Plus sign in ls output

Ever wondered what the plus (+) sign is when showing a directory listing? It is part of a POSIX standard to support access control lists (ACL) on files.

Normal files on a file system will have only 10 characters displayed, with the last 9 used for file permissions. However, when file access control lists are used, an 11th character shows up. This plus sign indicates the usage of a file ACL.

total 4
-rw-r-----+ 1 root root 5 May 29 14:36 test1
-rw-r-----  1 root root 0 May 28 11:52 test2

By using the command getfacl, the underlying permissions can be displayed. This command will display the normal file permissions, together with the more granular ones.

Screenshot of getfacl/setfacl under Linux to apply file access control list.

The use of getfacl/setfacl under Linux to apply file access control list.

In the screenshot, the user www-data has access to the file test1. This user is not listed in a group, nor being the owner (that is root). Still, this user has with the help of POSIX ACLs read access to the file.

If you never worked with ACLs, have a look at the man page of setfacl for some great examples. There will be a time when the normal file permissions are insufficient, yet you want to avoid using the “other” (everyone) group. POSIX ACLs to the rescue!

Relevant commands in this article

Like to learn more about the commands that were used in this article? Have a look, for some there is also cheat sheet available.

  • getfacl
  • setfacl


Small picture of Michael Boelen

This article has been written by our Linux security expert Michael Boelen. With focus on creating high-quality articles and relevant examples, he wants to improve the field of Linux security. No more web full of copy-pasted blog posts.

Discovered outdated information or have a question? Share your thoughts. Thanks for your contribution.

Mastodon icon