Plus sign in ls output

Plus sign in ls output

Every wondered what the plus (+) sign is when showing a directory listing? It is part of a POSIX standard to support access control lists (ACL) on files.

Normal files on a file system will have only 10 characters displayed, with the last 9 used for file permissions. However when file access control lists are used, an 11th character shows up. This plus sign indicates the usage of a file ACL.

root@earth:~/facls# ls -l
total 4
-rw-r—–+ 1 root root 5 May 29 14:36 test1
-rw-r—–  1 root root 0 May 28 11:52 test2

Screenshot of getfacl/setfacl under Linux to apply file access control list.

The use of getfacl/setfacl under Linux to apply file access control list.

By using the command getfacl, the underlying permissions can be displayed. This command will display the normal file permissions, together with the more granular ones.

In the screenshot the user “www-data” has access to the file test1. This user is not listed in a group, nor being the owner (that is root). Still, this user has with the help of POSIX ACLs read access to the file.

If you never worked with ACLs, have a look at the man page of setfacl for some great examples. There will be a time when the normal file permissions are insufficient, yet you want to avoid using the “other” (everyone) group. POSIX ACLs to the rescue!


Automate security audits and know your risks
Lynis Enterprise screenshot to help with system hardening

This blog post is part of our Linux security series to get Linux and Unix-based systems more secure.

Is system hardening taking a lot of time for you? Don't know where to start? We solved that problem: Lynis Enterprise.

Leave a Reply

Your email address will not be published. Required fields are marked *