Apple OS X: Write Protect File From Command Line

by on June 2, 2010 · 4 comments· LAST UPDATED June 3, 2010

in

How do I make a File "unalterable" (write protect) such as it cannot be changed or deleted even by root or superuser under Apple OS X UNIX operating systems?

You can make a file unalterable i.e write protect it but root / superuser can always make changes using the same method. In other words, you can not write protect your stuff from root. Linux use can use the chattr command for write protecting the files.

Change File Flags With the chflags Command

The chflags command modifies the file flags. First, open the terminal and to set system immutable flag type the following command:

sudo chflags schg fileName

The owner can set the user immutable flag as follows (no need to use sudo or superuser password):

chflags uchg fileName

In this, example set user immutable flag on resume.txt file, enter:

chflags uchg resume.txt

To list flags, enter:

ls -lO resume.txt

Sample outputs:

-rw-r--r--  1 vivek  wheel  uchg 18424 Jun  2 18:48 resume.txt

Now, try deleting or writing to the same file, enter:
rm resume.txt
Sample outputs:

override rw-r--r--  vivek/wheel uchg for resume.txt? y
rm: resume.txt: Operation not permitted

How Do I Remove User Immutable Flag?

Use the command as follows:

chflags nouchg resume.txt
ls -lO resume.txt

Sample outputs:

-rw-r--r--  1 vivek  wheel  - 18424 Jun  2 18:48 resume.txt

Putting the letters no before causes the flag to be cleared.

How Do I Remove System Immutable Flag?

Use the command as follows:

sudo chflags noschg resume.txt
ls -lO resume.txt<

Please note that above commands works on both the file and folder (remember, under UNIX everything is file).

Finder GUI Tool Method

Right click or control+click (command + I does the same thing) the file or folder you want to write protect and select Get Info. You will get info window as follows:

Fig.01: Apple OS X UNIX - Protecting files and folders

Fig.01: Apple OS X UNIX - Protecting files and folders


Click a small lock icon (located at bottom right) and provide your admin password. Once authenticated click on "Locked" check box to lock the file (this is same as running the above chflags command). Additionally, you can add or remove user write permission too.

Recommend Readings:

For more information on use of the chflags utility and additional options, please refer to the chflags man page, viewable by typing man chflags from the command line:
man chflags

TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 4 comments… read them below or add one }

1 Anonymous June 3, 2010 at 1:16 am

See if there is a chattr command; if so then this will work:

chattr +i somefile

But be warned; root, unless he is a noob, can do anything…

Reply

2 Philippe Petrinko June 3, 2010 at 11:26 am

Typo here:
supruser => superuser

Reply

3 nixCraft June 3, 2010 at 11:35 am

As always, thanks for pointing it out.

Reply

4 Daniel Baker June 9, 2010 at 3:26 am

Don’t forget the good old chmod program. There’s a mathematical formula for determining permissions as well.

4 is read, 2 is write and 1 is execute for all three groups; Owner, Group, World.

to set the permissions for read write, and execute is 4+2+1=7 by the owner. For Read and write by group is 4+2=6. To be readable to the world is 4.

This would be represented in the file list ( ls -al ) as:
d rwx rw- r- –

The ‘d’ is a special flag often called the sticky bit. In this case, it’s indicating the entry is a directory. To safely ( and properly ) set these permissions you would enter it as;

chmod 0764
Wildcards like * and ? are accepted here.

This will allow members of the same group mess with each others files. To restrict access to everyone by the owner would be;

chmod 0744

to recurse the folders beyond ( supposing it’s a folder ) add a -R to the command.

and whenever in doubt, “man chmod” or “man chgrp” or “man chown”.

Hope this helps.

- Dan.

Reply

Leave a Comment

Tagged as: , , , , , , , , , ,

Previous Faq:

Next Faq: