9

BSD/MacOS question.

chmod -w file will remove all the write permissions from file

chflags uchg file will set the user-immutable bit (aka "Locked" bit) on file

Beyond the obvious statement of "setting permissions vs setting a flag", what are the technical differences and behavior differences of these two commands? When is one preferred over the other?

selbie
  • 313
  • 1
  • 9
  • The preferred tool depends on what task your trying to do. Besides the technical differences are obvious, as you put it, one sets the permissions and the only sets the flags of a file or folder. – Ramhound Nov 08 '13 at 11:50
  • 1
    That's what I was getting at. What tasks would suggest one over the other? – selbie Nov 08 '13 at 11:51
  • 1
    On some operating systems you can not **remove** the user-immutable bit unless you are at security level 0. (And that is something which you can not lower without a reboot). Which is not so much an technical difference as well as a security difference. – Hennes Nov 08 '13 at 17:47
  • 1
    On FreeBSD, when the [securelevel](http://www.freebsd.org/doc/faq/security.html#idp66560048) is >0, the _system_ immutable or append-only flags cannot be turned off. – Roland Smith Nov 10 '13 at 13:58

1 Answers1

7

Three differences come to mind off the top of my head:

  • The uchg flag locks the contents of the file and its directory entry, while the file permissions only apply to the file's contents. This means that a file with all write access removed can still be freely moved, renamed, or even deleted by any user with write access to the directory the file's in.
  • The root user ignores file permissions, but is subject to a uchg lock. But the root user can unlock the file, so this isn't that deep a difference.
  • At least on OS X, removing all write access in the POSIX permissions can be overridden by an access control list on the file. chmod -w will not remove ACL entries granting write access, so some users and/or groups may still have write permissions.
Gordon Davisson
  • 34,084
  • 5
  • 66
  • 70