How to check file and folder permissions in Linux

In Linux environments, file and directory permissions control which users can read, modify, or execute data stored on the system. Correctly set permissions prevent accidental changes and reduce the risk of unauthorized access to sensitive files. Clear visibility into these permissions is essential when diagnosing access issues or hardening a system.

The permission model assigns separate access bits to the file owner, group, and others, and exposes them through tools such as ls, stat, and getfacl. Output from these commands shows both symbolic forms like rwxr-xr– and numeric forms like 754, making it possible to audit access at a glance and compare actual settings with policy requirements.

Different filesystems and security extensions such as POSIX ACLs can add extra layers of control, so certain tools may reveal more detail than others. Commands in the following procedure work across common Linux distributions and require read access to the files being inspected; getfacl output appears only when the filesystem and mount options support ACLs.

1. Open a terminal on the Linux system where the files and directories reside.
2. List a file or directory with long format output using ls -l to view symbolic permissions.

   $ ls -l /path/to/file_or_directory
   -rwxr-xr--  1 user group 4096 Sep 10 12:00 file.txt
   drwxr-xr-x  2 user group 4096 Sep 10 12:00 directory/

   The leftmost field shows the type and permissions; for example, drwxr-xr-x identifies a directory with read, write, and execute for the owner, and read and execute for group and others.

3. Inspect only a directory entry itself using ls -ld when the listing of contents is not needed.

   $ ls -ld /path/to/directory
   drwxr-xr-x 2 user group 4096 Sep 10 12:00 /path/to/directory

   The -d option prevents recursion into the directory and shows permissions for the directory node only.

4. Recursively list a directory tree with ls -lR to review permissions for all nested files and subdirectories.

   $ ls -lR /path/to/directory
   /path/to/directory:
   total 8
   drwxr-xr-x 2 user group 4096 Sep 10 12:00 subdir/
   -rw-r--r-- 1 user group  1024 Sep 10 12:00 file1.txt
   
   /path/to/directory/subdir:
   total 4
   -rw-r--r-- 1 user group  2048 Sep 10 12:00 file2.txt

   The -R option walks the directory tree so permission patterns and anomalies become visible in one command.

5. Display detailed metadata, including numeric and symbolic permissions, using the stat command.

   $ stat /path/to/file_or_directory
   File: file.txt
   Size: 1024        Blocks: 8          IO Block: 4096   regular file
   Device: 802h/2050d  Inode: 12345678   Links: 1
   Access: (0755/-rwxr-xr-x)  Uid: ( 1000/user)   Gid: ( 1000/group)
   Access: 2024-09-11 12:00:00.000000000 +0000
   Modify: 2024-09-11 12:00:00.000000000 +0000
   Change: 2024-09-11 12:00:00.000000000 +0000

   The Access line shows the octal mode in parentheses followed by the symbolic form, along with the user and group owning the path.

6. Print only the permission bits in octal form with a stat format string when a concise numeric value is sufficient.

   $ stat -c "%a" /path/to/file_or_directory
   755

   Octal modes such as 0644 and 0755 map to the familiar rwx triplets and are useful when scripting permission checks or comparing against policy.

7. Query Access Control Lists using getfacl to reveal per-user or per-group overrides where ACLs are enabled.

   $ getfacl /path/to/file_or_directory
   # file: file.txt
   # owner: user
   # group: group
   user::rwx
   group::r-x
   other::r--
   user:alice:r-x
   group:devs:rwx

   Additional entries like user:alice or group:devs indicate fine-grained ACL rules beyond the basic owner, group, and other permissions; some distributions provide getfacl in the acl package.

8. Check the current umask value to understand default permissions applied to newly created files and directories.

   $ umask
   0022

   A umask of 0022 typically yields new files with permissions similar to 0644 and new directories with permissions similar to 0755, because the mask clears write access for group and others.

9. Compare a known file’s access bits between ls, stat, and getfacl output to confirm how the effective permissions align.

   $ ls -l file.txt
   -rwxr-xr-- 1 user group 1024 Sep 10 12:00 file.txt

   Aligning symbolic, octal, and ACL views helps validate that effective access matches expectations for each user class.