Pro Terminal Commands: Working with chflags in macOS


Flags are a system outside of permissions on macOS that are used to control how files can be changed. They are primarily concerned with controlled the modification of a file, but differently from permissions. Flags can only be set by an administrative user or the owner of the file, except in cases of system flags. Setting flags is often a useful way to temporarily restrict access to a file. They’re set differently from permissions but run in parallel.

The Terminal command chflags changes flags. The ls command, with the -lO flag, is used to view the currently-set flags. Either command can be run on the current directory, or on a specific file location. Let’s check out some examples of how chflags works on macOS.

Viewing Set Flags on macOS

In Terminal, you can use an ls flag to view any extant flags.

$ ls -lO ~/Library
drwx------@ 88  alexander staff hidden 2992 Jan 25 14:01 Library

If there are no flags set for a file or folder, a dash will be shown instead.

$ ls -lO ~/Library/Caches
drwx------+ 234 alexander staff   -    7956 Jan 25 13:03 Caches

Set flags can be removed by using their inverse, as described below.

Setting and Clearing Flags on macOS

 

Flags most frequently come up as a problem. Because they set extra-permission permissions, they can be easy to miss. Do you find yourself with a file that cannot be erased, regardless of how elevated your user permissions are? You might need to clear one or two flags.

The flags that can be set under macOS are listed below. This is the full list of available options, as well as an explanation for their functionality. Most flags can only be set by the owner of the file or the superuser; sappnd and schg can only be set by the superuser, since they are system level flags. Only the hidden flag can be set without privilege escalation.

Flags can also be set improperly or accidentally. They can also be shown if a file’s metadata has become corrupted or mishandled. If you are having trouble editing a file and you notice some strange flags, try removing them. You may find this will suddenly clear up your file problems.

Setting Flags on macOS

When setting a flag on macOS, use the command below. The recursive flag -R is available for directory-level operations:

$ sudo chflags -R [flag] /usr/bin/local
$ sudo chflags [flag] /usr/bin/local/foo.bar
$ chflags -R hidden ~/Desktop

will set the appropriate flag. For example, the following sets the nodump flag:

$ sudo chflags nodump /usr/bin/local/foo.bar

Only one flag can be set or removed per chflags command.

  • opaque set the folder to appear opaque when viewed through a union mount, an old-fashioned way of viewing multiple directories simultaneously. This isn’t a relevant flag for more users.
  • nodump prevents the file or folder from being dumped during use of the dump command to back up your system. If you don’t use dump, this flag has no effect on its own. However, it is often set in concert with other change-restriction flags like uappnd or schg.
  • sappnd, sappend set the system append-only flag, which allows the file to be added to but not modified or deleted. In general,the use of the system-level flags is rare. They’re restricted to only the most important files or the laziest developers. The same goes for any flags preceded with a s, which all stand for “system” level flags. To remove this flag, you’ll need to enter Single User Mode by holding “X” at your Mac’s startup chime.
  • schg, schange, simmutable set the system immutable flag, which locks out all file changes by all users of any privilege level. To remove this flag, you’ll need to enter Single User Mode by holding “X” at your Mac’s startup chime.
  • uappnd, uappend set the user append-only flag. This can be set by the file owner and can be unset by the owner without escalating privileges. Since it locks the file the same was as sappnd or schg at lower security, it’s used far more frequently.
  • uchg, uchange, uimmutable set the user immutable flag, which has the same relationship to the system immutable flag as the uappnd flag has to sappnd.
  • hidden sets the hidden flag. This hides the item within the Finder GUI and ls commands.

Clearing Flags on macOS

To clear a given flag, set its opposite. In most cases, this means prepending “no” to your command. In the case of nodump, set the dump flag to clear, like so:

$ sudo chflags dump /usr/bin/local/oty.sh

More standard terms can be reversed with the “no” prefix, like so:

$ sudo chflags nosappnd /usr/bin/local/oty.sh

As with chmod, a recursive flag is available:

$ chflags  -R nohidden ~/Desktop

Once flags have been cleared, you’ll be free to change the ownership and permissions of the file as expected.

Conclusion

Flags are most useful when limiting who can change a file. By locking files, you can prevent tampering or accidental edits at a file system level. Without escalation to root or the file owner, these privileges cannot be changed, so they’re moderately secure.

You might also like the following posts:

iOS Hack: Silence Your iPhone’s Outgoing Message Sound

Pro Terminal Commands: Editing the SSH Configuration File

Pro Terminal Commands: Editing bash_profile


Alexander Fox

0 Comments

Your email address will not be published.