Plus sign in ls output
Ever wondered what the plus (+) sign is when showing a directory listing? It is part of a POSIX standard to support access control lists (ACL) on files.
Normal files on a file system will have only 10 characters displayed, with the last 9 used for file permissions. However, when file access control lists are used, an 11th character shows up. This plus sign indicates the usage of a file ACL.
total 4
-rw-r-----+ 1 root root 5 May 29 14:36 test1
-rw-r----- 1 root root 0 May 28 11:52 test2
By using the command getfacl
, the underlying permissions can be displayed. This command will display the normal file permissions, together with the more granular ones.
In the screenshot, the user www-data has access to the file test1. This user is not listed in a group, nor being the owner (that is root). Still, this user has with the help of POSIX ACLs read access to the file.
If you never worked with ACLs, have a look at the man page of setfacl
for some great examples. There will be a time when the normal file permissions are insufficient, yet you want to avoid using the “other” (everyone) group. POSIX ACLs to the rescue!