How to check file and folder permissions in Linux

In Linux environments, file and directory permissions control which users can read, modify, or execute data stored on the system. Correctly set permissions prevent accidental changes and reduce the risk of unauthorized access to sensitive files. Clear visibility into these permissions is essential when diagnosing access issues or hardening a system.

The permission model assigns separate access bits to the file owner, group, and others, and exposes them through tools such as ls, stat, and getfacl. Output from these commands shows both symbolic forms like rwxr-xr– and numeric forms like 754, making it possible to audit access at a glance and compare actual settings with policy requirements.

Different filesystems and security extensions such as POSIX ACLs can add extra layers of control, so certain tools may reveal more detail than others. Commands in the following procedure work across common Linux distributions and require read access to the files being inspected; getfacl output appears only when the filesystem and mount options support ACLs.

Steps to check file and folder permissions in Linux:

Open a terminal on the Linux system where the files and directories reside.

List a file or directory with long format output using ls -l to view symbolic permissions.

$ ls -l /root/sg-work/permissions/secret.txt /root/sg-work/permissions
-rw-rwx---+ 1 root root    7 Dec 28 20:04 /root/sg-work/permissions/secret.txt

/root/sg-work/permissions:
total 8
-rw-r--r--  1 root root 7 Dec 28 20:04 public.txt
-rw-rwx---+ 1 root root 7 Dec 28 20:04 secret.txt

The leftmost field shows the type and permissions; for example, drwxr-xr-x identifies a directory with read, write, and execute for the owner, and read and execute for group and others.

Inspect only a directory entry itself using ls -ld when the listing of contents is not needed.
```
$ ls -ld /root/sg-work/permissions
drwxr-xr-x 2 root root 4096 Dec 28 19:51 /root/sg-work/permissions
```
The -d option prevents recursion into the directory and shows permissions for the directory node only.
Recursively list a directory tree with ls -lR to review permissions for all nested files and subdirectories.
```
$ ls -lR /root/sg-work/permissions
/root/sg-work/permissions:
total 8
-rw-r--r--  1 root root 7 Dec 28 20:04 public.txt
-rw-rwx---+ 1 root root 7 Dec 28 20:04 secret.txt
```
The -R option walks the directory tree so permission patterns and anomalies become visible in one command.

Display detailed metadata, including numeric and symbolic permissions, using the stat command.

$ stat /root/sg-work/permissions/secret.txt
  File: /root/sg-work/permissions/secret.txt
  Size: 7         	Blocks: 8          IO Block: 4096   regular file
Device: 0,64	Inode: 2666984     Links: 1
Access: (0670/-rw-rwx---)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2025-12-28 19:51:50.060759010 +0000
Modify: 2025-12-28 20:04:54.831706012 +0000
Change: 2025-12-28 20:04:54.833706012 +0000
 Birth: 2025-12-28 19:51:50.060759010 +0000

The Access line shows the octal mode in parentheses followed by the symbolic form, along with the user and group owning the path.

Print only the permission bits in octal form with a stat format string when a concise numeric value is sufficient.
```
$ stat -c "%a" /root/sg-work/permissions/secret.txt
670
```
Octal modes such as 0644 and 0755 map to the familiar rwx triplets and are useful when scripting permission checks or comparing against policy.
Query Access Control Lists using getfacl to reveal per-user or per-group overrides where ACLs are enabled.
```
$ getfacl /root/sg-work/permissions/secret.txt
getfacl: Removing leading '/' from absolute path names
# file: root/sg-work/permissions/secret.txt
# owner: root
# group: root
user::rw-
user:appuser:r--
group::rwx
group:ops:rwx
mask::rwx
other::---
```
Additional entries like user:appuser or group:ops indicate fine-grained ACL rules beyond the basic owner, group, and other permissions; some distributions provide getfacl in the acl package.
Check the current umask value to understand default permissions applied to newly created files and directories.
```
$ umask
0022
```
A umask of 0022 typically yields new files with permissions similar to 0644 and new directories with permissions similar to 0755, because the mask clears write access for group and others.
Compare a known file’s access bits between ls, stat, and getfacl output to confirm how the effective permissions align.
```
$ ls -l /root/sg-work/permissions/secret.txt
-rw-rwx---+ 1 root root 7 Dec 28 20:04 /root/sg-work/permissions/secret.txt
```
Aligning symbolic, octal, and ACL views helps validate that effective access matches expectations for each user class.

Author: Mohd Shakir Zakaria
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.