This example creates a file named 1.txt using the touch command and inspects its default permissions using ls -l for a long format listing of the file. The chmod u+x command adds execute permission only for the file's owner. Running ls -l again shows the updated permission bits with x now present in the owner's column. The u refers to the user, or owner, of the file, while +x means to add execute permissions to the file specified.

This example uses the touch command to create a file named 1.txt and checks its default permissions with the long format listing of the file, ls -l. The chmod go-r command removes read permission from both the group and others columns, with a second ls -l issued to confirm the r bits have indeed been removed from both. This is a common way to restrict a file to owner-only access.

This example uses the touch command to create a file named file.txt and checks its default permissions with ls -l before making any changes. The chmod a+w command adds write permission for all users of the file, which includes the owner, group, and others columns. Running ls -l afterward shows a w (write permission) was added across all three permission groups. The a stands for all, making this a broad permission change.

This example uses the touch command to create a file named file.txt and checks its default permissions with ls -l before making any changes. The chmod 755 command sets permissions using octal notation, where each digit represents owner, group, and others respectively. Running the ls -l command again confirms the result as rwxr-xr-x. This is a common permission set for executable files and public-facing directories. For more details on octal notation, see the MODES section of man chmod for a table of each value.

This example creates a file named 1.txt using the touch command and checks its default permissions with ls -l before making any changes. The chmod 660 command sets read and write access for the owner and group of the file, while removing all permissions for others column. Issuing a second ls -l command confirms the result as rw-rw----. This pattern is commonly used for shared files within a group that should stay private from other users.

This example creates a file named file.txt using the touch command and checks its default permissions with ls -l before making any changes. The chmod 4755 command sets the setuid bit along with standard 755 permissions. Running the ls -l command afterward shows an s in place of the owner's execute bit, indicating setuid is active. When set on an executable file, the setuid bit causes the program to run with the file owner's privileges rather than the caller's.

This example uses the mkdir (make directories) command to create a directory named projects and inspects its permissions with ls -l. The chmod 2755 command sets the setgid bit along with standard 755 permissions. Running the command ls -l again shows an s in the group execute position. When set on a directory, the setgid bit causes new files created inside to inherit the directory's group rather than the owner's primary group.

This example uses the mkdir command to create a directory named projects and checks its initial permissions using ls -l. The chmod 1777 command sets the sticky bit along with full read, write, and execute permissions for all users. Running ls -l afterward shows a t in place of the others' execute bit. On a shared directory, the sticky bit ensures that only a file's owner can delete or rename it.

This example first navigates to the user's home directory using the command cd ~. Next, it runs the command to display and manipulate extended attributes, xattr, on the Applications folder. Extended attributes store metadata beyond standard Unix permissions, such as quarantine flags set by macOS when files are downloaded from the internet. The -l flag displays both the attribute names and their values. This is useful for diagnosing issues like apps blocked by Gatekeeper.

This example runs the id command with no arguments to display identity information for the current user. The output includes the user's numeric UID, name, their primary group GID, group name, and a list of all supplementary groups to which the user belongs. This is useful for understanding what permissions and access rights are in effect. Using the id command is often the first step when debugging permission-related issues.