File Permissions

Understanding the output of the stat command

Learn everything about the output that the stat command returns. Great for forensics, intrusion detection, and system administration.


The stat command can be used to show file statistics, such as file size, ownership, type, and several timestamps. It is a great addition to ls. Time to let it work for us! Basic example If we use the command on our /etc/passwd file, we might get output like below. # stat /etc/passwd File: /etc/passwd Size: 3387 Blocks: 8 IO Block: 4096 regular file Device: 10303h/66307d Inode: 47186412 Links: 1 Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2024-05-08 15:17:01.

How to change file permissions

Learn how to change the file permissions of files and directories on a Linux system. Follow the examples and make your system more secure.


Changing file permissions: chmod The primary command to change file permissions on a Linux system is chmod. It’s a basic system administration utility and pre-installed on the system. To make changes to an existing directory or file, it is first good to look up the existing permissions. This can be done using the ls -l command, that lists them with the long format. ls -l /etc/hosts -rw-r--r-- 1 root root 241 Feb 2 19:10 /etc/hosts There are two syntax styles to tell chmod what the new value should be.

Linux file permissions

Learn the basics of file permissions on Linux systems and common filesystems such as ext4, XFS, and ZFS. Guided by examples, everyone is able to learn how they work.


File permissions are stored together with the data on a disk. The Linux kernel uses them to decide which users and processes can access what file. This page can be considered as a good cheat sheet, while the underlying articles explain how to use this information. Main permissions Read (r): Allows users to view the contents of a file or directory Write (w): Grants users the ability to modify the contents of a file or directory Execute (x): Enables users to execute a file or access the contents of a directory Permission Abbreviation Octal value Read r 4 Write w 2 Execute x 1 Possible combinations:

Introduction in Linux file permissions

Learn the basics of how a Linux system applies file permissions. We look at examples to demystify the permissions mean and learn to troubleshoot common issues.


Every file that is stored has a set of file permissions stored within the filesystem. This data about the actual data, it called meta-data. Let have a look at how file permissions work on Linux systems and how to read and understand them. Read, Write, and Execute Linux file permissions are divided into three main categories: Read (r): Allows users to view the contents of a file or directory Write (w): Grants users the ability to modify the contents of a file or directory Execute (x): Enables users to execute a file or access the contents of a directory User, Group, and Others These permissions are each assigned to three entities:

How to find hard links or files that point to a specific file

Learn how to find hardlinks on a file system or which files they have in common. We will use the find command to get this information quickly available.


If you want to know which hard links are present, the find utility can give you the answer. In this article we have a look at a few ways to discover more information about hard links. Good to know: a hard link shares the same inode, where a symbolic link has its own inode and just points from one to another. Show all hard links within a specific file system or directory When we have a directory with hard links, we can discover by looking at the link count of each file.

Changing file permissions on macOS (and using flags)

Using file flags on macOS. While performing system hardening on macOS, you may encounter a typical chmod error. Learn how to fix this type of error


Using file flags on macOS While performing system hardening on macOS, you may encounter a typical chmod error. Something like this: chmod: Unable to change file mode on /usr/bin/gcc: Operation not permitted Even with root permissions, you can’t change the permissions of some files. How is this possible? This is caused by flags. Showing file permissions and flags To see if a file has any flags set, use the ls command with the l (el) and O (capital o).

File permissions of the /etc/shadow password file

Got an issue with the file permissions of your /etc/shadow password file? Look no further and get it fixed.


The password files are an important cornerstone of the security of your Linux system. Commonly they are /etc/passwd and /etc/shadow, and installed by default. Sometimes we receive questions what the right permissions of these files should be. Therefore this blog post to have a look at the file permissions (and ownership) of both files. Passwd file The password file stores local accounts of the system. It is a readable text file and uses colons (:) to separate the fields.

Linux Capabilities: Hardening Linux binaries by removing setuid

Setuid binaries may be a risk for the system. We will investigate how to remove the setuid bit and use Linux capabilities instead, to reduce the risks.


Hardening Linux binaries by removing setuid Normally Unix based systems use two kind of processes: privileged and unprivileged. The first category is usually used for administrative purposes, like starting and stopping other processes, tuning the kernel and opening sockets. Root permissions The command ping is a great example why even small programs needs root permissions. In a first glance you might consider this tool to be simple: send a package to a host and see if it responds.

PCI DSS (v3) Linux: Restrict log file viewing (A.1.2.d)

Linux users who want to compliant with PCI DSS have to restrict log file viewing to only the owner. Learn how to achieve this.


A.1.2.d Verify that viewing of log entries is restricted to the owning entity. To limit exposure to information, PCI DSS requires access of logging to only the entity owning that log file. In other words, we have to search for those entries which can be seen by others. Search related log files By default, most log files on Linux based systems will be stored in /var/log. We can do a quick check for any files which are world readable, by using find.

Plus sign in ls output

When file access control lists, or ACLs are being used, the output of ls will change. Learn about the additional plus sign in its output.


Ever wondered what the plus (+) sign is when showing a directory listing? It is part of a POSIX standard to support access control lists (ACL) on files. Normal files on a file system will have only 10 characters displayed, with the last 9 used for file permissions. However, when file access control lists are used, an 11th character shows up. This plus sign indicates the usage of a file ACL.

Conducting a Linux Server Security Audit

Performing a Linux server security audit can be a time consuming process. In this article the most important parts are explained including automation.


Auditing a system can be a time-consuming job, which is no different when conducting a Linux server security audit. Within this article, we give some highlights regarding the audit and tips to automate them by using Lynis. The business goal Before auditing any system, determine the business goal of the system. How critical is this system for doing business? What if the system goes down? Usually each system has a clear role or multiple roles, like being a web server.