Checking permissions requires the `ls -l` command, which displays read, write, and execute flags for owner, group, and others. If you are new to Linux, understanding how to list permissions in linux is a fundamental skill that helps you control access to your files and directories. This guide walks you through every method, from basic commands to advanced techniques, so you can manage permissions like a pro.
Permissions in Linux determine who can read, write, or execute a file. They are the backbone of system security. Without knowing how to list them, you might accidentally expose sensitive data or lock yourself out of important files. Let’s fix that.
How To List Permissions In Linux
The most common way to list permissions is with the ls -l command. When you run it in a directory, you see a detailed output for each file and folder. The first column shows the permission string, which looks like -rwxr-xr--. This string has 10 characters: the first indicates the file type, and the next nine are split into three groups of three—owner, group, and others.
For example, -rwxr-xr-- means the owner can read, write, and execute; the group can read and execute; and others can only read. The - at the start means it is a regular file. If it were a directory, you would see a d instead.
To practice, open your terminal and type:
ls -lYou will see a list like this:
-rw-r--r-- 1 user user 1234 Jan 15 10:30 file.txt
drwxr-xr-x 2 user user 4096 Jan 15 10:30 folderThe second column shows the number of hard links, the third is the owner, the fourth is the group, then file size, date, and name. The permission string is your key to understanding access rights.
Understanding The Permission String
Each character in the permission string has a meaning. The first character tells you the file type:
-regular fileddirectorylsymbolic linkccharacter devicebblock device
The next nine characters are three sets of three. Each set uses r for read, w for write, and x for execute. A dash means that permission is not granted. The order is always owner, group, then others.
For instance, rwx means full access, while r-- means read-only. If you see rw-, the user can read and write but not execute. This structure is consistent across all Linux systems, making it easy to read once you know the pattern.
Listing Permissions For A Single File
If you only need permissions for one file, use ls -l followed by the file name:
ls -l /path/to/file.txtThis shows the permission string for that specific file. You can also use stat for more detailed information, which we will cover later. For now, stick with ls -l because it is the fastest way to check.
Remember that the output includes the owner and group names. If you are troubleshooting access issues, these fields are crucial. For example, if a file is owned by root but you are a regular user, you might not have write access.
Listing Permissions Recursively
To see permissions for all files and subdirectories inside a folder, add the -R flag:
ls -lR /path/to/directoryThis recursively lists everything. The output can be long, so you might want to pipe it to less or grep to filter results. For example:
ls -lR /home/user | grep "\.txt"This shows only lines containing .txt. Recursive listing is usefull when you need to audit an entire directory tree for permission issues.
Using Stat To List Permissions
The stat command gives you more detailed permission information. Run:
stat file.txtThe output includes the permission string in both symbolic and numeric (octal) form. For example, you might see Access: (0644/-rw-r--r--). The numeric value 0644 is a compact way to represent permissions. Each digit corresponds to owner, group, and others: 4 for read, 2 for write, 1 for execute, and sums for combinations.
Stat also shows the file’s inode number, access time, and modification time. This is handy when you need more than just the permission string. However, for quick checks, ls -l is usually enough.
Listing Permissions With Find
The find command can list files with specific permissions. For example, to find all files with 777 permissions (world-writable):
find /path -type f -perm 0777To list permissions for every file found, use the -ls action:
find /path -type f -perm 0777 -lsThis shows the permission string, owner, size, and path. Find is powerfull for security audits because you can combine it with other conditions like size or modification date.
Listing Permissions For Directories
Directories use the same permission string but with different meanings. The execute bit on a directory allows you to enter it. The read bit lets you list its contents. The write bit allows you to create or delete files inside it.
To list permissions for directories, use:
ls -ld /path/to/directoryThe -d flag prevents ls from listing the directory’s contents. Instead, it shows the directory itself. For example, drwxr-xr-x means the owner can read, write, and enter; the group can read and enter; others can only read and enter.
Using Getfacl For Extended Permissions
If your system uses Access Control Lists (ACLs), the getfacl command shows extended permissions. Run:
getfacl file.txtThe output lists the owner, group, and any additional users or groups with specific permissions. For example:
# file: file.txt
# owner: user
# group: user
user::rw-
group::r--
other::r--ACLs are common on shared systems. They allow more granular control than standard Unix permissions. If you see a + sign at the end of the permission string in ls -l, it means ACLs are in use.
Listing Permissions In Octal Format
Sometimes you need permissions in numeric form, like when using chmod. The stat command gives you this directly, but you can also use ls -l and convert manually. The octal value is calculated by adding the numbers for each set: read (4), write (2), execute (1).
For example, rwxr-xr-- becomes:
- Owner: rwx = 4+2+1 = 7
- Group: r-x = 4+0+1 = 5
- Others: r– = 4+0+0 = 4
So the octal value is 754. To see it directly, run:
stat -c "%a %n" file.txtThis prints the octal permissions followed by the file name. The -c flag lets you customise the output format.
Listing Permissions For Hidden Files
Hidden files (those starting with a dot) are not shown by default with ls -l. To include them, add the -a flag:
ls -laThis lists all files, including .bashrc, .profile, and others. The permission string works the same way. Hidden files often contain configuration data, so checking their permissions is important for security.
Using Alias For Faster Listing
If you frequently check permissions, create an alias in your shell. Add this line to your .bashrc or .zshrc:
alias ll='ls -la'Now typing ll gives you a detailed list with hidden files. You can also create an alias for recursive listing:
alias lr='ls -lR'Aliases save time and reduce typing errors. They are especially usefull when you work on multiple servers.
Common Permission Scenarios
Here are a few real-world examples of listing permissions:
- Check if a script is executable:
ls -l script.sh— look forxin the owner or group section. - Verify a shared folder:
ls -ld /shared— ensure the group hasrwx. - Audit world-writable files:
find / -type f -perm -0002 -ls— finds files writable by others.
These commands help you maintain a secure system. Always double-check permissions before granting write access to others.
Troubleshooting Permission Issues
If you cannot access a file, start by listing its permissions. Use ls -l to see the owner and group. Then check your current user with whoami and your groups with groups. If you are not the owner or in the group, you fall under “others.”
For directories, remember that you need execute permission to enter. If you get a “Permission denied” error, the directory might lack the x bit for you. Use ls -ld to check.
Sometimes the issue is with the parent directory. Even if a file has full permissions, you cannot access it if the parent directory blocks you. List permissions recursively to trace the problem.
Automating Permission Checks With Scripts
You can write a simple bash script to list permissions for multiple files. For example:
#!/bin/bash
for file in "$@"; do
ls -l "$file"
doneSave it as checkperm.sh, make it executable with chmod +x checkperm.sh, and run it with filenames as arguments. This is handy for system administrators who need to audit many files.
Another script could find files with SUID or SGID bits set, which are security risks:
find / -type f -perm /6000 -lsThese scripts automate repetitive tasks and help you stay on top of permissions.
Understanding Special Permission Bits
Besides the standard rwx, Linux has three special bits: SUID, SGID, and Sticky Bit. They appear in the permission string as s or t in the execute position.
- SUID (Set User ID): Shown as
sin the owner’s execute field (e.g.,rwsr-xr-x). The file runs with the owner’s privileges. - SGID (Set Group ID): Shown as
sin the group’s execute field (e.g.,rwxr-sr-x). For files, it runs with the group’s privileges. For directories, new files inherit the group. - Sticky Bit: Shown as
tin the others’ execute field (e.g.,rwxrwxrwt). Only the file owner can delete or rename files in that directory.
To list files with these bits, use find with the -perm flag. For example, to find all SUID files:
find / -type f -perm -4000 -lsThese bits can be security risks if misused, so regular audits are recommended.
Using Namei To Trace Path Permissions
The namei command shows the permissions for every component in a path. Run:
namei -l /path/to/fileIt lists each directory and the final file with their permission strings. This is usefull when you need to understand why a file is inaccessible. For example, if a parent directory lacks execute permission, you cannot reach the file even if the file itself is open.
Comparing Permissions Across Systems
If you manage multiple Linux servers, you might need to compare permissions. Use ls -lR on both systems and diff the outputs. For example:
ls -lR /etc > etc-permissions-server1.txt
# On server2, run the same command
diff etc-permissions-server1.txt etc-permissions-server2.txtThis highlights differences in file permissions, owners, or groups. It is a good practice after system migrations or updates.
Permissions In Containers And Virtual Environments
In Docker containers or virtual machines, permissions work the same way, but you might be running as root by default. Always check permissions inside the container with ls -l. If you mount host directories, the permissions might conflict. Use ls -n to show numeric UIDs and GIDs instead of names, which helps debug mapping issues.
For example:
ls -ln /mounted-folderThis shows the numeric IDs, making it easier to compare with the host system.
Frequently Asked Questions
Q: What is the difference between ls -l and ls -la?
A: ls -l lists files except hidden ones. ls -la includes hidden files (those starting with a dot).
Q: How can I list permissions in octal format?
A: Use stat -c "%a %n" filename to see the numeric permissions.
Q: Why does ls -l show a + at the end of the permission string?
A: The + indicates that Access Control Lists (ACLs) are set. Use getfacl to view them.
Q: Can I list permissions for a file without changing to its directory?
A: Yes, provide the full path: ls -l /full/path/to/file.
Q: What does the s in the permission string mean?
A: It means the SUID or SGID bit is set. The file runs with the owner’s or group’s privileges.
Now you have a complete toolkit for listing permissions in Linux. Practice these commands in your terminal, and you will quickly become comfortable with reading and interpreting permission strings. Remember to check permissions regularly, especially on shared systems or after installing new software. It is a small habit that prevents big security headaches.