chmod unable to change permissions - macos

I'm facing an annoying problem. It's been pretty frustrating. I am using a computer at my school to work on the Coursera Startup class. I am trying to connect to an Amazon EC2 instance. I downloaded the key pair. I check permissions.
mac5-library:startup roh21$ ls -l
total 6
-rw-rw-rw-# 1 roh21 108 1692 Jun 22 16:45 startup-class-key.pem
So, it's not secure. So I need to change the permissions. I try:
mac5-library:startup roh21$ chmod 400 startup-class-key.pem
mac5-library:startup roh21$ ls -l
total 6
-r--r--r--# 1 roh21 108 1692 Jun 22 16:45 startup-class-key.pem
Still has read permissions to everyone. Just to demonstrate what happens I do this:
mac5-library:startup roh21$ chmod 600 startup-class-key.pem
mac5-library:startup roh21$ ls -l
total 6
-rw-rw-rw-# 1 roh21 108 1692 Jun 22 16:45 startup-class-key.pem
Is it impossible to change permissions to the user without root permission? I'd be grateful for any kind of help.

Probably not related to initial questions problem, but can be useful. (especially to Unix novices like myself)
Chmod will not work if you are not an owner of resources.
You should run chown first:
$ sudo chown -R $(whoami) .
and then
$ sudo chmod -R +rwX .
First command will change owner of everything in current folder to be logged in user, and second give them read write execute permissions.
Just for example, you, probably, should not change ownership and permissions so boldly.

I copied the file to my ~/.ssh folder and then changed the permissions with chmod. That did it.
Just to provide more information, the permissions for the ssh folder,
drwx------ 8 roh21 108 272 Jun 26 17:26 .ssh
And the permissions to the folder I used initially
drwxrwxrwx 2 roh21 108 2048 Jun 23 06:32 startup
I curious as to why I could not change the permissions to the startup folder even after multiple attempts with the chmod -R option.
Also, note that I was using Mac OS X in my school's library.

See that '#' next to the mode flags? That means that there's extended metadata associated with the file. Use ls -l# to see it. The xattr command will let you view and modify them. It's possible that there's something there that prevents you from modifying the file.
There may also be additional file flags. Use ls -lO (capital-O) to view those. Odds are that one of those flags is the "uchg" flag which means your file is immutable. You can remove that with chflags nouchg <filename> as أحمد طه suggested.
Finally, there might be an ACL attached to the file. Use ls -le to see that.
In general, if you really want to know all the metadata associated with a file on a Mac, the command is ls -leO#.

Looks like you've discovered that the Macintosh doesn't strictly agree with the UNIX permission bits.
Ultimately, there are ACL bits that MacOS sets and that the Macintosh Finder obeys.
To solve your problem quickly, in your Terminal command line, type in "open ." (or the path to your "startup" folder) and that will open up the folder in your Macintosh Finder.
Then do a "Get Info" on the file:
You can change your permissions here.

Hello And it will work
chflags nouchg /path/folder/

Please note you may get "Operation not permitted" at your Terminal when you want to run "chflags nouchg". So, first you should give your Terminal "Full Disk Access" here:
System Settings --> Privacy & Security --> Full Disk Access --> check the Terminal
then close and re-open your Terminal.
Now, run "chflags nouchg PathToYourFolder"
Finally:
chmod 400 YourFile
Done!

Related

What else prevents file deletion on OS X beside permissions, ACL, flags or being in use?

As root (OS X 10.9.5), I cannot delete a file with no flags or ACL entry (at least seemingly), despite having the correct permissions:
/Library/LaunchAgents$ whoami
root
/Library/LaunchAgents$ ls -alOe
total 32
drwxr-xr-x 6 root admin - 204 Jan 12 22:56 .
drwxr-xr-x+ 66 root admin - 2244 May 9 15:26 ..
0: group:everyone deny delete
-rw-r--r-- 1 root wheel - 690 May 4 2016 com.bitdefender.antivirusformac.plist
/Library/LaunchAgents$ chmod -N com.bitdefender.antivirusformac.plist
/Library/LaunchAgents$ chflags 0 com.bitdefender.antivirusformac.plist
/Library/LaunchAgents$ rm com.bitdefender.antivirusformac.plist
rm: com.bitdefender.antivirusformac.plist: Permission denied
/Library/LaunchAgents$
The ACL entry above pertains to the /Library folder and shouldn't affect /Library/LaunchAgents. I have successfully moved other items in LaunchAgents while the bitdefender item fails. Have tried doing the above in single user mode as well with the same result.
What am I missing?
The purpose was to remove all traces of BitDefender. Having deleted its main folder where the files referenced in the plist resided, no daemons are running. I am however puzzled as to how this is possible.
There might be a kext that protects the file (the antivirus trying to "defend" itself), but sudo kextunload <name> (see the kexts with kextstat | grep -v apple) should work... Or, even better, first eliminate the daemon (vs agent) that controls it with sudo launchctl remove <name> (see the daemons with sudo launchctl list | grep -v apple).
I think it's taking advantage of OSX's System Integrity Protection model, but you don't need to worry about that.
They ship an uninstaller, it's just not very well documented. Here's how you get to it:
Open finder -> Utilities -> BitDefender Uninstaller.

Mac OSX no valid sudoers sources found

I am always getting this error. What is the solution ?
As the error message says: your /etc/sudoers file has the wrong permissions.
the normal permissions (on OS X 10.10) are:
$ ls -l /etc/sudoers
-r--r----- 1 root wheel 1293 Sep 19 2012 /etc/sudoers
so get a root shell in some other manner and issue chmod 660 /etc/sudoers
and/or the appropriate chgrp and chown commands.
To get a root shell, it all depends on what you have left as assets.
The failsafe method would be from a recovery partition, but booting in single user mode should be enough in most cases.
Single user mode: boot holding "Command-S"
ref: https://support.apple.com/en-us/HT201573

Scripting a file copy from Mac to Windows (IIS) machine

I'm getting permission denied attempting to copy a file at the command-line from my Mac to a remote Windows IIS server. I have access to the IIS server and have confirmed that I have write permissions to the folder. I can remote desktop to the server and navigate and work in the directories i want. I can copy the file successfully using Finder. From the Terminal command-line I'm able to mount a volume, navigate, ls and cat the file in the directory i'm trying to cp to.
$cp -f ham.html /Volumes/external-api/eggs.html
cp: /Volumes/external-api/eggs.html: Permission denied
$ ls -l ham.html
-rw-r--r-- 1 kellykx LEGAL\Domain Users 18218 Jul 29 22:58 ham.html
$ ls -ld
drwxr-xr-x 31 kellykx LEGAL\Domain Users 1054 Jul 29 23:02 .
$ ls -l /Volumes/external-api/eggs.html
-rwx------+ 1 kellykx LEGAL\Domain Users 18218 Jul 29 15:23 /Volumes/external-api/eggs.html
$ ls -ld /Volumes/external-api
drwx------+ 1 johnsob2 LEGAL\Domain Users 16384 Jul 29 17:53 /Volumes/external-api
I'm worried there's some IIS voodoo i'm missing. Or worse, something obviously trivial.
Ideas welcome.
Resolved.
The permissions of the Windows share were more restrictive than the file system permissions and took precedence, causing the permission denied message. The Windows share permission was r while the underlying directory and files were rw, as shown.
To resolve:
I used remote desktop to login to the Windows server.
Navigated file manager to the parent dir of external-api,
Right clicked and followed properties->Sharing->Advanced Sharing->Permissions
Selected my name from the list box -- already set up when the share was created
Checked Full Control, Change and Read checkboxes.
Open question:
How do you inspect permissions of mounted SMB share from the OSX command line? The equiv of ls -l.

chmod not changing file permissions

When I try to change the permissions for a file it doesn't seem to work. chmod says it is changing it but the file permissions remain the same. Can anyone explain what I am doing wrong? Here is a copy of my command line.
~$ sudo chmod -v u+x ex01
mode of 'ex01' changed from 0600 (rw-------) to 0700 (rwx------)
~$ ls -l ex01
-rw------- 1 user user 60297 Feb 6 21:50 ex01
Certain file systems, such as vfat, don't support Unix permissions. The owners and permissions of the files are decided when the file system is mounted. On vfat for example there is an option to set the permissions to whatever you want, and another that sets the execute bit only for .exe, .com, .bat and similar files. See https://www.kernel.org/doc/Documentation/filesystems/vfat.txt

Unable to make file editable on Mac OS X

I'm trying to edit the httpd.conf file located in /private/etc/apache2, and I can't figure out how to get permission to write
I've done
$ cd /private/etc/apache2
$ sudo chown bdh httpd.conf
$ ls -lash
0 drwxr-xr-x 13 root wheel 442B Jun 7 00:11 .
0 drwxr-xr-x 93 root wheel 3.1K Jun 26 10:51 ..
0 drwxr-xr-x 13 root wheel 442B Jan 3 16:26 extra
24 -r--r--r-- 1 bdh wheel 24K Jun 7 00:11 httpd.conf
...etc...
$ vim httpd.conf
and it says "httpd.conf" [readonly] 677L, 24330C
tried cping to the desktop, but I cant get permission to edit it there either
I'm pretty new to using the terminal, is there some other command I can use?
It is normally unnecessary and undesirable to alter access permissions to edit a file. To edit a file that requires administrator (or other user) privileges without altering the access permissions, use:
sudo -e /private/etc/apache2
Sudo's -e option tells it you want to edit the given file.
This command copies the file and makes it writable by you, tells the editor specified with the SUDO_EDITOR, VISUAL or EDITOR environment variables (they're checked in that order) to edit the file, and when the editor exits, the file is copied back to the original without altering its access permissions.
See the sudo man page for details: x-man-page://8/sudo
The chmod command is what you're looking for I believe: http://en.wikipedia.org/wiki/Chmod
chmod 777 will let anyone read, write or execute for instance.
As richardhsu correctly added, 744 is RWX, R--,R-- and thats probably what you want.

Resources