Like all major operating systems, macOS allows you to restrict access to files using a complex set of file permissions. You can set these yourself using the Finder app, or by using the chmod command in your Mac’s terminal. Here’s how.

与所有主要操作系统一样,macOS允许您使用一组复杂的文件权限来限制对文件的访问。 您可以使用Finder应用程序或在Mac终端中使用chmod命令自行设置这些设置。 这是如何做。

使用Finder设置Mac文件权限 (Setting Mac File Permissions Using Finder)

If you want to set the permissions for a file on your Mac without using the terminal, you’ll need to use the Finder app.


You can launch Finder from the Dock at the bottom of your screen. The application is represented by the smiling Happy Mac logo icon.

您可以从屏幕底部的Dock启动Finder。 该应用程序由微笑的Happy Mac徽标图标表示。

The Finder icon in the macOS Dock

In a Finder window, you can view and set permissions by right clicking a file or folder and selecting the “Get Info” option.


Right-click a file and press Get Info to access file permissions on macOS

Extensive information about your file or folder can be found in the “Info” window that opens. To set file permissions, however, you’ll need to click on the arrow next to the “Sharing & Permissions” option.

在打开的“信息”窗口中可以找到有关文件或文件夹的大量信息。 但是,要设置文件许可权,您需要单击“共享和许可权”选项旁边的箭头。

This will display a list of accounts or user groups on your Mac, with access levels shown under the “Privilege” category.


The "Sharing & Permissions" section of the Get Info window for a file on macOS

If the account or user group you want to set permissions for isn’t listed, select the Plus (+) icon at the bottom of the window.


Press the plus icon at the bottom of the Get Info window

Choose the user or group in the selection window and then click the “Select” button. This will add it to the list.

在选择窗口中选择用户或组,然后单击“选择”按钮。 这会将其添加到列表中。

Select a user or user group, then press Select to add that user or group to the list of file permissions on macOS

The access levels are self-explanatory—users with a “Read Only” access level are unable to edit files, but they can access them. If an account is set to the “Read & Write” level, then they can do both.

访问级别是不言自明的-具有“只读”访问级别的用户无法编辑文件,但可以访问它们。 如果将帐户设置为“读和写”级别,则它们可以同时执行。

To edit this for a user or group in the list, click on the arrow next to the existing level for that account or group and then select either “Read Only” or “Read & Write” from the list.


Setting user group permissions for a user on macOS

Permissions are immediately set. Close the “Info” window once you’re done.

权限将立即设置。 完成后,关闭“信息”窗口。

使用终端设置Mac文件权限 (Setting Mac File Permissions Using the Terminal)

If you’ve ever used the chmod command on Linux, then you’ll be aware of its power. With one terminal command, you can set the read, write, and executable permissions for files and directories.

如果您曾经在Linux上使用过chmod命令,那么您将意识到它的强大功能。 使用一个终端命令,您可以设置文件和目录的读取,写入和可执行权限。

The chmod command isn’t a Linux-only command, however. Like many other Linux terminal commands, chmod dates back to Unix from the 1970s—Linux and macOS both share this heritage, which is why the chmod command is available in macOS today.

但是, chmod命令不是仅Linux命令。 像许多其他Linux终端命令一样, chmod可以追溯到1970年代的Unix — Linux和macOS都具有这种传统,这就是为什么chmod命令在当今的macOS中可用的原因。

To use chmod, open a terminal window. You can do this by pressing the Launchpad icon on the Dock and clicking the “Terminal” option in the “Other” folder.

要使用chmod ,请打开一个终端窗口。 您可以通过按下Dock上的Launchpad图标并单击“ Other”文件夹中的“ Terminal”选项来执行此操作。

Press the Launchpad icon on the Dock, then click the "Terminal" option in the "Other" folder to launch the Terminal app

Alternatively, you can use Apple’s built-in Spotlight Search feature to open the Terminal.


查看当前文件权限 (Viewing Current File Permissions)

To view current permissions for a file, type:


ls -@l file.txt

Replace “file.txt” with your own file name. This will show all user access levels, as well as any extended attributes relevant to macOS.

用您自己的文件名替换“ file.txt”。 这将显示所有用户访问级别以及与macOS相关的任何扩展属性。

The ls command at the macOS terminal

File permissions for the file are shown in the first 11 characters output by the ls command. The first character, an en dash (-), shows that this is a file. For folders, this is replaced by a letter (d) instead.

ls命令输出的前11个字符显示了文件的文件许可权。 第一个字符,破折号( - )表示这是一个文件。 对于文件夹,将其替换为字母( d )。

The ls command at the macOS terminal showing files and folders

The next nine characters are split into groups of three.


The first group shows the access levels for the file/folder owner (1), the middle group shows group permissions (2), and the final three shows permissions for any other users (3).


Underlined file permissions using the ls command at the macOS terminal

You’ll see letters here, too, such as r (read), w (write), and x (execute). These levels are always shown in that order, so for instance:

您还将在这里看到字母,例如r (读), w (写)和x (执行)。 这些级别始终按该顺序显示,例如:

  • --- would mean no read or write access, and the file isn’t executable.


  • r-- would mean the file can be read, but not written to, and the file isn’t executable.


  • rw- would mean the file can be read and written to, but the file isn’t executable.


  • r-x means the file can be read and executed, but not written to.


  • rwx means the file can be read, written, and executed.


If the final character is an at sign (@), then it signifies that the file or folder has extended file attributes relating to security, giving certain apps (like Finder) persistent file access.

如果最后一个字符是at符号( @ ),则表示文件或文件夹具有与安全性有关的扩展文件属性,从而使某些应用程序(如Finder)具有持久的文件访问权限。

This is related in part to new security features introduced in macOS Catalina, although file access control lists (ACLs) have been a Mac feature since macOS X 10.4 Tiger back in 2005.

这部分与macOS Catalina中引入的新安全功能有关,尽管自2005年macOS X 10.4 Tiger起,文件访问控制列表(ACL)一直是Mac的功能。

设置文件权限 (Setting File Permissions)

To set file permissions, you’ll use the chmodcommand at the terminal. To remove all existing permissions, set read and write access for the user while allowing read access for all other users, type:

要设置文件许可权,您将在终端上使用chmod命令。 要删除所有现有权限,请设置用户的读写访问权限,同时允许所有其他用户的读写访问权限,键入:

chmod u=rw,g=r,o=r file.txt

The u flag sets the permissions for the file owner, g refers to the user group, while o refers to all other users. The use of an equal sign (=) wipes all previous permissions for that category.

u标志设置文件所有者的权限, g表示用户组,而o表示所有其他用户。 使用等号( = )会擦除该类别的所有先前权限。

In this instance, the file owner is gaining read and write access, while the user group and other users are gaining read access.


The chmod command used at the macOS terminal

You can use a plus sign (+) to add access to a user level. For instance:

您可以使用加号( + )将访问权限添加到用户级别。 例如:

chmod o+rw file.txt

This would grant all other users both read and write access to the file.


An alternative use of chmod at the macOS terminal

You can use the minus (-) to remove this instead, for example:

您可以使用减号( - )删除它,例如:

chmod o-rw file.txt

This would remove read and write access for all other users from the file.


Removing permissions from all other users using chmod at the macOS terminal

To wipe, add, or remove user permissions for all users, use the a flag instead. For instance:

要擦除,添加或删除所有用户的用户权限,请改用a标志。 例如:

chmod a+rwx file.txt

This would grant all users and user groups with read and write access to your file, as well as allow all users to execute the file.


With great power comes great responsibility, and there’s no denying that the chmod command is an extensive and powerful tool to change file permissions on Mac. You can, for instance, replace the letters ( rwx ) with a combination of three (or four) octal digits, up to 777 (for read, write, and execute).

强大的功能伴随着巨大的责任,而且不能否认chmod命令是在Mac上更改文件权限的强大工具。 例如,您可以将字母( rwx )替换为三个(或四个)八进制数字的组合,最大为777(用于读取,写入和执行)。

If you want to learn more about it, type man chmod at the terminal to read the full list of available flags and settings.

如果要了解更多信息,请在终端上键入man chmod以阅读可用标志和设置的完整列表。







