OJBs Web Site: Blog Page

Note: You are currently viewing my old web site. There is a new version with most of this content at OJB.NZ.
The new site is being updated, uses modern techniques, has higher quality media, and has a mobile-friendly version.
This old site will stay on-line for a while, but maybe not indefinitely. Please update your bookmarks. Thanks.

Add a Comment (Go Up to OJB's Blog Page)

More Geekiness

Entry 201, on 2005-07-26 at 14:56:56 (Rating 1, Computers)

This is a second entry relating to using the Unix command line in Mac OS X to do some tasks which are difficult through the usual Mac programs. See the first blog entry in this series, "Terminal 101", for basic information on what Terminal is, and how to use it.

Another common use for the command line is to modify privileges. In Unix, documents and folders (or files and directories) can have privileges added to them like this: There are separate privileges for the owner, a group, and all other users. Each of these three types of user can have the ability to read, write, or execute the item. Only the owner can modify the privileges associated with an item.

You probably know that the Mac Finder can change item privileges through a friendly graphical interface, so the question is, why would you want to do it through the command line instead? There are several reasons. First, the Finder sometimes doesn't work properly, especially when modifying large numbers of items inside a folder with different privileges. Second, by using terminal you can work on a remote machine through SSH. And third, there is more flexibility in the command line. For example, by using wildcards you can change the privilege of just HTML documents or text files (or changing based on file names, etc).

There are three Unix commands you need to do this sort of thing. First is chown. This changes the owner of an item. For example, "chown bob myfile" will change the owner of myfile to bob. The name will usually be the short name of a standard Mac OS X user. There are also special pre-defined names in Unix, for example "www" for the web server. There is one problem here, unless you are the owner you can't change the owner. To overcome this, use the "sudo" command first, then enter an admin password, so enter "sudo chown bob myfile".

The second command is chgrp. This changes the group of an item. There are a series of standard groups set up by Unix, such as staff and admin. On Mac OS X Server you can also set up groups for specific purposes. Groups are just collections of users, so you could create a group for high privilege users, visitors, etc.

The final command is chmod. This changes the privilege mode. For example, if you wanted the owner to be able to both read and write a file (this is usually a good idea) enter "chmod u+rw myfile". This changes the file myfile so that the owner (or user indicated by u) has added (the +) read (r) and write (w) privileges. The "+" means this will be added to existing privileges. To give a group "staff" read-only enter "chmod g=r myfile". Here the g means group, and the equals means set this privilege, and ignore any existing ones. Finally, you could remove read and write privileges for other users with "chmod o-rw myfile". The o means all other users, the "-" means remove these privileges.

I hope that is helpful. Remember that my using "*" instead of a file name you can change all files in the current folder. And by using something like "*.txt" instead you can change all files with the suffix ".txt". Also by using the -R option with any of these commands you can change all files in the current folder, and folders within that folder. For example "chown -R admin *" will change the owner of all files in the current folder and sub-folders to admin. Note: always be careful when changing large numbers of files!

Finally, if you enter the command "man chmod" (show manual for chmod command) you will see there is a lot more which I haven't mentioned here.

There are no comments for this entry.

You can leave comments about this entry using this form.

To add a comment: enter a name and email (both optional), type the number shown above, enter a comment, then click Add.
Note that you can leave the name blank if you want to remain anonymous.
Enter your email address to receive notifications of replies and updates to this entry.
The comment should appear immediately because the authorisation system is currently inactive.