Category filter

Script to change file/folder permissions on Mac

Depending on the need of the hour, admins may often have to set limitations on users’ access to different files/folders. For example, they may either restrict a user’s access to a confidential file or even give access to a group of users to a single file. Usually, in such scenarios, the admins manually restrict or provide access to the users by modifying the corresponding file’s Sharing and Permissions settings. Whereas executing the following script to change file/folder permissions using Hexnode UEM’s Execute Custom Script action allows admins to assign permission to any user with just one command remotely.

Scripting Language – Bash

File extension – .sh


The sample scripts provided below are adapted from third-party open-source sites.

What are the different kinds of permissions and who are they granted to?

Every file and folder on the Mac has three kinds of permissions – read(r), write(w) and execute(x). These permissions are given to three categories of users:

  • Owner(u) – The owner is the creator of the file/folder.
  • Group(g) – Group usually refers to the group that the owner belongs to, either administrators or staff. Users can be added to a particular group to give access to multiple users at once.
  • Others(o) – Any user that is not the owner or member of the group is categorized as others.

There are two ways of representing the permissions assigned to a user:

  • Octal representation – Numbers from 0 to 7 represent different combinations of permissions.
  • Symbolic representation – r, w and x represent read, write and execute permissions, respectively.

The table demonstrates how the various combinations of permissions are represented. These permissions can be assigned to each of the three categories of users for every file/folder.

Octal representation
Symbolic representation
– – –
– – x
– w –
– w x
r – –
r – x
r w –
r w x

How to change file permission in Mac via terminal?

The chmod command is used to modify the permission set over a file/folder.

Syntax: chmod permission file/folder name

permission consists of three parts; the permission given to the owner, group and others, in that order. It can be written in two ways; either using the symbolic representation or the octal representation.

For example:

Octal representation:

Here, 7 is the permission assigned to the owner, 5 is that assigned to the group and 3 to others.

Symbolic representation:

Here, u, g and o represent the owner, group and others, respectively, and the values following the equal signs are the permissions assigned to each of them.

You can refer to the table above to see each of these permissions. Similarly, you can configure any permission to be granted over a file/folder.

How to view the existing permission of a file or folder?

Syntax: ls -@l file/folder name


Executing this command will display the existing permission of the file named file.txt. The output is returned in the symbolic format. You can verify the output under the Action History tab of the corresponding device.

 Output of script to view permission of a file

As mentioned earlier, the output ‘ – r w – r w – r – – ‘ comprises three parts. r w – is the read and write permission given to the owner, the following r w – is that of the group and r – – is the read-only permission given to others. The ‘ ’ at the beginning of the output indicates that the item is a file, not a directory.


  • It is recommended to manually validate the script execution on a system before executing the action in bulk.
  • Hexnode will not be responsible for any damage/loss to the system on the behavior of the script.

  • Sample Script Repository