Filter
Top Products
Chapter 8 Working with Users and Groups 123
Setting Permissions
To control access to your information, Mac OS X automatically sets permissions for
disks, folders, and files. You can only change permissions to items that you own.
Be sure that the default permissions are appropriate. For most purposes, files should be
accessible to the other members of your group. If you have private or confidential
information, the default permissions of the files may allow others to see it. To prevent
others from accessing personal information, create a folder and set its permissions to
“owner.” Then place your confidential files into it. No other users will be allowed into
the folder.
Mac OS X provides distinct permissions for three types of users:
 The “owner” of the item, who is usually the person who created the item
 Any member of the group assigned to the item by Mac OS X
 Any other user with access to the computer
There are four levels of permission:
 Read & Write allows a user to open the item to see its contents and change it.
 Read Only allows a user to open the item to see its contents, but not change or copy
the contents.
 Write Only makes a folder into a drop box. Users can copy items to the drop box, but
cannot open the drop box to see its contents. Only the owner of the drop box can
open it to access items.
 No Access blocks all access to the item so that users can’t open the item, change its
contents, or copy its contents.
Viewing Permissions
Each security group is assigned a code that controls that group’s permissions:
 r (read) allows the user to see the item but not make changes.
 w (write) allows the user to see and make changes to the item.
 x (execute) allows the user to run scripts or programs.
 - (access) means access is turned off.
To view permissions for files and folders, enter the ls -l command. For each file or
folder listed, you see the permissions, owner and group name, and file or folder name.
Some examples of permission settings:
 The following file (-) displays read, write, and executable permissions for owner (rwx),
group (rwx) and all others (rwx):
-rwxrwxrwx
 The following file (-) displays read, write, and executable permissions for owner (rwx),
and group (rwx), but no permissions for others (---):
-rwxrwx---