How To Check Folder Permissions In Linux : Review Directory Permission Bits

by

When users report access errors, knowing how to check folder permissions in Linux helps resolve permission issues quickly. Whether you’re managing a server or just organizing files on your desktop, understanding folder permissions is a core skill. This guide walks you through every method, from basic commands to advanced checks.

How To Check Folder Permissions In Linux

Folder permissions control who can read, write, or execute a directory. In Linux, every folder has three sets of permissions: one for the owner, one for the group, and one for others. You can view these permissions using a few simple commands. Let’s start with the most common one.

Using The Ls Command With The -L Flag

The ls -l command is your first tool. Open a terminal and type:

ls -l /path/to/folder

This shows a long listing format. The output includes a string like drwxr-xr-x. The first character d means it’s a directory. The next nine characters represent permissions for owner, group, and others.

  • Owner: First three characters after d (e.g., rwx)
  • Group: Next three characters (e.g., r-x)
  • Others: Last three characters (e.g., r-x)

Each letter stands for a permission: r for read, w for write, x for execute. A dash means no permission. For example, drwxr-xr-x means the owner can read, write, and execute; the group and others can only read and execute.

Checking Permissions Recursively

Sometimes you need to check permissions for all subfolders and files inside a directory. Use the -R flag with ls:

ls -lR /path/to/folder

This lists everything recursively. The output can be long, so you might want to pipe it to less or grep:

ls -lR /path/to/folder | less

You can also filter for specific patterns. For instance, to find all directories with full permissions:

ls -lR /path/to/folder | grep "^d"

Using The Stat Command For Detailed Info

The stat command gives you more details than ls. It shows the file type, permissions in numeric and symbolic form, owner, group, and timestamps. Run:

stat /path/to/folder

Look for the line starting with Access:. It shows the permissions in octal format (like 0755) and symbolic format (like drwxr-xr-x). The octal format is useful when you need to set permissions later with chmod.

Understanding Octal Permissions

Each permission set (owner, group, others) has a numeric value:

  • Read (r) = 4
  • Write (w) = 2
  • Execute (x) = 1

Add these values together for each set. For example, rwx = 4+2+1 = 7. r-x = 4+0+1 = 5. So 755 means owner has full access, group and others have read and execute.

Checking Permissions For A Specific User Or Group

You might want to know what permissions a particular user has on a folder. The namei command can help. It walks through the path and shows permissions for each component:

namei -l /path/to/folder

This shows the permissions for every directory in the path. If a user can’t access a folder, it’s often because a parent directory lacks execute permission.

Using The Getfacl Command For ACLs

Linux also supports Access Control Lists (ACLs), which give more granular permissions. Use getfacl to see them:

getfacl /path/to/folder

The output lists the owner, group, and any additional users or groups with specific permissions. For example:

# file: folder
# owner: alice
# group: developers
user::rwx
group::r-x
other::r-x
user:bob:rwx

This shows that user bob has read, write, and execute permissions, even though the group only has read and execute.

Checking Permissions With Find Command

The find command is powerful for searching folders with specific permissions. For example, to find all directories with world-writable permissions (a security risk):

find /path -type d -perm -o+w

You can also find directories with exact permissions:

find /path -type d -perm 777

This lists every folder with full permissions for everyone. Use it to audit your system.

Finding Folders With Setuid Or Setgid Bits

Special permission bits like setuid (4000) and setgid (2000) can affect security. Check for them with:

find /path -type d -perm -4000

Or combine both:

find /path -type d -perm -6000

Using The Tree Command For Visual Overview

The tree command shows folder structures with permissions. Install it if needed:

sudo apt install tree   # Debian/Ubuntu
sudo yum install tree   # RHEL/CentOS

Then run:

tree -p /path/to/folder

The -p flag shows permissions for each item. You can also use -u to show owner and -g for group:

tree -pug /path/to/folder

This gives a clear, hierarchical view of permissions across the entire directory tree.

Interpreting Common Permission Patterns

Here are typical permission sets you’ll see:

  • 755 (drwxr-xr-x): Standard for folders. Owner can write, others can read and execute.
  • 700 (drwx——): Private folder. Only owner has access.
  • 777 (drwxrwxrwx): World-writable. Avoid this unless necessary.
  • 555 (dr-xr-xr-x): Read-only for everyone, including owner.

Remember that execute permission on a folder means you can enter it and list its contents. Without execute, you can’t access the folder even if you have read permission.

Common Mistakes When Checking Permissions

One frequent error is forgetting that parent directory permissions matter. Even if a folder has 777 permissions, if a parent directory lacks execute permission, you can’t reach it. Always check the entire path.

Another mistake is confusing numeric and symbolic formats. When using stat, the octal value might show as 0755 (the leading zero is standard). Don’t ignore it.

Checking Permissions For Mounted Filesystems

If you’re checking permissions on an external drive or network share, the mount options can override folder permissions. Use mount to see current mounts:

mount | grep /mnt/point

Look for options like rw, noexec, or nosuid. For example, a FAT32 drive might show uid=1000,gid=1000,fmask=113,dmask=002. This means all files appear with permissions based on the mask, not the actual Linux permissions.

Using The Lsblk And Blkid Commands

These commands help identify block devices and their filesystem types. Different filesystems handle permissions differently:

lsblk -f
blkid /dev/sda1

NTFS and exFAT don’t support Linux permissions natively. They often show all files with 777 or 755 depending on mount options.

Automating Permission Checks With Scripts

You can write a simple script to check permissions on multiple folders. For example, create a file called check_perms.sh:

#!/bin/bash
for dir in "$@"; do
    echo "Checking: $dir"
    ls -ld "$dir"
    stat -c "%a %n" "$dir"
done

Make it executable and run:

chmod +x check_perms.sh
./check_perms.sh /home/user /var/www

This prints both symbolic and numeric permissions for each folder.

Using Aliases For Faster Checks

Add an alias to your .bashrc or .zshrc file:

alias perms='stat -c "%a %A %n"'

Then just type perms /path to see permissions quickly.

Troubleshooting Permission Issues

When you get “Permission denied” errors, follow these steps:

  1. Check the folder’s permissions with ls -ld.
  2. Verify the parent directories with namei -l.
  3. Check if ACLs are set with getfacl.
  4. Look for special bits like sticky bit (chmod +t) that might restrict deletion.
  5. Ensure the filesystem is mounted with correct options.

For example, if user john can’t access /data/project, run:

namei -l /data/project
getfacl /data/project
groups john

The groups command shows which groups the user belongs to. If the folder’s group is developers and john isn’t in it, he won’t have group permissions.

Fixing Permissions With Chmod And Chown

Once you’ve identified the issue, you can fix it. Use chmod to change permissions:

chmod 755 /path/to/folder

Or chown to change owner and group:

chown user:group /path/to/folder

For recursive changes, add -R:

chmod -R 755 /path/to/folder

Be careful with recursive changes. They can break system functionality if applied incorrectly.

Understanding Sticky Bit And Other Special Permissions

The sticky bit (represented by t in the permissions string) is common on /tmp. It means only the owner of a file can delete or rename it, even if others have write permission on the directory. Check for it:

ls -ld /tmp

You’ll see drwxrwxrwt. The t at the end indicates the sticky bit is set.

Setgid On Directories

When the setgid bit is set on a directory, new files created inside it inherit the directory’s group. This is useful for shared projects. Check with:

ls -ld /shared/project

Look for an s in the group execute position, like drwxrwsr-x.

Using Graphical Tools To Check Permissions

If you prefer a GUI, file managers like Nautilus (GNOME), Dolphin (KDE), or Thunar (XFCE) show permissions in the properties dialog. Right-click a folder, select Properties, then go to the Permissions tab. You’ll see owner, group, and others permissions in a dropdown menu.

However, graphical tools may not show ACLs or special bits. For a complete picture, the command line is still best.

Remote Servers And Ssh

When checking permissions on a remote server, use SSH:

ssh user@server 'ls -ld /path/to/folder'

You can also use stat or getfacl remotely. For multiple checks, consider mounting the remote filesystem with SSHFS:

sshfs user@server:/remote/path /local/mount

Then check permissions locally.

Permissions And Security Best Practices

Always follow the principle of least privilege. Give folders only the permissions needed. For web servers, 755 is common for directories, 644 for files. Never use 777 on production systems.

Regularly audit permissions with find commands. Look for world-writable directories, files with setuid bits, or directories owned by the wrong user.

Logging Permission Changes

Use auditd to log permission changes. Install and configure it:

sudo apt install auditd
sudo auditctl -w /path/to/folder -p wa -k folder_perms

Then check logs with:

ausearch -k folder_perms

This helps track who changed permissions and when.

Frequently Asked Questions

What is the difference between ls -l and stat for checking permissions?

ls -l shows a quick overview in symbolic format. stat provides more details, including numeric permissions, timestamps, and file size. Use ls for a fast check, stat for in-depth analysis.

How can I check folder permissions for all users at once?

Use getfacl to see ACLs for all users and groups. For standard Unix permissions, ls -l shows owner, group, and others. To check a specific user, use sudo -u username ls -ld /path.

Why does ls -l show d????????? for some folders?

This usually means the filesystem doesn’t support permissions (like FAT32) or the folder is on a network share with different permissions. Check mount options with mount.

Can I check permissions without using the terminal?

Yes, most file managers have a properties dialog that shows basic permissions. However, for ACLs, special bits, or recursive checks, the command line is more reliable.

What does the + sign at the end of permissions mean in ls -l?

It means the folder has extended ACLs. Run getfacl to see the full list.

Final Tips For Mastering Folder Permissions

Practice with test directories. Create a folder, change permissions, and check them with different commands. Use man pages for deeper understanding:

man ls
man stat
man getfacl

Remember that permissions are just one part of Linux security. Combine them with user management, groups, and SELinux or AppArmor for robust protection.

Now you have a complete toolkit for checking folder permissions. Whether you’re debugging an