, then a user has read, write, and execute permission. If any character is replaced with a hyphen (-), it means the user doesn't have that permission. So, r-x means permission to read and execute but not write; rw- means permission to read and write but not execute; r-- means permission to read but not write or execute.

3.2.2. User, group, and other

In fact, you never see just one cluster of rwx characters; they always come in threes: rwxrwxrwx. Although r, w, and x always mean the same thing, they apply to different sets ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required