Anatomy of a simple file listing (ls)

in Linux, filesystem

Assuming you've spend anything more than an hour with a Linux server on the developer/admin side of things, you've most likely bumped into the filesystem permission scheme.

Unfortunately, most people simply resolve any issue using the "easy way out", as in setting everything to be controlled by everyone (you might have just seen the number 777 pop up in those occurrences). This is a simple crash-course to the linux way of handling file-level permissions, so that you understand why the above is an *extremely* bad idea.

How to see what you've got

When you open your terminal, your can see what your current directory contains using the the ls ( man page ) command. Given with no parameters it may not be very useful, but when combined with the proper options it can tell you everything you want to know about a file.

The most common usage is ls -lah ( show files in a list, show all files, in a human-readable format ), and the output is similar to

# ls -lah
total 20K
drwxr-xr-x  4 hex hex 4.0K 2011-01-27 14:38 .
drwxr-xr-x 64 hex hex 4.0K 2011-01-27 14:38 ..
-rw-r--r--  1 hex hex 3.4K 2011-01-27 14:39 abc.doc
lrwxrwxrwx  1 hex hex    7 2011-01-27 14:40 abc-link.doc -> abc.doc
-rw-r--r--  1 hex hex    0 2011-01-27 14:38
drwxr-xr-x  2 hex hex 4.0K 2011-01-27 14:38 Sample1
drwxr-xr-x  2 hex hex 4.0K 2011-01-27 14:38 Sample2
Although not entirely related, it's worth mentioning that the first two rows are special filesystem constructs, with the first line ( directory . ) referring to the current directory, and the second one ( directory .. ) referring to the parent directory.

We'll go through each part of the above line, and take a look into what it means.

The permission bitfield

Each line starts with a few characters and dashes, which are essentially the cornerstone of the Linux (and generally any POSIX-compliant ) filesystem security.

If you're wondering why in some cases the text refers to files, even when talking about directories, it's because from the filesystem's perspective (and generally Linux), everything is a file

It comprises of 7 digits, that can either be set or not (either have a letter or a dash), with the exception of the first digit, that can take multiple values. So, lets have a look at each bit:

  • The first bit can, as said above, take several values. This bit denotes that this file represents, as in an actual file, directory, link or pipe.
    • - ("not set") denotes a simple file.
    • d "directory"
    • p "pipe"
    • l "symbolic link"
  • The next three bits refer to the file owner ( as seen in the owner details fields discussed below ). If set (as in, there's the specific letter instead of a dash), the owner has the permission to perform the action described. Usually the owner has all these set.
    • r "read"
    • w "write"
    • x "execute"
  • The next three bits are identical to the above in their meaning, however they apply to the owner's group instead of the owner himself
  • Finally the last three bits are identical to the above in their meaning, however they apply to anyone other than the owner and the owner's group ( or "rest of the world" )
NOTE:Directories need the execute bit to be set in order to be "opened". If a user does not have that privilege, he can view the directory in listings, but cannot enter it.

These show at a glance how you can interact with the file. Updating ( overwriting, editing, saving to ) the file requires the write permission. Unlike windows, you can run any file with the execute flag set

The directory counter

This is a most interesting field, in most users dont know what it actually does. It's actually a simple counter, that shows how many subdirectories this file has.

  • If the file is an actual file, or a link to one, it's always 1
  • If the file is a directory, it has a minimum value of 2 ( because of the . and .. directories )

The owner details

The next two fields are simply the username and primary group of the file owner.

The rest

The next field contains the size of the file in "human-readable" format ( meaning that simple numbers denote bytes, "K" denotes kilobytes, "M" denotes megabytes, etc ), the date where the file was last updated, and the final column denotes the name of the file.

In certain cases, the name of the file may contain more information, such as in the case of symbolic links, where the name of the file is followed by an arrow indicator and the source file.