It’s an easy matter to overwrite a file in macOS that you want to keep unchanged. One way to prevent this: Select the file in the Finder, choose File > Get Info, and check the Locked box. A padlock icon appears on the file’s icon or preview. Locking a file doesn’t prevent throwing it into the Trash, but you’re prompted to proceed when you do so, since you obviously locked it with a purpose.
Macworld reader Jeff noted that when he uses the Locked option, files stored in iCloud Drive don’t sync this Locked property to the other devices. However, using Sharing & Permissions in Get Info to set the file to be have the privilege “Read Only” was persistent wherever it synced.
He wondered: What’s the difference between these two settings? And why does one sync and the other not?
File privileges and locking files
The Locked status predates macOS and OS X, and seems to have been carried over for compatibility with OS X and never thought of again. The Locked property appears to not be stored with the package of permissions and access control lists (ACLs) that are part of a file or directory’s metadata in macOS. Thus, when you lock a file, it affects only the instance of the file on a specific Mac.
Showing how Apple really hasn’t paid attention to this feature, if a locked file is synced through iCloud and then modified on another machine, the file on the original Mac is overwritten and left unlocked.
Jeff tested using a file-level privilege setting for the file, setting his ownership permissions to Read Only. This did sync, although it can be overridden by the file’s owner (as determined by a system-level user) and by anyone with macOS administrator privileges.
To change privileges on a file:
- Select the file in the Finder.
- Choose File > Get Info.
- If not showing, expand the Sharing & Permissions section.
- If the Name field has an account name and “(Me)” after it, you can use the popup menus next to each entry under Name and change the Privilege popup. In this case, just change the one next to “your name (Me)” to Read Only.
If the Name field doesn’t show “(Me)” or you can’t select any of the popup menus, click the lock icon in the lower-right corner, and then enter an administrator account and password to complete step 4.
There’s no Apply button or other step, nor any visual indication of the change.
Read Only is the Finder representation of underlying Unix permissions, which Apple enhanced. In plain old Unix, a file or folder/directory has a single user, group, and world permissions, and those can be set for read, write, execute, and some other permissions. Apple’s enhancements let you attach many users to a single file or folder, and allow for more esoteric metadata that controls access, too.
I haven’t used the Locked option for years; I’d kind of forgotten it even exists. That may be a good idea. Even better? Apple could deprecate file locking by showing a warning when you check the Locked box, and by offering a wizard to help people migrate Locked status to Read Only. Then it could remove it in a future release.
Ask Mac 911
We’ve compiled a list of the questions we get asked most frequently along with answers and links to columns: read our super FAQ to see if your question is covered. If not, we’re always looking for new problems to solve! Email yours to email@example.com including screen captures as appropriate, and whether you want your full name used. Every question won’t be answered, we don’t reply to email, and we cannot provide direct troubleshooting advice.