How To Check Permissions In Linux : Linux Permission Types And Levels

by

Managing system security in Linux starts with knowing how to check file and directory permissions. Understanding how to check permissions in linux is essential for controlling access, preventing unauthorized changes, and keeping your system safe.

Permissions in Linux determine who can read, write, or execute a file. Without checking them, you risk exposing sensitive data or breaking critical scripts. This guide walks you through every method, from simple commands to advanced tools.

How To Check Permissions In Linux

Before diving into commands, you need to understand the permission structure. Every file and directory has three sets of permissions: owner, group, and others. Each set includes read (r), write (w), and execute (x) rights.

The most common way to view permissions is with the ls -l command. It shows a string like -rwxr-xr--. The first character indicates the file type. The next nine characters represent the three permission sets.

Using Ls -L To View Permissions

Open your terminal and type:

ls -l

You will see output similar to this:

-rw-r--r-- 1 user group 1024 Mar 10 10:00 example.txt

Here is what each part means:

  • -rw-r–r–: Permission string
  • 1: Number of hard links
  • user: File owner
  • group: Group owner
  • 1024: File size in bytes
  • Mar 10 10:00: Last modification date
  • example.txt: File name

To check a specific file, add its name:

ls -l /path/to/file

For directories, the first character is d. For example:

drwxr-xr-x 2 user group 4096 Mar 10 10:00 myfolder

Understanding The Permission String

The nine characters after the first one break into three groups of three:

  • Owner: Characters 2-4 (rwx)
  • Group: Characters 5-7 (r-x)
  • Others: Characters 8-10 (r–)

A dash means no permission. So r-- means read-only. rwx means full access. r-x means read and execute, but no write.

This structure is consistent across all Linux distributions. Once you memorize it, you can read permissions instantly.

Checking Permissions With Stat Command

The stat command gives more detailed information. It shows permissions in both symbolic and numeric (octal) format.

Run:

stat example.txt

Output includes:

  • Access: The permission string
  • Uid: Owner user ID and name
  • Gid: Group ID and name
  • Access, Modify, Change: Timestamps

To see only the permission string, use:

stat -c "%a %A" example.txt

Here, %a shows octal permissions (like 755), and %A shows the symbolic string (like -rwxr-xr-x).

This command is useful for scripting because you can extract exact values.

Using Namei To Check Path Permissions

Sometimes you need to check permissions for every component in a path. The namei command lists each part with its permissions.

For example:

namei -l /home/user/documents/file.txt

Output shows:

drwxr-xr-x /
drwxr-xr-x home
drwx------ user
drwxr-xr-x documents
-rw-r--r-- file.txt

This helps identify where permission issues occur. If you cannot access a file, check if any parent directory blocks you.

Checking Permissions For Multiple Files

To view permissions for all files in a directory, use ls -la. The -a flag shows hidden files (those starting with a dot).

ls -la

You can also use wildcards:

ls -l *.txt

This shows permissions for all text files. For recursive checking, use:

ls -lR

Be careful with recursive output; it can be long for large directories.

Checking Permissions Of A Directory

Directories have special rules. Execute permission on a directory allows you to enter it. Read permission lets you list its contents. Write permission lets you create or delete files inside.

To check a directory’s permissions:

ls -ld myfolder

The -d flag prevents listing the directory’s contents. Instead, it shows the directory’s own permissions.

For example:

drwxr-x--- 2 user group 4096 Mar 10 10:00 myfolder

Here, the owner has full access, the group can read and execute, and others have no access.

Using Find To Check Permissions

The find command can locate files with specific permissions. This is powerful for auditing.

To find files with world-writable permissions:

find / -type f -perm -o+w

To find directories with no owner permissions:

find / -type d -perm -000

You can combine with -ls to see details:

find /home -type f -perm 777 -ls

This command helps identify security risks quickly.

Checking Permissions With Getfacl

If your filesystem supports Access Control Lists (ACLs), use getfacl to view extended permissions.

Run:

getfacl example.txt

Output includes:

# file: example.txt
# owner: user
# group: group
user::rw-
group::r--
other::r--

ACLs allow more granular control. For example, you can give specific users read access without changing the group.

To check if ACLs are enabled, use:

tune2fs -l /dev/sda1 | grep acl

Most modern Linux distributions have ACLs enabled by default.

Numeric (Octal) Permissions Explained

Permissions can be represented as a three-digit number. Each digit is the sum of:

  • 4: Read
  • 2: Write
  • 1: Execute

So 755 means:

  • Owner: 7 (rwx)
  • Group: 5 (r-x)
  • Others: 5 (r-x)

To check numeric permissions, use:

stat -c "%a %n" *

This prints octal values for all files in the current directory.

Common Permission Values

  • 777: Full access for everyone (risky)
  • 755: Owner full, others read/execute (common for scripts)
  • 644: Owner read/write, others read (common for documents)
  • 600: Owner read/write only (private files)
  • 700: Owner full access only (private scripts)

Always use the least permissive values needed.

Checking Permissions For Running Processes

Permissions also affect running processes. Use ps or top to see which user owns a process.

ps -u username

To check file permissions of a running executable:

ls -l /proc/PID/exe

Replace PID with the process ID. This shows the permissions of the binary being executed.

For example:

ls -l /proc/1234/exe

This helps verify if a process runs with proper permissions.

Using Umask To See Default Permissions

The umask command shows the default permission mask for new files. Run:

umask

It returns a number like 0022. This subtracts from full permissions (666 for files, 777 for directories).

So with umask 022, new files get 644 (666 – 022), and new directories get 755 (777 – 022).

To see the symbolic form:

umask -S

Output: u=rwx,g=rx,o=rx

Understanding umask helps you predict permissions before creating files.

Checking Permissions Remotely With Ssh

You can check permissions on remote servers using SSH. Run:

ssh user@server 'ls -l /path/to/file'

Or for multiple files:

ssh user@server 'stat -c "%a %A %n" /path/*'

This is useful for managing multiple servers from one terminal.

Automating Permission Checks With Scripts

You can write a simple bash script to check permissions regularly. Here is an example:

#!/bin/bash
echo "Checking permissions..."
find /important -type f -perm /o+w -exec ls -l {} \;

Save it as check_perms.sh, make it executable with chmod +x check_perms.sh, and run it.

You can schedule it with cron to run daily:

0 2 * * * /home/user/check_perms.sh > /var/log/perm_check.log

This automates security audits.

Troubleshooting Permission Issues

If you get “Permission denied” errors, follow these steps:

  1. Check the file’s permissions with ls -l
  2. Verify the file’s owner and group
  3. Check parent directory permissions with namei
  4. Look for ACLs with getfacl
  5. Check if the filesystem is mounted with noexec or nosuid options

For example, if you cannot execute a script, ensure it has execute permission:

chmod +x script.sh

If you cannot read a file, check if the directory has execute permission for you.

Common Permission Problems

  • World-writable files: Security risk; use chmod o-w to fix
  • Setuid binaries: Can escalate privileges; audit with find / -perm -4000
  • Sticky bit directories: Only owners can delete files; check with ls -ld /tmp

Always investigate unexpected permission changes.

Using Graphical Tools To Check Permissions

If you prefer GUI, most file managers show permissions. In Nautilus (GNOME), right-click a file, select Properties, then go to the Permissions tab.

You can see owner, group, and access levels. Some tools like baobab (disk usage analyzer) also show permission info.

However, the command line is faster for bulk checks.

Best Practices For Permission Management

  • Use the principle of least privilege: give only needed permissions
  • Regularly audit world-writable files
  • Set umask to 027 for stricter defaults
  • Use ACLs for complex scenarios
  • Document permission changes in your system

Checking permissions should be part of your routine maintenance.

Frequently Asked Questions

How do I check permissions of all files in a directory recursively?

Use ls -lR or find /path -type f -exec ls -l {} \;. The second option is more efficient for large directories.

What is the difference between chmod and chown?

chmod changes permissions (read, write, execute). chown changes the owner and group of a file. Both are needed for full access control.

How can I see permissions in octal format?

Use stat -c "%a %n" filename. This shows the numeric value like 755 or 644.

Why do I get “Permission denied” even as root?

Root can bypass most permissions, but not all. Check if the filesystem is mounted with noexec or if file attributes (like immutable) are set with lsattr.

How do I check permissions for a symbolic link?

Use ls -l linkname. The permissions shown are for the link itself, not the target. To check the target, use ls -L linkname or stat with the -L flag.

Mastering how to check permissions in Linux gives you control over your system’s security. Start with ls -l, then explore stat, find, and getfacl. Regular checks prevent unauthorized access and keep your data safe.

Practice these commands daily. Soon, reading permission strings will become second nature. Your Linux system will be more secure, and you will troubleshoot faster.