1
00:00:00,06 --> 00:00:01,05
- [Instructor] Macs typically use

2
00:00:01,05 --> 00:00:04,05
either the HFS+ or APFS file systems,

3
00:00:04,05 --> 00:00:05,09
and these file systems

4
00:00:05,09 --> 00:00:07,09
can both store metadata about files,

5
00:00:07,09 --> 00:00:08,08
like permissions

6
00:00:08,08 --> 00:00:10,05
and extended attributes.

7
00:00:10,05 --> 00:00:12,01
Macs also use other strategies

8
00:00:12,01 --> 00:00:14,00
to store platform specific metadata

9
00:00:14,00 --> 00:00:15,07
and to represent file metadata on systems

10
00:00:15,07 --> 00:00:18,02
that don't have metadata support.

11
00:00:18,02 --> 00:00:20,08
macOS is derived in part from FreeBSD,

12
00:00:20,08 --> 00:00:22,02
so it's Unix heritage gives it

13
00:00:22,02 --> 00:00:23,00
a similar approach

14
00:00:23,00 --> 00:00:24,04
to most Linux file systems

15
00:00:24,04 --> 00:00:26,02
when it comes to file metadata.

16
00:00:26,02 --> 00:00:27,03
Standard UNIX permissions

17
00:00:27,03 --> 00:00:28,03
for the file owner,

18
00:00:28,03 --> 00:00:29,01
the owning group,

19
00:00:29,01 --> 00:00:30,09
and others are represented,

20
00:00:30,09 --> 00:00:32,04
and the macOS file systems

21
00:00:32,04 --> 00:00:34,02
also include access control lists,

22
00:00:34,02 --> 00:00:35,03
extended attributes,

23
00:00:35,03 --> 00:00:36,04
and flags.

24
00:00:36,04 --> 00:00:37,07
The file system also stores

25
00:00:37,07 --> 00:00:39,03
a files last access time,

26
00:00:39,03 --> 00:00:40,01
modification time,

27
00:00:40,01 --> 00:00:41,03
change time,

28
00:00:41,03 --> 00:00:43,07
and birth or creation time.

29
00:00:43,07 --> 00:00:44,08
We can view many aspects

30
00:00:44,08 --> 00:00:46,05
of a file's metadata in the finder

31
00:00:46,05 --> 00:00:48,00
using the info pane,

32
00:00:48,00 --> 00:00:49,07
which we can open by selecting a file

33
00:00:49,07 --> 00:00:51,08
and then pressing Command + I.

34
00:00:51,08 --> 00:00:52,08
This lists a variety

35
00:00:52,08 --> 00:00:53,09
of regular attributes

36
00:00:53,09 --> 00:00:55,01
and some extended attributes

37
00:00:55,01 --> 00:00:56,06
we'll explore shortly.

38
00:00:56,06 --> 00:00:57,06
Using command line tools,

39
00:00:57,06 --> 00:01:03,01
we can explore the file system metadata as well.

40
00:01:03,01 --> 00:01:04,06
Some of the command line tools we'd use

41
00:01:04,06 --> 00:01:05,04
for this on a Mac

42
00:01:05,04 --> 00:01:07,00
are the same as on Linux,

43
00:01:07,00 --> 00:01:08,00
including stat,

44
00:01:08,00 --> 00:01:09,03
to show a general overview

45
00:01:09,03 --> 00:01:15,00
of the file metadata.

46
00:01:15,00 --> 00:01:16,09
Or stat -x to show us

47
00:01:16,09 --> 00:01:20,00
an output more similar to the Linux version.

48
00:01:20,00 --> 00:01:22,07
We can use ls -l to see most

49
00:01:22,07 --> 00:01:23,08
of this information listed out

50
00:01:23,08 --> 00:01:26,09
for files in a directory.

51
00:01:26,09 --> 00:01:29,00
We can use chmod to set permission modes

52
00:01:29,00 --> 00:01:30,08
with octal or symbolic notation,

53
00:01:30,08 --> 00:01:33,02
and we can use chown and chgroup

54
00:01:33,02 --> 00:01:36,00
to change a files owner and group.

55
00:01:36,00 --> 00:01:37,02
Access control lists,

56
00:01:37,02 --> 00:01:39,01
usually called ACLs for short,

57
00:01:39,01 --> 00:01:40,05
are a set of enhanced permissions

58
00:01:40,05 --> 00:01:42,08
we can apply to files and folders.

59
00:01:42,08 --> 00:01:43,08
Access control lists,

60
00:01:43,08 --> 00:01:45,09
usually called ACLs for short,

61
00:01:45,09 --> 00:01:47,04
are a set of enhanced permissions

62
00:01:47,04 --> 00:01:49,07
we can apply to files and folders.

63
00:01:49,07 --> 00:01:51,09
macOS file systems support ACLs by default

64
00:01:51,09 --> 00:01:53,00
and don't have to be remounted

65
00:01:53,00 --> 00:01:54,02
to support them,

66
00:01:54,02 --> 00:01:57,03
unlike some older Linux file systems.

67
00:01:57,03 --> 00:01:58,08
We can see whether a file or folder

68
00:01:58,08 --> 00:02:00,01
has an ACL applied to it

69
00:02:00,01 --> 00:02:05,01
with the ls -l command.

70
00:02:05,01 --> 00:02:06,01
Entries with a plus after

71
00:02:06,01 --> 00:02:08,00
the permission string have an ACL,

72
00:02:08,00 --> 00:02:08,09
and that could be simply

73
00:02:08,09 --> 00:02:10,09
one access control entry or ACE,

74
00:02:10,09 --> 00:02:12,00
or it could be more,

75
00:02:12,00 --> 00:02:13,08
ACLs are lists after all.

76
00:02:13,08 --> 00:02:14,08
One trick here though,

77
00:02:14,08 --> 00:02:16,02
is that the plus sign indicating

78
00:02:16,02 --> 00:02:17,09
an ACL can get covered up in the output

79
00:02:17,09 --> 00:02:19,04
by an @ sign,

80
00:02:19,04 --> 00:02:20,03
which is something

81
00:02:20,03 --> 00:02:21,07
we'll explore in just a moment,

82
00:02:21,07 --> 00:02:23,01
so it's usually more useful

83
00:02:23,01 --> 00:02:24,07
to simply use ls in a way that

84
00:02:24,07 --> 00:02:26,05
shows the ACL of each item,

85
00:02:26,05 --> 00:02:31,01
like ls -le.

86
00:02:31,01 --> 00:02:32,04
Notice that these entries have

87
00:02:32,04 --> 00:02:35,09
a plus sign and an ACL,

88
00:02:35,09 --> 00:02:37,05
but this also has an ACL,

89
00:02:37,05 --> 00:02:39,05
indicated by the description below it,

90
00:02:39,05 --> 00:02:41,05
but it doesn't show a plus in the column.

91
00:02:41,05 --> 00:02:42,09
The plus is getting superseded

92
00:02:42,09 --> 00:02:43,08
by the @ sign,

93
00:02:43,08 --> 00:02:45,01
but we can still see the entries

94
00:02:45,01 --> 00:02:50,08
in each item's ACL.

95
00:02:50,08 --> 00:02:52,01
This entry here, for example,

96
00:02:52,01 --> 00:02:54,05
is targeted toward the group called everyone,

97
00:02:54,05 --> 00:02:56,02
which includes all users,

98
00:02:56,02 --> 00:02:57,04
and it specifically says

99
00:02:57,04 --> 00:02:58,05
that members of that group

100
00:02:58,05 --> 00:03:00,05
may not delete this item.

101
00:03:00,05 --> 00:03:01,07
The superuser still can,

102
00:03:01,07 --> 00:03:02,07
but even the owner of

103
00:03:02,07 --> 00:03:03,09
this item can't delete it

104
00:03:03,09 --> 00:03:06,00
without authenticating his root.

105
00:03:06,00 --> 00:03:07,04
This is common on macOS

106
00:03:07,04 --> 00:03:08,03
to prevent users

107
00:03:08,03 --> 00:03:09,09
from accidentally tearing apart things

108
00:03:09,09 --> 00:03:11,01
the system relies on,

109
00:03:11,01 --> 00:03:12,06
and leaving it in an unbootable

110
00:03:12,06 --> 00:03:13,07
or unexpected state.

111
00:03:13,07 --> 00:03:15,01
Because this course isn't focused

112
00:03:15,01 --> 00:03:16,07
on access control in particular,

113
00:03:16,07 --> 00:03:18,01
I won't go into a lot of detail

114
00:03:18,01 --> 00:03:20,04
about setting and modifying ACLs.

115
00:03:20,04 --> 00:03:22,00
That's a topic for another course,

116
00:03:22,00 --> 00:03:23,05
but here's the basics.

117
00:03:23,05 --> 00:03:24,04
On a Mac,

118
00:03:24,04 --> 00:03:25,07
we'll use chmod

119
00:03:25,07 --> 00:03:30,02
and the +a option to set an ACL.

120
00:03:30,02 --> 00:03:31,02
We'll follow that

121
00:03:31,02 --> 00:03:37,02
with the access control entry,

122
00:03:37,02 --> 00:03:38,01
and the name of the file

123
00:03:38,01 --> 00:03:40,00
whose ACL we want to add to.

124
00:03:40,00 --> 00:03:42,03
I'll write chmod +a,

125
00:03:42,03 --> 00:03:44,00
and then in double quotes,

126
00:03:44,00 --> 00:03:47,03
user2 deny read,write

127
00:03:47,03 --> 00:03:52,09
and then my file name.

128
00:03:52,09 --> 00:03:53,08
I'll take a look at the entries

129
00:03:53,08 --> 00:03:55,05
with ls -le,

130
00:03:55,05 --> 00:03:58,01
and here we can see the entry.

131
00:03:58,01 --> 00:03:59,01
We can move this entry,

132
00:03:59,01 --> 00:04:02,03
which is number 0 with chmod -a

133
00:04:02,03 --> 00:04:03,07
and the pound sign,

134
00:04:03,07 --> 00:04:05,09
then the number for that entry, 0,

135
00:04:05,09 --> 00:04:11,09
and the file name to modify.

136
00:04:11,09 --> 00:04:13,05
We could also use the index notation

137
00:04:13,05 --> 00:04:15,00
to insert entries at other points

138
00:04:15,00 --> 00:04:17,02
in a longer list as well.

139
00:04:17,02 --> 00:04:18,04
We can remove all ACLs

140
00:04:18,04 --> 00:04:22,03
from a file with chmod -N.

141
00:04:22,03 --> 00:04:23,09
Generally, ACLs will transfer

142
00:04:23,09 --> 00:04:26,00
with their files to other Macs,

143
00:04:26,00 --> 00:04:26,09
but won't carry across

144
00:04:26,09 --> 00:04:28,01
to other operating systems

145
00:04:28,01 --> 00:04:29,07
and may be stripped when files are copied

146
00:04:29,07 --> 00:04:31,08
to non Mac file systems,

147
00:04:31,08 --> 00:04:32,09
so they shouldn't be relied on

148
00:04:32,09 --> 00:04:34,01
to secure files outside

149
00:04:34,01 --> 00:04:36,02
of a managed macOS environment.

150
00:04:36,02 --> 00:04:38,02
If you need to work with ACLs on Macs,

151
00:04:38,02 --> 00:04:39,03
be sure to spend some time

152
00:04:39,03 --> 00:04:41,05
with the manual page for chmod,

153
00:04:41,05 --> 00:04:45,06
in the section ACL Manipulation Options.

154
00:04:45,06 --> 00:04:46,08
Like on Linux systems,

155
00:04:46,08 --> 00:04:48,05
Macs have a variety of extended attributes

156
00:04:48,05 --> 00:04:50,09
we can set on files.

157
00:04:50,09 --> 00:04:53,00
The operating system uses these extensively

158
00:04:53,00 --> 00:04:54,05
for things like file quarantine

159
00:04:54,05 --> 00:04:56,04
and system integrity protection.

160
00:04:56,04 --> 00:04:58,02
There are also system defined attributes

161
00:04:58,02 --> 00:05:00,03
like a field called ItemWhereFroms,

162
00:05:00,03 --> 00:05:01,09
which lists the source of a file

163
00:05:01,09 --> 00:05:02,09
and so on.

164
00:05:02,09 --> 00:05:04,03
There's no specific list of these,

165
00:05:04,03 --> 00:05:05,03
because while a system uses

166
00:05:05,03 --> 00:05:07,00
and offers many attributes,

167
00:05:07,00 --> 00:05:08,05
we can also define our own,

168
00:05:08,05 --> 00:05:10,02
which is useful if for a software developer

169
00:05:10,02 --> 00:05:11,03
or something like that,

170
00:05:11,03 --> 00:05:12,03
so it's worth taking time

171
00:05:12,03 --> 00:05:13,03
to explore on your own

172
00:05:13,03 --> 00:05:14,07
and see what attributes exist

173
00:05:14,07 --> 00:05:16,08
on files you come across.

174
00:05:16,08 --> 00:05:17,06
If we run a long listing

175
00:05:17,06 --> 00:05:19,00
of files in a directory

176
00:05:19,00 --> 00:05:20,06
with ls -l,

177
00:05:20,06 --> 00:05:22,02
we can see that some items have an @ sign

178
00:05:22,02 --> 00:05:24,01
to the right of the permission string,

179
00:05:24,01 --> 00:05:25,02
this indicates that a file

180
00:05:25,02 --> 00:05:27,00
has extended attributes.

181
00:05:27,00 --> 00:05:28,03
To further investigate these,

182
00:05:28,03 --> 00:05:30,01
we can use the xattr command,

183
00:05:30,01 --> 00:05:32,00
short for extended attributes,

184
00:05:32,00 --> 00:05:33,00
followed by a file name

185
00:05:33,00 --> 00:05:37,09
or list of files.

186
00:05:37,09 --> 00:05:39,04
Extended attributes are entries

187
00:05:39,04 --> 00:05:41,00
in a key value database,

188
00:05:41,00 --> 00:05:43,03
so the names we see here function as keys

189
00:05:43,03 --> 00:05:44,02
and the each have

190
00:05:44,02 --> 00:05:45,07
an associated value.

191
00:05:45,07 --> 00:05:47,07
Here we see the keys of a given name,

192
00:05:47,07 --> 00:05:48,05
which tells us that

193
00:05:48,05 --> 00:05:50,00
the particular extended attribute

194
00:05:50,00 --> 00:05:51,04
has been applied to the file.

195
00:05:51,04 --> 00:05:52,09
To view the value of each key,

196
00:05:52,09 --> 00:05:55,04
we can use xattr -l

197
00:05:55,04 --> 00:06:00,09
and the file name,

198
00:06:00,09 --> 00:06:02,04
and here I can see that this items

199
00:06:02,04 --> 00:06:04,05
kMDItemWhereFroms lists

200
00:06:04,05 --> 00:06:08,09
the website download-installer.cdn.mozilla.net

201
00:06:08,09 --> 00:06:11,01
as the source of the file.

202
00:06:11,01 --> 00:06:12,03
This is a Firefox installer

203
00:06:12,03 --> 00:06:13,08
that I downloaded earlier.

204
00:06:13,08 --> 00:06:15,07
This value here was set by the browser

205
00:06:15,07 --> 00:06:16,06
and other software

206
00:06:16,06 --> 00:06:18,01
will often set extended attributes

207
00:06:18,01 --> 00:06:19,09
that specifically to it.

208
00:06:19,09 --> 00:06:21,05
The value here is a binary plist,

209
00:06:21,05 --> 00:06:24,03
but we can still read it pretty well.

210
00:06:24,03 --> 00:06:25,08
Downloaded files will also often have

211
00:06:25,08 --> 00:06:27,03
a quarantine tag added to them,

212
00:06:27,03 --> 00:06:28,01
indicating that they

213
00:06:28,01 --> 00:06:28,09
might need to be scanned

214
00:06:28,09 --> 00:06:32,03
by the system's malware scanner.

215
00:06:32,03 --> 00:06:34,01
One interesting item in the quarantine tag

216
00:06:34,01 --> 00:06:39,05
is the browser used to download the file.

217
00:06:39,05 --> 00:06:40,07
I'll switch over to my finder

218
00:06:40,07 --> 00:06:42,05
and select a file.

219
00:06:42,05 --> 00:06:43,06
I'll right click on It

220
00:06:43,06 --> 00:06:45,02
and I'll highlight it blue.

221
00:06:45,02 --> 00:06:46,08
Then I'll open up its information

222
00:06:46,08 --> 00:06:56,05
and add a comment.

223
00:06:56,05 --> 00:06:57,05
Back here in the terminal,

224
00:06:57,05 --> 00:07:05,05
I can see this file now has extended attributes,

225
00:07:05,05 --> 00:07:07,06
and if I take a look at them,

226
00:07:07,06 --> 00:07:09,06
I can see that information here.

227
00:07:09,06 --> 00:07:10,05
For example,

228
00:07:10,05 --> 00:07:12,02
the item user tags refers to blue,

229
00:07:12,02 --> 00:07:15,03
the color we set for the highlight,

230
00:07:15,03 --> 00:07:18,02
and the item called ItemFinderComment contains

231
00:07:18,02 --> 00:07:20,01
the comment that I set for the file.

232
00:07:20,01 --> 00:07:20,09
As we'll see later,

233
00:07:20,09 --> 00:07:21,09
these fields can be used

234
00:07:21,09 --> 00:07:23,09
for spotlight search.

235
00:07:23,09 --> 00:07:25,01
While this additional information

236
00:07:25,01 --> 00:07:26,08
attached to the file can be useful,

237
00:07:26,08 --> 00:07:28,09
it can also be a security risk.

238
00:07:28,09 --> 00:07:29,07
For example,

239
00:07:29,07 --> 00:07:30,06
if you downloaded a file

240
00:07:30,06 --> 00:07:32,05
from a personal shared cloud link,

241
00:07:32,05 --> 00:07:34,04
a username or even an access token

242
00:07:34,04 --> 00:07:36,09
might be present in its URL.

243
00:07:36,09 --> 00:07:38,07
Other fields could also reveal information

244
00:07:38,07 --> 00:07:40,00
of various types,

245
00:07:40,00 --> 00:07:41,04
and those values will persist

246
00:07:41,04 --> 00:07:42,03
if the file is copied

247
00:07:42,03 --> 00:07:45,01
to another HFS+ or APFS volume.

248
00:07:45,01 --> 00:07:46,01
Those values can persist

249
00:07:46,01 --> 00:07:47,05
on other file systems too,

250
00:07:47,05 --> 00:07:49,08
as we'll explore shortly.

251
00:07:49,08 --> 00:07:51,01
Luckily, because these values

252
00:07:51,01 --> 00:07:52,09
are metadata stored in the file system,

253
00:07:52,09 --> 00:07:56,05
we can modify them.

254
00:07:56,05 --> 00:07:59,05
And the command xattr -w followed by a key

255
00:07:59,05 --> 00:08:01,02
and a value, and the file name,

256
00:08:01,02 --> 00:08:02,05
will write a specified key

257
00:08:02,05 --> 00:08:08,04
and value for an attribute.

258
00:08:08,04 --> 00:08:09,09
While we can set text values like this

259
00:08:09,09 --> 00:08:11,00
from the command line,

260
00:08:11,00 --> 00:08:12,05
other values like the color highlight

261
00:08:12,05 --> 00:08:14,03
and things that need to be binary plists

262
00:08:14,03 --> 00:08:15,03
take a little bit more work

263
00:08:15,03 --> 00:08:16,07
to add in the terminal.

264
00:08:16,07 --> 00:08:17,06
If you're working

265
00:08:17,06 --> 00:08:18,09
with this kind of information on a Mac,

266
00:08:18,09 --> 00:08:20,03
be sure to check out the manual page

267
00:08:20,03 --> 00:08:22,05
for xattr with man xattr,

268
00:08:22,05 --> 00:08:26,06
for more details about this really useful command.

269
00:08:26,06 --> 00:08:28,01
And recognize that we can set some

270
00:08:28,01 --> 00:08:29,03
of these extended attributes

271
00:08:29,03 --> 00:08:32,06
from the GUI as well as we've seen.

272
00:08:32,06 --> 00:08:33,07
While extended attributes

273
00:08:33,07 --> 00:08:35,00
let us set key value pairs

274
00:08:35,00 --> 00:08:36,02
for arbitrary data,

275
00:08:36,02 --> 00:08:37,03
flags are single characteristics

276
00:08:37,03 --> 00:08:39,09
that we can apply to files.

277
00:08:39,09 --> 00:08:40,07
For example,

278
00:08:40,07 --> 00:08:42,08
one commonly used flag is called hidden,

279
00:08:42,08 --> 00:08:44,01
and it makes finder not show

280
00:08:44,01 --> 00:08:45,04
a specific file or directory,

281
00:08:45,04 --> 00:08:46,09
unless the view mode is switched

282
00:08:46,09 --> 00:08:48,07
to show all files.

283
00:08:48,07 --> 00:08:50,00
Customarily on Linux and Mac systems,

284
00:08:50,00 --> 00:08:51,00
adding a dot or period

285
00:08:51,00 --> 00:08:53,02
to the front of a file name

286
00:08:53,02 --> 00:08:54,02
will mark it as hidden

287
00:08:54,02 --> 00:08:55,07
when files are listed in the finder

288
00:08:55,07 --> 00:08:57,03
or in the terminal,

289
00:08:57,03 --> 00:08:58,05
but it's not always practical

290
00:08:58,05 --> 00:08:59,07
to change the name of a file

291
00:08:59,07 --> 00:09:02,00
simply to hide it from casual observers.

292
00:09:02,00 --> 00:09:03,05
In fact, on macOS,

293
00:09:03,05 --> 00:09:04,08
the user's library folder

294
00:09:04,08 --> 00:09:05,08
in their home folder,

295
00:09:05,08 --> 00:09:08,00
has this special hidden flag applied to it,

296
00:09:08,00 --> 00:09:09,00
to gently conceal it

297
00:09:09,00 --> 00:09:10,00
from users who might not know

298
00:09:10,00 --> 00:09:11,05
what it's for.

299
00:09:11,05 --> 00:09:12,05
In the terminal,

300
00:09:12,05 --> 00:09:13,06
we can see which files

301
00:09:13,06 --> 00:09:14,08
in a folder have flags

302
00:09:14,08 --> 00:09:18,04
using ls -lO.

303
00:09:18,04 --> 00:09:19,03
For example,

304
00:09:19,03 --> 00:09:20,05
here in my user folder,

305
00:09:20,05 --> 00:09:21,08
I can see in this column

306
00:09:21,08 --> 00:09:23,05
that the -O option

307
00:09:23,05 --> 00:09:25,04
brings in that my user's library folder,

308
00:09:25,04 --> 00:09:27,09
in fact has that hidden flag applied.

309
00:09:27,09 --> 00:09:29,05
Let's leave this directory alone though,

310
00:09:29,05 --> 00:09:32,05
and work on some other files instead.

311
00:09:32,05 --> 00:09:33,09
I'll resize my terminal here a bit

312
00:09:33,09 --> 00:09:35,03
and bring my finder window over

313
00:09:35,03 --> 00:09:36,06
to the side.

314
00:09:36,06 --> 00:09:38,00
We can apply a flag to a file

315
00:09:38,00 --> 00:09:40,00
with chflags,

316
00:09:40,00 --> 00:09:41,04
and the flag we want to use

317
00:09:41,04 --> 00:09:43,04
in this case hidden

318
00:09:43,04 --> 00:09:47,03
and the file name to apply that flag to.

319
00:09:47,03 --> 00:09:48,02
I'll write this out over here

320
00:09:48,02 --> 00:09:49,00
in the terminal,

321
00:09:49,00 --> 00:09:50,06
but keep an eye on finder over here

322
00:09:50,06 --> 00:09:52,03
when I run that.

323
00:09:52,03 --> 00:09:53,01
Ta-da,

324
00:09:53,01 --> 00:09:54,08
the file is hidden,

325
00:09:54,08 --> 00:09:57,07
but we can still see it with the terminal,

326
00:09:57,07 --> 00:09:58,08
and we can reveal it

327
00:09:58,08 --> 00:10:01,06
with Command + Shift + . in the finder.

328
00:10:01,06 --> 00:10:03,03
There it is, sneaky.

329
00:10:03,03 --> 00:10:04,05
We can see that that file has

330
00:10:04,05 --> 00:10:05,07
that flag applied again

331
00:10:05,07 --> 00:10:08,08
with ls -lO.

332
00:10:08,08 --> 00:10:12,08
Here's the hidden flag,

333
00:10:12,08 --> 00:10:14,04
and we can remove a specific flag

334
00:10:14,04 --> 00:10:15,07
with chflags

335
00:10:15,07 --> 00:10:17,01
and the flag with the word no

336
00:10:17,01 --> 00:10:18,07
in front of it like this.

337
00:10:18,07 --> 00:10:27,05
I'll write, chflags nohidden myfile1.

338
00:10:27,05 --> 00:10:29,02
And there it's back to normal.

339
00:10:29,02 --> 00:10:30,01
While the hidden flag

340
00:10:30,01 --> 00:10:31,08
is probably the easiest to demonstrate

341
00:10:31,08 --> 00:10:33,06
because it makes the file disappear,

342
00:10:33,06 --> 00:10:34,05
some flags are used

343
00:10:34,05 --> 00:10:35,07
by system administrators

344
00:10:35,07 --> 00:10:36,07
to control how users

345
00:10:36,07 --> 00:10:38,01
can interact with files.

346
00:10:38,01 --> 00:10:39,04
From a security perspective,

347
00:10:39,04 --> 00:10:41,00
these are a bit less information dense

348
00:10:41,00 --> 00:10:42,02
than other attributes,

349
00:10:42,02 --> 00:10:43,02
but they can still be important

350
00:10:43,02 --> 00:10:44,08
to know about.

351
00:10:44,08 --> 00:10:45,09
Again, be sure to look at

352
00:10:45,09 --> 00:10:48,00
the man chflags manual page

353
00:10:48,00 --> 00:10:50,01
to explore the available flags.

354
00:10:50,01 --> 00:10:51,01
Regular attributes,

355
00:10:51,01 --> 00:10:52,02
extended attributes,

356
00:10:52,02 --> 00:10:54,02
ACLs and flags are all aspects

357
00:10:54,02 --> 00:10:56,06
of the file system metadata on a Mac,

358
00:10:56,06 --> 00:10:57,07
and one of the reasons

359
00:10:57,07 --> 00:10:58,06
a lot of Mac software is

360
00:10:58,06 --> 00:11:00,03
distributed disk image files,

361
00:11:00,03 --> 00:11:02,05
is to preserve these metadata values,

362
00:11:02,05 --> 00:11:04,03
which are or were often stripped

363
00:11:04,03 --> 00:11:06,00
by tools like ZIP and tar.