Plus sign in ls output

Plus sign in ls output

Every wondered what the plus (+) sign is when showing a directory listing? It is part of a POSIX standard to support access control lists (ACL) on files.

Normal files on a file system will have only 10 characters displayed, with the last 9 used for file permissions. However when file access control lists are used, an 11th character shows up. This plus sign indicates the usage of a file ACL.

root@earth:~/facls# ls -l
total 4
-rw-r—–+ 1 root root 5 May 29 14:36 test1
-rw-r—–  1 root root 0 May 28 11:52 test2

Screenshot of getfacl/setfacl under Linux to apply file access control list.

The use of getfacl/setfacl under Linux to apply file access control list.

By using the command getfacl, the underlying permissions can be displayed. This command will display the normal file permissions, together with the more granular ones.

In the screenshot the user “www-data” has access to the file test1. This user is not listed in a group, nor being the owner (that is root). Still, this user has with the help of POSIX ACLs read access to the file.

If you never worked with ACLs, have a look at the man page of setfacl for some great examples. There will be a time when the normal file permissions are insufficient, yet you want to avoid using the “other” (everyone) group. POSIX ACLs to the rescue!


Automate security audits with Lynis and Lynis Enterprise
Lynis Enterprise screenshot to help with system hardening

This blog post is part of our Linux security series to get Linux (and Unix-based) systems more secure.

Daily security checks

Want to go to the next level of security scanning and system hardening? Start with automated security scans for Linux: Lynis and Lynis Enterprise.

Automate Scanning »

Leave a Reply

Your email address will not be published. Required fields are marked *