How to check if a file has specific permissions in Linux

Introduction

In this lab, you will learn how to check file permissions in Linux. Understanding file permissions is fundamental for managing file access and security. You will explore different methods to inspect permissions, starting with the basic ls -l command to view standard read, write, and execute permissions for the owner, group, and others.

Building upon the basics, you will then delve into using the stat --format command for a more detailed and customizable view of file information, including permissions in various formats. Finally, you will learn how to verify Access Control Lists (ACLs) using the getfacl command, which provides a more granular way to manage file permissions beyond the standard owner, group, and others.

Check file permissions with ls -l

In this step, you will learn how to check file permissions in Linux using the ls -l command. Understanding file permissions is crucial for managing files and directories securely.

File permissions determine who can read, write, or execute a file or directory. In Linux, permissions are assigned to three categories:

Owner: The user who owns the file or directory.
Group: A group of users who have specific permissions.
Others: All other users on the system.

Let's create a simple file to examine its permissions. Make sure you are in the ~/project directory. You can confirm your current directory using the pwd command:

pwd

You should see the output:

/home/labex/project

Now, create a file named my_file.txt using the touch command:

touch my_file.txt

The touch command creates an empty file if it doesn't exist.

Next, use the ls -l command to view the file's details, including its permissions:

ls -l my_file.txt

You will see output similar to this:

-rw-rw-r-- 1 labex labex 0 Feb 13 10:00 my_file.txt

Let's break down the first part of the output: -rw-rw-r--. This string represents the file type and permissions.

The first character (-) indicates the file type. - means it's a regular file. Other common types include d for a directory and l for a symbolic link.
The next nine characters are grouped into three sets of three:
- The first set (rw-) shows the owner's permissions.
- The second set (rw-) shows the group's permissions.
- The third set (r--) shows the others' permissions.

Within each set of three characters:

r means read permission.
w means write permission.
x means execute permission.
- means the permission is not granted.

In the example output -rw-rw-r--:

The owner (labex) has read (r) and write (w) permissions, but not execute (-).
The group (labex) has read (r) and write (w) permissions, but not execute (-).
Others have only read (r) permission, but not write (-) or execute (-).

The numbers and names that follow the permissions (1 labex labex 0 Feb 13 10:00) represent:

1: The number of hard links to the file.
labex: The owner of the file.
labex: The group that owns the file.
0: The size of the file in bytes.
Feb 13 10:00: The last modification date and time.
my_file.txt: The file name.

Understanding the output of ls -l is fundamental to working with files and directories in Linux.

Click Continue to proceed to the next step.

Inspect permissions using stat --format

In the previous step, you used ls -l to see file permissions. Another powerful command for getting detailed information about files and file systems is stat. In this step, you'll use stat with the --format option to specifically inspect file permissions in a more structured way.

The stat command can display various information about a file, such as size, blocks, access time, modification time, and permissions. The --format option allows you to specify exactly what information you want to see using format sequences.

Let's use stat to look at the permissions of the my_file.txt file you created in the previous step. Make sure you are still in the ~/project directory.

Type the following command and press Enter:

stat --format=%A my_file.txt

You should see output similar to this:

-rw-rw-r--

This output is the same permission string you saw with ls -l. The %A format sequence tells stat to display the file's permissions in a human-readable format, just like ls -l.

Let's try another format sequence. The %a sequence displays permissions in octal notation. Octal notation is a numerical representation of permissions, where each digit represents the permissions for the owner, group, and others.

Type the following command and press Enter:

stat --format=%a my_file.txt

You should see output similar to this:

Let's break down the octal permission 0664:

The first digit (0) is usually ignored for basic permissions.
The second digit (6) represents the owner's permissions. In binary, 6 is 110. This corresponds to read (1), write (1), and execute (0). So, read and write permissions.
The third digit (6) represents the group's permissions. Again, 110 in binary, meaning read and write permissions.
The fourth digit (4) represents others' permissions. In binary, 4 is 100. This corresponds to read (1), write (0), and execute (0). So, only read permission.

This matches the -rw-rw-r-- output from ls -l. Octal notation is often used when changing permissions with the chmod command, which you might learn about in a future lab.

Using stat --format allows you to extract specific pieces of information about a file, which can be very useful in scripting or for detailed analysis.

Click Continue to move on.

Verify access control lists with getfacl

In addition to the standard Linux permissions (owner, group, others), some file systems support Access Control Lists (ACLs). ACLs provide a more granular way to define permissions for specific users or groups beyond the basic three categories.

The getfacl command is used to display the ACLs of files and directories. In this step, you will use getfacl to check if any ACLs are set on the my_file.txt file.

First, ensure you are in the ~/project directory:

pwd

You should see /home/labex/project.

Now, run the getfacl command on my_file.txt:

getfacl my_file.txt

You should see output similar to this:

## file: my_file.txt
## owner: labex
## group: labex
user::rw-
group::rw-
other::r--

Let's break down the output:

## file: my_file.txt: Indicates the file being examined.
## owner: labex: Shows the file owner.
## group: labex: Shows the file's primary group.
user::rw-: This line shows the permissions for the file owner. user:: refers to the owning user, and rw- indicates read and write permissions. This corresponds to the owner permissions seen with ls -l.
group::rw-: This line shows the permissions for the owning group. group:: refers to the owning group, and rw- indicates read and write permissions. This corresponds to the group permissions seen with ls -l.
other::r--: This line shows the permissions for others. other:: refers to all other users, and r-- indicates read permission. This corresponds to the others permissions seen with ls -l.

In this case, the output of getfacl simply reflects the standard Linux permissions. If specific ACLs were set for other users or groups, they would appear as additional lines in the output, such as user:username:permissions or group:groupname:permissions.

For example, if an ACL was set to give a user named testuser read-only access, the output might include a line like user:testuser:r--.

Since no specific ACLs have been set on my_file.txt, getfacl shows the default permissions derived from the standard permission bits.

Using getfacl is essential when you need to understand the full set of permissions applied to a file or directory, especially in environments where ACLs are used.

Click Continue to complete this lab.

Summary

In this lab, you learned how to check file permissions in Linux using the ls -l command. You created a sample file and interpreted the output of ls -l, understanding the file type and the read, write, and execute permissions for the owner, group, and others.

You also explored alternative methods for inspecting file permissions. You used the stat --format command to retrieve specific permission details in a more structured format, and the getfacl command to check for Access Control Lists (ACLs), which provide more granular permission control beyond the standard owner, group, and others.