How To Check Directory Permissions In Linux – Review Folder Access Rights Settings

File security begins with knowing how to check directory permissions in Linux. If you manage a server or work with shared files, understanding permissions helps you control who can read, write, or execute files inside a directory. This guide walks you through every method to check directory permissions, from basic commands to advanced tools.

Linux permissions are the backbone of system security. They prevent unauthorized users from accessing sensitive data or modifying critical files. Directories have their own set of permissions that differ slightly from regular files. You need to check them regularly to maintain a secure environment.

Let’s start with the most common way to view permissions. The ls -l command shows detailed information about files and directories. When you run it in a terminal, you see a string of characters like drwxr-xr-x. The first character d indicates it’s a directory. The next nine characters represent permissions for the owner, group, and others.

How To Check Directory Permissions In Linux Using Ls Command

The ls -l command is your first tool for checking directory permissions. It displays permissions in symbolic format. Here’s how to use it effectively:

Open your terminal
Navigate to the parent directory
Type ls -l and press Enter
Look for directories (lines starting with d)
Read the permission string

For example, drwxr-xr-x means the owner has read, write, and execute permissions. The group and others have only read and execute permissions. The execute permission on a directory is special—it allows users to enter the directory and access its contents.

You can also check a specific directory without listing the entire folder. Use ls -ld directory_name. The -d flag tells ls to show directory info instead of its contents. This is faster when you only need one directory’s permissions.

Understanding The Permission String

Each character in the permission string has a meaning. The string drwxrwxrwx breaks down like this:

Position 1: File type (d for directory, - for file)
Positions 2-4: Owner permissions (read, write, execute)
Positions 5-7: Group permissions
Positions 8-10: Others permissions

A hyphen means that permission is not granted. For instance, drwxr--r-- gives the owner full access but only read access to group and others. No one except the owner can enter the directory or list its files.

Checking Permissions With Stat Command

The stat command provides more detailed information than ls. It shows permissions in both symbolic and numeric (octal) format. Run stat directory_name to see the full output.

You’ll see lines like Access: (0755/drwxr-xr-x). The number 0755 is the octal representation. Each digit represents permissions for owner, group, and others. The first digit (0) is for special permissions like setuid.

Using stat is helpful when you need to script permission checks. The output is consistent and machine-readable. You can parse it with tools like awk or grep.

Reading Octal Permissions

Octal permissions are three digits. Each digit is a sum of:

4 for read
2 for write
1 for execute

So 755 means owner has 4+2+1=7 (full access), group has 4+1=5 (read+execute), others have 5 (read+execute). This is the standard permission for web directories. A directory with 700 restricts access to only the owner.

Using Find Command To Check Multiple Directories

When you need to check permissions on many directories at once, the find command is your friend. It searches for directories with specific permissions and displays them.

To find all directories with 777 permissions (world-writable), run:

find /path -type d -perm 777

This is useful for security audits. World-writable directories are risky because any user can modify their contents. You can also check for directories with permissions that are too restrictive or too open.

Combine find with -ls to see full details:

find /path -type d -perm 755 -ls

This lists all directories with 755 permissions along with their metadata.

Checking Permissions Recursively

Sometimes you need to check permissions for a directory tree. The ls -lR command lists all files and directories recursively. But this can produce a lot of output. Use it with grep to filter for directories only:

ls -lR /path | grep '^d'

This shows only directory entries from the recursive listing. You can also use find with -type d and -exec to run commands on each directory found.

Using Getfacl For Advanced Permission Checking

Linux supports Access Control Lists (ACLs) for more granular permissions. The getfacl command shows ACL entries for a directory. Run getfacl directory_name to see all permissions, including those for specific users and groups.

ACLs extend the traditional Unix permissions. They let you grant access to individual users without changing the group ownership. The output shows entries like user:john:rwx meaning user John has full access.

Checking ACLs is important when you have complex permission setups. Standard ls -l only shows the basic owner/group/others permissions. ACLs can override or supplement these.

Understanding ACL Mask

The ACL mask limits the maximum permissions for named users and groups. If the mask is r-x, even if a user has rwx in their ACL entry, they only get r-x. The mask does not affect the file owner or the “others” class.

To check the effective permissions, look at the mask line in getfacl output. It appears as mask::r-x. This is a common source of confusion when permissions don’t work as expected.

Checking Directory Permissions With Namei

The namei command shows the permissions for every component of a path. This is useful when you can’t access a directory and need to find where permissions block you.

Run namei -l /path/to/directory. It lists each part of the path with its permissions. You can see if a parent directory lacks execute permission, which prevents access to child directories.

For example, if /home/user/secret is inaccessible, namei might show that /home has permissions drwx------, meaning only root can enter. This helps diagnose permission issues quickly.

Using Graphical Tools To Check Permissions

If you prefer a graphical interface, file managers like Nautilus (GNOME) or Dolphin (KDE) show permissions in the properties window. Right-click a directory, select Properties, then go to the Permissions tab.

You’ll see dropdown menus for owner, group, and others. The interface also shows the numeric permission value. This is easier for beginners but less powerful than command-line tools.

Graphical tools are fine for quick checks on a desktop system. For servers or automated tasks, stick with the terminal.

Common Permission Issues And How To Check Them

Here are typical problems you’ll encounter and how to check for them:

Permission denied errors: Check the directory’s execute permission for your user
Can’t list files: The directory needs read permission
Can’t create files: The directory needs write permission
World-writable directories: Look for permissions ending with 777 or 707

Use ls -ld to check the directory itself. Remember that parent directories also need execute permission for you to reach the target.

Checking Permissions For The Current User

To check what permissions you have on a directory, use the id command first to see your user and groups. Then compare with the directory’s owner and group.

You can also use test commands in scripts:

test -r directory && echo "readable"
test -w directory && echo "writable"
test -x directory && echo "executable"

This is useful for conditional checks in shell scripts.

Automating Permission Checks With Scripts

You can write a simple script to check permissions on multiple directories. Here’s a basic example:

#!/bin/bash
for dir in /var/www /home /tmp; do
    echo "Checking $dir"
    ls -ld "$dir"
done

For more advanced checks, use find with -perm and -printf to format output. You can also send alerts when directories have insecure permissions.

Checking Permissions For Web Servers

Web directories often need specific permissions. For Apache or Nginx, the web server user needs read and execute access. Check with:

ls -ld /var/www/html
getfacl /var/www/html

Ensure the directory is not world-writable unless necessary. Use find /var/www -type d -perm 777 to find risky directories.

Understanding Sticky Bit And Special Permissions

The sticky bit is a special permission on directories. It appears as t in the execute position for others. For example, drwxrwxrwt means the sticky bit is set.

Directories with the sticky bit (like /tmp) allow users to delete only their own files, even if the directory is world-writable. Check for it with ls -ld /tmp.

Other special permissions include setuid (appears as s in owner’s execute position) and setgid (appears as s in group’s execute position). These are rare on directories but worth knowing.

Comparing Permissions Between Directories

To compare permissions of two directories, use stat with --format:

stat --format='%a %n' dir1 dir2

This shows octal permissions and names. You can also use diff on the output of ls -ld for multiple directories.

Checking Permissions On Mounted Filesystems

Mounted filesystems may have their own permission settings. Use mount or df -T to see the filesystem type. Some filesystems like FAT32 don’t support Linux permissions and show everything as 777.

Check the mount options with mount | grep /mountpoint. Options like uid= and gid= affect how permissions are mapped.

Using Lsblk And Blkid For Permission Context

While not directly about directory permissions, lsblk and blkid help identify block devices. If a directory is on a read-only filesystem, permissions won’t help you write to it.

Check the filesystem mount status with mount | grep directory_path. This gives you the full picture of why permissions might not work as expected.

Frequently Asked Questions

How do I check directory permissions for all users?

Use ls -ld directory_name to see permissions for owner, group, and others. For specific users, use getfacl directory_name.

What does drwxr-xr-x mean?

It means the directory owner has read, write, and execute permissions. The group and others have only read and execute. The d indicates it’s a directory.

Can I check permissions without using the terminal?

Yes, use a graphical file manager. Right-click the directory, select Properties, and go to the Permissions tab. This shows basic permissions.

How do I check if a directory has world-writable permissions?

Run find /path -type d -perm 777 to find all world-writable directories. You can also use ls -ld and look for rwxrwxrwx.

Why does ls -l show different permissions than getfacl?

ls -l shows the basic permission mask. getfacl shows ACL entries that may grant additional permissions to specific users or groups. The mask in ACL limits effective permissions.

Final Tips For Checking Directory Permissions

Always verify permissions after changing them. Use ls -ld to confirm. For security audits, automate checks with cron jobs using find and stat.

Remember that directory permissions affect file access. Without execute permission on a directory, you cannot access any files inside it, even if those files have permissive settings.

Practice with a test directory to understand how permissions work. Create directories with different permissions and try to access them as different users. This hands-on experience is the best way to learn.

Checking directory permissions is a fundamental skill for Linux administration. With the commands and techniques in this guide, you can maintain secure and functional systems. Start with ls -ld and expand your toolkit as needed.