Viewing a file’s permission settings in Linux helps you understand who can read, write, or execute it. Knowing how to check permission of a file in linux is a fundamental skill for anyone managing a system. This guide walks you through every method, from simple commands to advanced techniques, so you can control access like a pro.
Understanding Linux File Permissions
Linux uses a permission system based on three user categories: owner, group, and others. Each category can have read (r), write (w), and execute (x) permissions. Permissions are displayed as a string like -rwxr-xr-- or as a numeric value like 755.
The first character indicates the file type. A dash (-) means a regular file, while “d” stands for a directory. The next nine characters are split into three groups of three: owner, group, and others.
For example, -rwxr-xr-- means the owner can read, write, and execute; the group can read and execute; and others can only read. Numeric permissions use octal values: read=4, write=2, execute=1. So 755 means owner has 7 (4+2+1), group has 5 (4+1), and others have 5.
How To Check Permission Of A File In Linux
The most common way is using the ls -l command. Open your terminal and type ls -l filename. This shows the permission string, number of links, owner, group, file size, modification date, and name.
For example, ls -l myfile.txt might output -rw-r--r-- 1 user group 1024 Jan 1 12:00 myfile.txt. The first ten characters are the permissions. You can also use ls -la to include hidden files (those starting with a dot).
If you want to check multiple files at once, use ls -l *.txt to see all text files. Or ls -l /path/to/directory to view everything in a folder. This method is fast and works on all Linux distributions.
Using The Stat Command
The stat command gives more detailed information. Type stat filename to see permissions in both symbolic and numeric forms, along with timestamps and inode numbers.
Output includes lines like Access: (0644/-rw-r--r--). The number 0644 is the numeric permission, and the symbolic string follows. This is useful when you need both formats at once.
For a quick numeric check, use stat -c %a filename. The %a format prints only the octal permissions. For symbolic, use stat -c %A filename. This saves time when scripting.
Checking Permissions With Namei
The namei command shows permissions for every component in a file path. This helps when a file is deep inside a directory tree and you need to verify access at each level.
Run namei -l /path/to/file. It lists each directory and the file itself, along with their permissions. If a parent directory lacks execute permission, you cannot access files inside it, even if the file itself has open permissions.
This command is less common but very useful for troubleshooting permission errors. It reveals where access is blocked along the path.
Using Getfacl For ACL Permissions
Access Control Lists (ACLs) extend standard permissions. To check ACLs, use getfacl filename. This shows additional users and groups with specific permissions beyond the basic owner/group/others model.
Output includes lines like user:john:rw- meaning user John has read and write permissions. It also shows the mask, which limits maximum permissions for named users and groups.
If ACLs are not enabled on your filesystem, you might see only the standard permissions. Use getfacl -R directory to recursively check all files in a folder.
Interpreting Permission Strings
Permission strings are ten characters long. The first character is the file type: - for file, d for directory, l for symbolic link, c for character device, b for block device.
The next nine characters are three groups of three: owner, group, others. Each group has r, w, x in order. A dash means that permission is not granted. For example, r-x means read and execute, but no write.
Special permissions like setuid (s), setgid (s), and sticky bit (t) appear in the execute position. For example, rwsr-xr-x means the setuid bit is set for the owner. The sticky bit on a directory (like /tmp) appears as rwxrwxrwt.
Numeric Permission Values
Numeric permissions are three digits (or four with special bits). Each digit is the sum of read (4), write (2), and execute (1). So 7 = rwx, 6 = rw-, 5 = r-x, 4 = r–, 0 = —.
Common values include 755 (rwxr-xr-x) for executables, 644 (rw-r–r–) for regular files, and 700 (rwx——) for private files. Directories often use 755 so users can list contents and access files.
To convert between symbolic and numeric, remember the octal values. You can also use chmod with numeric values to set permissions directly.
Practical Examples Of Checking Permissions
Let’s say you have a script called backup.sh. Run ls -l backup.sh. If you see -rw-r--r--, the owner can read and write, but no one can execute. You need to add execute permission with chmod +x backup.sh.
For a directory like /var/www, use ls -ld /var/www. The -d flag shows the directory’s own permissions, not its contents. If it shows drwxr-xr-x, the owner can write, but group and others can only read and execute.
To check a hidden file like .bashrc, use ls -la ~/.bashrc. The -a flag includes hidden files. You might see -rw-------, meaning only the owner can read and write.
Checking Permissions Recursively
Use ls -lR to list all files and directories recursively. This shows permissions for every item in a folder tree. The -R flag stands for recursive.
For a cleaner view, use find /path -type f -exec ls -l {} \; to list only files. Or find /path -type d -exec ls -ld {} \; for directories. This helps when you need to audit permissions across many files.
You can also combine with grep to filter results. For example, ls -lR | grep "^d" shows only directories and their permissions.
Common Permission Issues And Solutions
One frequent problem is “Permission denied” when trying to read a file. Check the file’s permissions with ls -l. If others have no read permission, you might need to change it with chmod o+r filename.
Another issue is not being able to enter a directory. The directory needs execute permission for you. Use chmod +x directory to add execute for everyone, or chmod u+x directory for just the owner.
Sometimes a file is owned by root and you are a regular user. Use sudo ls -l filename to check permissions with superuser privileges. But you cannot change ownership without sudo.
Fixing Permission Errors
If you get “Permission denied” for a script, check if it has execute permission. Use chmod +x script.sh to fix it. For a file you cannot read, use chmod o+r file to allow others to read.
For directories, ensure you have execute permission to traverse them. Use chmod +x /path/to/dir. If you need to write files inside, the directory must have write permission for you.
Remember that changing permissions might require sudo if you are not the owner. Always verify with ls -l after making changes.
Advanced Permission Checking With Scripts
You can write a simple bash script to check permissions for multiple files. For example:
#!/bin/bash
for file in "$@"; do
if [ -e "$file" ]; then
echo "Permissions for $file:"
ls -l "$file"
else
echo "$file does not exist"
fi
doneSave it as checkperms.sh, make it executable with chmod +x checkperms.sh, and run it with ./checkperms.sh file1 file2.
You can also use find with -perm to locate files with specific permissions. For example, find / -type f -perm 777 finds world-writable files, which are a security risk.
Using Aliases For Faster Checking
Create an alias in your .bashrc file to speed up permission checks. Add this line: alias perms='ls -l'. Then typing perms filename works like ls -l.
For numeric permissions, add: alias numperms='stat -c "%a %n"'. This prints the octal value and filename. Reload your bashrc with source ~/.bashrc to apply changes.
Aliases save keystrokes and make frequent checks more efficient. You can customize them to your workflow.
Security Implications Of File Permissions
World-writable files (permission 777) are dangerous because any user can modify them. This could lead to data corruption or malware injection. Always restrict write permissions to only necessary users.
Setuid and setgid bits on executables can elevate privileges. A setuid root binary runs with root permissions regardless of who executes it. Check for these with find / -perm -4000 to audit setuid files.
The sticky bit on directories (like /tmp) prevents users from deleting files they don’t own. Verify it with ls -ld /tmp. The permission string should end with t instead of x for others.
Best Practices For Permission Management
Use the principle of least privilege: give only the permissions needed. For most files, 644 (rw-r–r–) is sufficient. For directories, 755 (rwxr-xr-x) allows listing and access without write permission for others.
Regularly audit permissions with commands like find /home -type f -perm 777. Fix any overly permissive files immediately. Use chmod 644 for files and chmod 755 for directories.
For sensitive data, use 600 (rw——-) or 700 (rwx——) so only the owner has access. Backup scripts and configuration files should be protected this way.
Frequently Asked Questions
How Do I Check File Permissions In Linux Using Ls?
Use ls -l filename to see the permission string. The first ten characters show the file type and permissions for owner, group, and others. For directories, add the -d flag to see the directory’s own permissions.
What Is The Command To See Permissions Of A File In Linux?
The most common command is ls -l. You can also use stat filename for detailed info, or getfacl filename for ACL permissions. All these show who can read, write, or execute the file.
How Can I Check Permission Of A File In Linux Numeric Format?
Use stat -c %a filename to get the octal permission value (like 644 or 755). Or run stat filename and look for the line starting with “Access:” which shows both numeric and symbolic formats.
Why Do I Get “Permission Denied” Even Though I Own The File?
Check if the file has execute permission if you are trying to run it. Also verify that all parent directories have execute permission for you. Use namei -l /path/to/file to trace the path and find where access is blocked.
How Do I Check Permissions For All Files In A Directory?
Use ls -l /path/to/directory to list all files and their permissions. For recursive checking, use ls -lR or find /path -type f -exec ls -l {} \;. The find command is more flexible for filtering.
Now you have a complete toolkit for checking file permissions in Linux. Practice these commands regularly, and you will quickly master access control. Remember to always verify changes with ls -l to ensure your modifications took effect. With these skills, you can keep your system secure and your files accessible to the right people.