How do I make a File "unalterable" (write protect) such as it cannot be changed or deleted even by root or superuser under Apple OS X UNIX operating systems?
You can make a file unalterable i.e write protect it but root / superuser can always make changes using the same method. In other words, you can not write protect your stuff from root. Linux use can use the chattr command for write protecting the files.
Change File Flags With the chflags Command
The chflags command modifies the file flags. First, open the terminal and to set system immutable flag type the following command:
sudo chflags schg fileName
The owner can set the user immutable flag as follows (no need to use sudo or superuser password):
chflags uchg fileName
In this, example set user immutable flag on resume.txt file, enter:
chflags uchg resume.txt
To list flags, enter:
ls -lO resume.txt
-rw-r--r-- 1 vivek wheel uchg 18424 Jun 2 18:48 resume.txt
Now, try deleting or writing to the same file, enter:
override rw-r--r-- vivek/wheel uchg for resume.txt? y rm: resume.txt: Operation not permitted
How Do I Remove User Immutable Flag?
Use the command as follows:
chflags nouchg resume.txt ls -lO resume.txt
-rw-r--r-- 1 vivek wheel - 18424 Jun 2 18:48 resume.txt
Putting the letters no before causes the flag to be cleared.
How Do I Remove System Immutable Flag?
Use the command as follows:
sudo chflags noschg resume.txt ls -lO resume.txt<
Please note that above commands works on both the file and folder (remember, under UNIX everything is file).
Finder GUI Tool Method
Right click or control+click (command + I does the same thing) the file or folder you want to write protect and select Get Info. You will get info window as follows:
Click a small lock icon (located at bottom right) and provide your admin password. Once authenticated click on "Locked" check box to lock the file (this is same as running the above chflags command). Additionally, you can add or remove user write permission too.
For more information on use of the chflags utility and additional options, please refer to the chflags man page, viewable by typing man chflags from the command line:
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop