Protecting Files With Flags


Sometimes you might need to ensure that no user, even the owner, inadvertently moves, changes, or deletes a certain file.

Mac OS X and other BSD-UNIX (Berkeley System Distribution) file systems support flags, in addition to permission modes. Flags help define what can be done to a file, such as deleting it or changing a symbolic link. The most important flag in Mac OS X is the uchg flag, which locks files. An ordinary user cannot change, move, or delete a file that has this flag set. The root user can override this flag, and the file owner can clear it.

If you set or clear the uchg flag from the command line, the Finder will update the icon the next time you click it.

The Finder uses the uchg flag to lock a file when you click Locked on the File Info window, as shown below. When you lock a file in the Finder, the file's icon changes to include a small lock image.

You can also set and clear the uchg flag from the command line. To set the flag from the command line, use

chflags uchg filename


If you have installed the developer tools, you can also use the SetFile command to set the uchg flag. Type /Developer/Tools/SetFile -a L filename.

To list flags, type ls -lo. To clear the flag, type chflags nouchg filename.

This example shows the effect of the uchg flag:

$ rm Ffile override rw-rw-r-- david/david uchg for Ffile? y rm: Ffile : Operation not permitted


As the example shows, an ordinary user cannot delete a file with the uchg flag set. When the root user attempts to remove a file with the uchg flag set, the rm command automatically clears the uchg flag.

A file lock has no effect on the containing folder. That is, you can move a folder containing a file with the uchg flag set. As a result, locked files in folders moved to the Trash can cause problems later when you try to empty the Trash.

The chflags command and ls -o are unique to BDS variants of UNIX. Do not assume that all experienced UNIX system administrators know about them. Linux uses chattr and lsattr to set and view flags. Solaris has no equivalent.

Warning

A similar flag exists called schg that should generally never be used. If a file has the schg flag set, nobody can remove or modify the file, which will likely cause problems. Even system administrators and the root user can't modify the file. Unfortunately, this also means nobody can modify the flags of the file to remove the schg flag. If you do come upon a file with the schg flag set, you'll need to boot into single-user mode to remove it.





Apple Training Series. Mac OS X System Administration Reference, Volume 1
Apple Training Series: Mac OS X System Administration Reference, Volume 1
ISBN: 032136984X
EAN: 2147483647
Year: 2005
Pages: 258
Authors: Schoun Regan

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net