Checking Linux file permissions with ls
The previous article in this series provided an overview of Linux file permissions. When you understand these permissions, the next step is learning how to check the permissions that are set for a file or directory. You check these permissions by using
ls command. This article focuses on the basics of how to use the
ls command and what it can tell you about a file's type and permissions.
You use the
ls command (the first letter is a lowercase L) to see what files are in a directory. When run by itself,
ls returns a list of the current working directory (essentially, the directory you are “in”). You can also specify a directory to list. For example, a list of the first few files in the /etc directory on a Gentoo system might look as follows:
$ ls /etc DIR_COLORS gentoo-release man.conf runleve
lsadjtime gpm mime.types sandbox.conf apache2 group mke2fs.conf sandbox.d bash group- modprobe.d scsi_id.config ca-certificates host.conf modules.autoload.d securetty ca-certificates.conf hosts modprobe.d scsi_id.config ...
-h option changes the way file sizes are displayed. Instead of displaying file sizes in raw bytes,
-h displays them in the human-readable format of kilobytes, megabytes, and so on. You can accomplish the same result by using the
df -h command.
To get more information about the files in a directory, use the
-l option with ls. The following example shows a result of using the
$ ls -l /etc total 492 -rw-r--r-- 1 root root 4468 Nov 19 2009 DIR_COLORS -rw-r--r-- 1 root root 10 Jun 30 03:29 adjtime drwxr-xr-x 4 root root 4096 Jun 30 03:44 apache2 drwxr-xr-x 2 root root 4096 Nov 19 2009 bash drwxr-xr-x 3 root root 4096 Nov 19 2009 ca-certificates -rw-r--r-- 1 root root 5955 Nov 19 2009 ca-certificates.conf drwxr-xr-x 2 root root 4096 Jul 5 20:37 conf.d drwxr-xr-x 2 root root 4096 Dec 3 2009 cron.d drwxr-x--- 2 root root 4096 Dec 3 2009 cron.daily -rw-r--r-- 1 root root 220 Dec 3 2009 cron.deny drwxr-x--- 2 root root 4096 Dec 3 2009 cron.hourly drwxr-x--- 2 root root 4096 Dec 3 2009 cron.monthly drwxr-x--- 2 root root 4096 Dec 3 2009 cron.weekly -rw-r--r-- 1 root root 611 Dec 3 2009 crontab ...
The files names are on the far right side of each line, and the file details precede the names. The details you need to know in order to check permission are the series of letters and dashes on the far left of each line and the columns that have root in them. The rest of this article explains how to interpret and use these details.
However, before going into those details, you should know about one other option that can be used with
ls to return a comprehensive list of files,
When you use the
ls command, if you want to see any files whose names start with a period, you must use the
-a option. For example, if you use only
ls to look at a directory listing for root's home directory on a clean Linux installation, no files are returned:
$ ls /root
However, if you add the
-a option, the ls command returns a list of files:
$ ls -a /root . .. .bash_history .bashrc .profile .viminfo
Files that start with a period are usually system files and application settings files, and you usually don't want them included in directory lists. But it's important to know that they're there and how to see them. The .bashrc file is especially useful to know about because it contains user environment settings that you can change.
If you combine the
-a options into
-la, you get all the details of those hidden files:
$ ls -la /root total 24 drwxr-xr-x 2 root root 4096 2009-12-16 01:10 . drwxr-xr-x 23 root root 4096 2010-02-18 10:14 .. -rw------- 1 root root 123 2010-01-21 15:49 .bash_history -rw-r--r-- 1 root root 2227 2007-10-20 11:51 .bashrc -rw-r--r-- 1 root root 141 2007-10-20 11:51 .profile -rw------- 1 root root 868 2009-12-16 00:47 .viminfo
Consider the single period and double period in both directory lists:
- The single period (.) refers to the directory itself. If you type
cd .the directory changes back into the directory you started with (in the example,
/root). Knowing this is convenient when you're running a command and you want it to refer to your current directory (for example, when you want to copy a file there).
- The double period (..) refers to the parent directory. If you type
cd ..the directory changes to the one above the one you're in, in the file system hierarchy. In the preceding example, typing
cd ..would take you above
/, the very top of the hierarchy.
This section examines the series of letters and dashes that define the file permissions.
The first character: file type
In the preceding examples, the first character in each list was either a dash (-) or the letter
- A dash (-) indicates that the file is a regular file. That’s the sort of file that you’ll usually work with when you’re saving some text or running a command.
- The letter d indicates that the file is a directory. As explained in the previous article, directories are basically a special kind of file. Knowing that makes it easier to think of that first slot in the full directory listing as the file type.
Another file type: symlink
A special file type that you will see frequently is a symlink, sometimes called a soft link. It begins with a lowercase
L, as shown in the following example:
lrwxrwxrwx 1 root root 4 Jun 30 03:29 sh -> bash
A symlink is a pointer to another location in the file system. In the example,
sh -> bash indicates that the link is named
sh and it points to a file named bash. This means that if you call
/bin/sh (in a script, for example), you will actually run
A symlink doesn’t have to point to something in the same directory, as shown in the following example:
lrwxrwxrwx 1 root root 20 Jun 30 03:29 pgawk -> /usr/bin/pgawk-3.1.6 lrwxrwxrwx 1 root root 16 Jun 30 03:29 pidof -> ../sbin/killall5
In this example, the first symlink uses an absolute path to reference its target, and the second one uses a relative path.
The next three characters: user permissions
The next three letters in a file list cover the “user” category of permissions. Consider the following example:
drwxrwxr-x 2 root mail 4096 Dec 3 2009 mail
After the letter
d, which tells us that the file is a directory, are the letters
rwx. These letters are abbreviations of the types of permissions that can be set:
rrefers to the “read” permission.
wrefers to the “write” permission.
xrefers to the “execute” permission.
The second trio of characters: group permissions
The next trio of characters (also
rwx) shows the permissions for the “group” category, and the letters mean the same thing as they did for the user. For this directory, the group has as many permissions as the owner (
The third trio of characters: other permissions
The last trio of characters (
r-x) shows the permissions for the final category, “other.” In this example, “other” does not have write permission for the directory, which is indicated by the dash (-).
Notice the specific order to the permissions in a triplet: read, write, execute. A dash in place of a letter for a permission means that category doesn’t have that permission.
- The first character in the directory list refers to the file type.
- The next three characters refer to user permissions.
- The next three characters refer to group permissions.
- The final three characters in that block refer to other permissions.
The first number
After the permissions, there's a number. It has nothing to do with file permissions, so you can ignore it.
Owner and group
After the number, two names are listed. In the preceding example, the names are root and mail.
The first name is the name of the owner of the file. The “user” permissions apply to that user when it attempts to access the directory. In this case, the user root.
The second name is the file’s group. The “group” permissions apply to any user (that is not the file owner) in the same group as the file. In this case, those permissions apply to anyone in the mail group.
Being able to check the permissions on a file is useful. It is where troubleshooting can start — ensuring that a user can read a particular file, for example, or examining a directory structure to ensure that users can follow the hierarchy to the files that they need.
The next article describes how to change the permissions on files and directories by using the
Carry on the conversation in the Rackspace Community.
© 2015 Rackspace US, Inc.
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License
See license specifics and DISCLAIMER