How To Check Permissions Of A Directory In Linux

Determining access rights for a Linux directory requires a quick look at its permission string. If you are new to Linux or just need a refresher, learning how to check permissions of a directory in Linux is a fundamental skill that keeps your system secure and organized. This guide walks you through every method, from simple commands to advanced troubleshooting, so you can always know who can read, write, or execute inside any folder.

Permissions control who can view, modify, or run files and directories. Without checking them, you might accidentally lock yourself out or expose sensitive data. Let’s start with the basics and build up to real-world examples.

Understanding Linux Directory Permissions

Before you check anything, you need to understand what you are looking at. Every directory in Linux has three sets of permissions: one for the owner, one for the group, and one for others. These are represented by a string of letters and dashes like drwxr-xr-x.

The first character tells you the type. A d means it is a directory. The next nine characters are split into three groups of three: owner, group, and others. Each group uses r for read, w for write, and x for execute. For directories, execute means you can enter the folder.

So, drwxr-xr-x means the owner can read, write, and enter the directory. The group and others can only read and enter, but not write. This is the most common permission set for public folders.

Now let’s get to the main event. The most direct way to check directory permissions is using the ls command with the -l flag. Open your terminal and type:

ls -l

This lists all files and directories in your current location with their permissions, owner, group, size, and modification date. But if you want to see only directories, you can add the -d flag. For example:

ls -ld /path/to/directory

This shows the permissions of the directory itself, not its contents. Here is a step-by-step breakdown:

Open your terminal.
Navigate to the parent directory using cd.
Run ls -l to see all items.
Look for the line that starts with d for your target directory.
Read the permission string from left to right.

For example, if you run ls -l and see drwx------, only the owner has any access. That is a private directory.

Using The Stat Command For Detailed Output

Another powerful tool is stat. It gives you more details than ls, including the numeric permission value. Type:

stat /path/to/directory

The output shows the file type, permissions in symbolic and octal form, owner, group, and timestamps. The octal value is a three-digit number like 755 or 700. This is usefull for scripting or when you need to set permissions later.

For instance, 755 means owner has full access, and group and others have read and execute. 700 means only the owner can do anything.

Checking Permissions Of Multiple Directories

Sometimes you need to check several directories at once. You can use wildcards with ls. For example:

ls -ld */

This lists all directories in the current folder with their permissions. The */ pattern matches only directories. If you want to see hidden directories (those starting with a dot), use:

ls -ld .*/

You can also combine this with find to check permissions recursively. The find command is very flexible. For example:

find /path -type d -ls

This prints permissions for every directory under the given path. It is a great way to audit a whole folder tree.

Using Numeric (Octal) Permissions

Permissions can also be represented as numbers. Each permission has a value: read is 4, write is 2, and execute is 1. You add them together for each group. So, read and write is 4+2=6, read and execute is 4+1=5, and all three is 4+2+1=7.

For a directory, the numeric value looks like 755. The first digit is for the owner, the second for the group, and the third for others. To check this with stat, run:

stat -c "%a %n" /path/to/directory

The %a gives the octal value, and %n gives the name. This is a quick way to get just the numbers.

Why Numeric Permissions Matter

Numeric permissions are easier to use in scripts and when setting permissions with chmod. For example, chmod 755 directory sets the same permissions you see with stat. Understanding both formats helps you move between checking and changing permissions smoothly.

One common mistake is forgetting that directories need the execute bit to be accessible. If a directory has rw-r--r-- (644), you cannot enter it even if you have read permission. The execute bit is essential for directory traversal.

Checking Permissions Of Hidden Directories

Hidden directories start with a dot, like .ssh or .config. To see them with ls -l, you need the -a flag:

ls -la

This shows all files and directories, including hidden ones. If you want to check a specific hidden directory, use:

ls -ld .hidden_directory

Hidden directories often contain configuration files, so their permissions are critical. For example, .ssh should usually be 700 to keep your SSH keys secure.

Using The Getfacl Command For Extended Permissions

Standard permissions are not the whole story. If your system uses Access Control Lists (ACLs), you need getfacl to see them. ACLs allow more granular control, like giving specific users different permissions.

Run:

getfacl /path/to/directory

The output shows the owner, group, and any additional users or groups with their permissions. This is usefull for shared directories where multiple people need different access levels.

For example, you might have a directory where the owner has full access, the group has read-only, and a specific user has write access. Standard permissions cannot do this, but ACLs can.

Troubleshooting Permission Issues

Sometimes you check permissions and still cannot access a directory. This usually happens because of parent directory permissions. Even if a directory has 755, if its parent has no execute permission for you, you cannot reach it.

To check parent permissions, run:

ls -ld /parent/directory

You need execute permission on every directory in the path. This is called the directory traversal permission. If any parent directory blocks you, you will get a “Permission denied” error.

Another common issue is the sticky bit. Directories like /tmp have a sticky bit, shown as a t at the end of the permission string (drwxrwxrwt). This means only the owner of a file can delete it, even if others have write permission on the directory.

Checking The Sticky Bit

To see if a directory has the sticky bit, look at the last character of the permission string. If it is t instead of x, the sticky bit is set. You can also use stat:

stat /tmp

The sticky bit is important for shared directories to prevent users from deleting each other’s files.

Using The Namei Command For Path Resolution

When you have a long path and cannot access a directory, namei helps you find where the problem is. It shows the permissions of every component in the path. Run:

namei -l /path/to/directory

The output lists each directory in the path with its permissions, owner, and group. You can quickly spot which directory is blocking you. This is a lifesaver for troubleshooting complex permission issues.

For example, if you get “Permission denied” for /var/www/html/project, namei might show that /var has 700 permissions, meaning only root can enter it.

Automating Permission Checks With Scripts

If you manage many directories, you can write a simple script to check permissions. Here is a basic example using a bash loop:

#!/bin/bash
for dir in /path/to/directories/*/; do
    echo "Checking $dir"
    ls -ld "$dir"
done

This loops through all directories under a given path and prints their permissions. You can extend it to check for specific permission values or alert you if something is wrong.

Another approach is using find with a permission filter. For example, to find all directories with world-writable permissions:

find / -type d -perm -o+w 2>/dev/null

This lists every directory that anyone can write to, which is a security risk. The 2>/dev/null hides permission errors for directories you cannot access.

Checking Permissions For A Specific User

Sometimes you need to know what permissions a specific user has on a directory. You can use sudo -u username ls -ld /path to simulate that user. For example:

sudo -u john ls -ld /home/john/project

This shows the permissions as user “john” sees them. It is a good way to test access without actually logging in as that user.

If you do not have sudo access, you can check the directory’s owner and group and then see which groups the user belongs to using groups username.

Common Permission Patterns For Directories

Here are some typical permission sets you will see and what they mean:

755 or drwxr-xr-x: Owner can do everything; group and others can read and enter. Standard for public directories.
700 or drwx------: Only owner has any access. Used for private data like home directories.
750 or drwxr-x---: Owner has full access; group can read and enter; others have no access. Common for project directories.
777 or drwxrwxrwx: Everyone can do everything. This is a security risk and should be avoided.
555 or dr-xr-xr-x: Everyone can read and enter, but no one can write. Used for read-only archives.

Knowing these patterns helps you quickly assess if a directory is secure or misconfigured.

Using The Tree Command For Visual Overview

The tree command is not installed by default on all systems, but it is very handy. It shows a directory tree with permissions. Install it with sudo apt install tree (Debian/Ubuntu) or sudo yum install tree (RHEL/CentOS).

Then run:

tree -p /path/to/directory

The -p flag shows permissions. You get a visual hierarchy with each directory and file’s permission string. This is great for understanding the structure at a glance.

You can also use tree -pug to show owner and group as well.

Checking Permissions Remotely With SSH

If you need to check permissions on a remote server, you can use SSH to run commands. For example:

ssh user@server "ls -ld /path/to/directory"

This runs the command on the remote machine and returns the output. You can combine it with other commands like stat or find for more detailed checks.

For multiple directories, you can script it:

ssh user@server "for d in /var/www/*/; do ls -ld \$d; done"

This is efficient for managing many servers.

Understanding The Umask Effect

When you create a new directory, its permissions are determined by the umask. The umask subtracts permissions from the default (usually 777 for directories). To check your current umask, run:

umask

A typical umask is 022, which means new directories get 755 (777 – 022 = 755). If you see a directory with unexpected permissions, check the umask of the user who created it.

This is not a direct check of existing directories, but it helps you understand why permissions are what they are.

Frequently Asked Questions

How Do I Check Permissions Of A Directory In Linux Without Using Ls?

You can use the stat command or getfacl for more detail. For example, stat /path shows both symbolic and numeric permissions.

What Does The “D” Mean At The Beginning Of Permission String?

The “d” indicates that the item is a directory, not a regular file. It is the first character in the ls -l output.

Can I Check Permissions Of A Directory I Don’t Own?

Yes, you can check permissions of any directory you can see. Use ls -ld /path or stat /path. If you cannot access the directory at all, you will get a “Permission denied” error.

How Do I Check If A Directory Is World-writable?

Look for the last three characters of the permission string. If they are rwx or the numeric value ends with 7, it is world-writable. You can also use find / -type d -perm -o+w to find all such directories.

What Is The Difference Between Checking File And Directory Permissions?

For directories, the execute bit means you can enter the directory, not run it like a program. Read means you can list contents, and write means you can create or delete files inside. The same commands work for both, but the meaning of execute differs.

Checking directory permissions is a daily task for any Linux user. Whether you use ls, stat, or getfacl, the key is to understand what each symbol and number means. With the methods in this guide, you can confidently inspect any directory, troubleshoot access issues, and keep your system secure. Practice on your own machine, and soon you will read permission strings as easily as plain text.