Check Linux file permissions with ls

This article explains how to use the ls command to check Linux file permissions. Being able to check the permissions on a file is useful, especially for troubleshooting. You can ensure that a user can read a particular file, for example, or examine a directory structure to ensure that users can follow the hierarchy to the files that they need.

ls command

Use the ls command (the first letter is a lowercase L) to see what files are in a directory. When run by itself, ls returns a list of the current working directory. You can also specify a directory to list. The following example shows a list of the first few files in the /etc directory on a Gentoo system.

$ ls /etc
DIR_COLORS            gentoo-release      man.conf            runlevels
adjtime               gpm                 mime.types          sandbox.conf
apache2               group               mke2fs.conf         sandbox.d
bash                  group-              modprobe.d          scsi_id.config
ca-certificates       host.conf           modules.autoload.d  securetty
ca-certificates.conf  hosts               modprobe.d          scsi_id.config
...

ls -h

The -h option changes the way file sizes are displayed. When you use the -h option, files sizes are displayed in the human-readable format of kilobytes, megabytes, and so on, rather than in raw bytes. Other linux tools such as df also support this flag. The command df -h shows current disk usage in a easier to read format.

ls -a

To display hidden files (files with names that start with a period), use the -a option. For example, if you use only ls to look at the root home directory on a clean Linux installation, no files are returned:

$ ls /root

However, if you add the -a option, the ls command returns a list of files:

$ ls -a /root
.  ..  .bash_history  .bashrc  .profile  .viminfo

Files that start with a period are often system files and application settings files, and you usually don’t want them included in directory lists. But it’s important to know that they’re there and how to see them. The .bashrc file is especially useful to know about because it contains user environment settings that you can change.

If you combine the -a option with the -l option (see the next section) into -la, you get all the details of the hidden files:

$ ls -la /root
total 24
drwxr-xr-x  2 root root 4096 2009-12-16 01:10 .
drwxr-xr-x 23 root root 4096 2010-02-18 10:14 ..
-rw-------  1 root root  123 2010-01-21 15:49 .bash_history
-rw-r--r--  1 root root 2227 2007-10-20 11:51 .bashrc
-rw-r--r--  1 root root  141 2007-10-20 11:51 .profile
-rw-------  1 root root  868 2009-12-16 00:47 .viminfo

Consider the single period and double period in both directory lists:

  • The single period (.) refers to the directory itself. This is convenient if you want it to run a command and reference your current directory (for example, when you want to copy a file there).
  • The double period (..) refers to the parent directory. If you type cd .. the directory changes to the one above the one you’re in, in the file system hierarchy. For example, if your current directory is /root, typing cd .. would take you to /, the very top of the hierarchy.

ls -l

To get more information about the files in a directory, use the -l option with ls, as shown in the following example.

$ ls -l /etc
total 492
-rw-r--r-- 1 root root  4468 Nov 19  2009 DIR_COLORS
-rw-r--r-- 1 root root    10 Jun 30 03:29 adjtime
drwxr-xr-x 4 root root  4096 Jun 30 03:44 apache2
drwxr-xr-x 2 root root  4096 Nov 19  2009 bash
drwxr-xr-x 3 root root  4096 Nov 19  2009 ca-certificates
-rw-r--r-- 1 root root  5955 Nov 19  2009 ca-certificates.conf
drwxr-xr-x 2 root root  4096 Jul  5 20:37 conf.d
drwxr-xr-x 2 root root  4096 Dec  3  2009 cron.d
drwxr-x--- 2 root root  4096 Dec  3  2009 cron.daily
-rw-r--r-- 1 root root   220 Dec  3  2009 cron.deny
drwxr-x--- 2 root root  4096 Dec  3  2009 cron.hourly
drwxr-x--- 2 root root  4096 Dec  3  2009 cron.monthly
drwxr-x--- 2 root root  4096 Dec  3  2009 cron.weekly
-rw-r--r-- 1 root root   611 Dec  3  2009 crontab
...

The file names are on the far right side of each line, and the file details precede the names. The necessary details to check file permissions are (1) the series of letters and dashes on the far left of each line, and (2) the two columns that have root in them (in the preceding example). The rest of this article explains how to interpret and use these details.

Permission details

This section explains the series of letters and dashes that define the file permissions.

The first character: file type

In the preceding examples, the first character in each list was either a dash (-) or the letter d.

  • A dash (-) indicates that the file is a regular file.
  • The letter d indicates that the file is a directory, which is basically a special kind of file.

A special file type that you might see is a symlink, sometimes called a soft link. It begins with a lowercase L, as shown in the following example:

lrwxrwxrwx 1 root root      4 Jun 30 03:29 sh -> bash

A symlink is a pointer to another location in the file system.

Permissions abbreviations

Permissions for files are represented by the following letters.

  • r refers to the read permission.
  • w refers to the write permission.
  • x refers to the execute permission.

The permissions characters

Consider the following example:

drwxrwxr-x 2 root mail 4096 Dec  3  2009 mail

The first trio of letters after the file type in a file list (rwx) shows the permissions for the user, or file owner.

The next trio of characters (also rwx) shows the permissions for the group category.

The last trio of characters (r-x) shows the permissions for the final category, other. In this example, users who are neither the file owner nor in the group have read and execute permissions but not write, as indicated by the dash (-) in the middle position.

Notice the specific order to the permissions in a trio: read, write, execute. A dash in place of a letter for a permission means that category doesn’t have that permission.

The first number

The number listed after the permissions indicates the link count of a file or the number of contained directory entries, for a directory. This number is not relevant for permissions.

Owner and group

After the number of links, two names are listed. In the preceding example, the names are root and mail.

The first name indicates the owner of the file. The user permissions apply to owner of the file, so in this case, the user ‘root’ has read, write, and execute permissions for this directory.

The second name is the file’s group. The group permissions apply to any user in the same group as the file, so in this case, those permissions apply to anyone in the mail group.

The rest

The remainder of the file details are the size of the file, the date and time that the file was created or last modified, and the file name.