Permission to view files

To view file permissions, run the following command:

Check all file permissions in the current directory
ls -l

# View permissions for specified filesThe ls -l | grep file nameCopy the code

Description of file permission display

When we enter the above command, we can see the following display:

The red-boxed fields above are: Permissions, number of links, owner, all groups, file size, last modified date, and file name.

The first red box shows the permissions we need. Let’s interpret what these letters mean:

The first character indicates the type of file:

  • i: symbolic link file
  • dFolders:
  • -: Common file

The last 9 letters indicate the file’s permissions:

  • r: has read permission
  • w: Has the write permission
  • x: Has execution permission
  • -: Does not have the permission

[read][write][execute] [read][write][execute] [read][write][execute]

  • [user]: Owner in the red box above
  • [group]: Members of the group in the red box above
  • [other]: Other than the above two types of people

Every 3 letters corresponds to an identity that has exactly 9 letters of permission on the file.

Changing file Permissions

The command to change file permissions is chmod, which comes in two forms

Numeric types

Let’s set each permission to a number:

  • r4:
  • w: 2
  • x: 1.

If the permission of a file is set to [-rwxr-xr-x], the permission values of each identity are:

  • User: 4 + 2 + 1 = 7
  • Group: 4 + 0 + 1 = 5
  • Other: 4 + 0 + 1 = 5

The resulting command is:

Chmod 755 File nameCopy the code

symbols

The command of the symbol type is:

Chmod [u, g, O, a][+, -, =][r, w, x] File nameCopy the code

Meaning of each character:

  • u: User ownerUser
  • g: Indicates the group of the userGroup
  • o: Other rolesOther
  • a: All rolesAllIs a combination of the above three roles
  • +: Add permission
  • -: Remove permission
  • =: Set permission
  • r: Read permission
  • w: Write permission
  • x: Execute permission

For example:

Chmod u+r Specifies the file nameCopy the code

This command is used to add read permission to User

We often come across commands like this:

Chmod +x File nameCopy the code

User roles are not seen here. If you do not set user roles, the default is All.

Extended property permissions for files

If you are careful, you will notice that some files have the @ sign at the end of the file when we show permissions, which indicates that there are extended attributes. We can use the following command to see what additional information there is:

ls -l@
Copy the code

We see that each of these with the @ symbol has an additional information field:

You can think of extended attributes as a dictionary of [String: Data]. The red box is key and the number after it is the length of Data. The xattr command is used to manipulate extended attributes.

# Display a file's existence extension propertyXattr filename# display a file's existing extended attribute and the value of this attribute:Xattr -l Specifies the name of the file# add com.example.color to a file:Xattr -w com.example.color Specifies the name of the file# Clear com.example.color from a file:Xattr -d com.example.color Specifies the name of the file# clear com.example.color from all files in a folder:Xattr -d -r com.example.color folderClear all extended attributes of a file:Xattr -c Specifies the name of the fileCopy the code

Let’s try a random file:

We see the com.apple.macl attribute showing its value directly, and com.apple.macl only sees binary data and nothing in the ASCII code on the side. So Com.apple. quarantine’s Data is ASCII and COM.apple. macl’s Data is also unknown to me.

We can also get extended attributes using the familiar OC or Swift code:

let manager = FileManager.default
let attr = try! manager.attributesOfItem(atPath: path)
let exten = attr[FileAttributeKey.init("NSFileExtendedAttributes")] as! [String: Data]
Copy the code

Some data is ASCII, such as the com.apple. attribute. Here’s how to get the ASCII attribute:

let str = String(data: value, encoding: .ascii)
Copy the code

Some data is in plist file format, such as com.apple.metadata. Let’s see how to obtain plist attribute values:

var format = PropertyListSerialization.PropertyListFormat.binary
let custom = try? PropertyListSerialization.propertyList(from: value, options: PropertyListSerialization.ReadOptions(rawValue: 0), format: &format)
Copy the code

Of course, there must be format data, wait for you to try it out, these formats are not fixed. You can also add custom extension attributes and specify your own data format, such as UTF8, which will not be expanded.

It is worth saying that a lot of online downloaded applications are not trusted and can not be opened. Some applications will be prompted from the source of such and such a place when they are opened. Whether you confirm to open them is a problem of extended attributes. If you really encounter an app that cannot be opened, remove the com.apple.quarantine attribute and the eight achievements are now on.