An in-depth interpretation of the plus sign and dot in the permission column in Linux-LINUX-php.cn

Home

System Tutorial

LINUX

An in-depth interpretation of the plus sign and dot in the permission column in Linux

王林

Jul 02, 2024 pm 04:51 PM

linuxlinux tutorialRed Hatlinux systemlinux commandlinux certificationred hat linuxlinux video

An in-depth interpretation of the plus sign and dot in the permission column in Linux

1. Summary

In Linux, the ls -l command is the most commonly used. The first column in the command display result is also where we are more concerned. Generally speaking, the characters indicating permissions occupy 10 positions. However, we often see content displayed at the eleventh position in this column. The most common one is the dot (.), and the plus sign (+) will also appear in this position. What is this? What's going on? Let's try it out with our own hands, shall we?

2. Regarding the dot (.) in the permission column

2.1 Let’s take a look at the root directory.

[root@DCGH ~]# ls -lZ /
lrwxrwxrwx. root root system_u:object_r:bin_t:s0 bin -> usr/bin
dr-xr-xr-x. root root system_u:object_r:boot_t:s0 boot
drwxr-xr-x. root root system_u:object_r:device_t:s0 dev
drwxr-xr-x. root root system_u:object_r:etc_t:s0 etc
drwxr-xr-x. root root system_u:object_r:home_root_t:s0 home
lrwxrwxrwx. root root system_u:object_r:lib_t:s0 lib -> usr/lib
lrwxrwxrwx. root root system_u:object_r:lib_t:s0 lib64 -> usr/lib64
drwxr-xr-x. root root system_u:object_r:mnt_t:s0 media
drwxr-xr-x. root root system_u:object_r:mnt_t:s0 mnt
drwxr-xr-x. root root system_u:object_r:usr_t:s0 opt
dr-xr-xr-x. root root system_u:object_r:proc_t:s0 proc
dr-xr-x---. root root system_u:object_r:admin_home_t:s0 root
drwxr-xr-x. root root system_u:object_r:var_run_t:s0 run
lrwxrwxrwx. root root system_u:object_r:bin_t:s0 sbin -> usr/sbin
drwxr-xr-x. root root system_u:object_r:var_t:s0 srv
dr-xr-xr-x. root root system_u:object_r:sysfs_t:s0 sys
drwxrwxrwt. root root system_u:object_r:tmp_t:s0 tmp
drwxr-xr-x. root root system_u:object_r:usr_t:s0 usr
drwxr-xr-x. root root system_u:object_r:var_t:s0 var

2.2 Create a file and a directory in the HOME directory respectively, and observe the details of the eleventh position of the permissions.

[root@DCGH ~]# touch DCGH
[root@DCGH ~]# mkdir DCGH-DIR
[root@DCGH ~]# ls -l
总用量 0
-rw-r--r--. 1 root root 0 3月 28 10:23 DCGH
drwxr-xr-x. 2 root root 6 3月 28 10:24 DCGH-DIR

2.3 Check the SELinux status of this machine and list the basic information about SELinux in the files and directories in this directory.

[root@DCGH ~]# getenforce
Enforcing
[root@DCGH ~]# ls -lZ
-rw-r--r--. root root unconfined_u:object_r:admin_home_t:s0 DCGH
drwxr-xr-x. root root unconfined_u:object_r:admin_home_t:s0 DCGH-DIR

2.4 Close SELinux, create experimental files and directories again, and list the basic information about SELinux in this directory and the files and directories under the root again.

[root@DCGH ~]# sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
[root@DCGH ~]# reboot
[root@DCGH ~]# getenforce
Disabled
[root@DCGH ~]# ls -lZ
-rw-r--r--. root root unconfined_u:object_r:admin_home_t:s0 DCGH
drwxr-xr-x. root root unconfined_u:object_r:admin_home_t:s0 DCGH-DIR
[root@DCGH ~]# touch DCGH-later
[root@DCGH ~]# mkdir DCGH-later-dir
[root@DCGH ~]# ls -lZ
-rw-r--r--. root root unconfined_u:object_r:admin_home_t:s0 DCGH
drwxr-xr-x. root root unconfined_u:object_r:admin_home_t:s0 DCGH-DIR
-rw-r--r-- root root ? DCGH-later
drwxr-xr-x root root ? DCGH-later-dir
[root@DCGH ~]# ls -lZ /
lrwxrwxrwx. root root system_u:object_r:bin_t:s0 bin -> usr/bin
dr-xr-xr-x. root root system_u:object_r:boot_t:s0 boot
drwxr-xr-x root root ? dev
drwxr-xr-x. root root system_u:object_r:etc_t:s0 etc
drwxr-xr-x. root root system_u:object_r:home_root_t:s0 home
lrwxrwxrwx. root root system_u:object_r:lib_t:s0 lib -> usr/lib
lrwxrwxrwx. root root system_u:object_r:lib_t:s0 lib64 -> usr/lib64
drwxr-xr-x. root root system_u:object_r:mnt_t:s0 media
drwxr-xr-x. root root system_u:object_r:mnt_t:s0 mnt
drwxr-xr-x. root root system_u:object_r:usr_t:s0 opt
dr-xr-xr-x root root ? proc
dr-xr-x---. root root system_u:object_r:admin_home_t:s0 root
drwxr-xr-x root root ? run
lrwxrwxrwx. root root system_u:object_r:bin_t:s0 sbin -> usr/sbin
drwxr-xr-x. root root system_u:object_r:var_t:s0 srv
dr-xr-xr-x root root ? sys
drwxrwxrwt. root root system_u:object_r:tmp_t:s0 tmp
drwxr-xr-x. root root system_u:object_r:usr_t:s0 usr
drwxr-xr-x. root root system_u:object_r:var_t:s0 var

Through the above example, we can see that this point (.) is not useless, but it has a huge effect, and we usually don’t pay much attention to it. Files and directories created after SELinux is turned on will show this dot in the permission column. Files and directories created after SELinux is turned off will not show this dot in the permission column. Files or directories created before will remain unchanged.

3. Regarding the plus sign (+) in the permission column

3.1 Friends who have learned about ACL permission settings in Linux must be familiar with this plus sign. But let us verify it through experiments.

[root@DCGH ~]# setfacl -m u:dcgh:rwx *

[root@DCGH ~]# ls -lZ

-rw-rwxr--+ root root unconfined_u:object_r:admin_home_t:s0 DCGH

drwxrwxr-x+ root root unconfined_u:object_r:admin_home_t:s0 DCGH-DIR

drwxrwxr-x+ root root ? DCGH-DIR-later -rw-rwxr--+ root root ? DCGH-later

[root@DCGH ~]# setfacl -b *

[root@DCGH ~]# ls -lZ

-rw-r--r--. root root unconfined_u:object_r:admin_home_t:s0 DCGH

drwxr-xr-x. root root unconfined_u:object_r:admin_home_t:s0 DCGH-DIR

drwxr-xr-x root root ? DCGH-DIR-later -rw-r--r-- root root ? DCGH-later

We can see that after adding ACL permission control, the last position of the permission column of files and directories that previously had SELinux attributes has changed to a plus sign (+). After removing the original ACL permissions, restore them to their original state.

4. Summary

4.1 The dots in the Linux permission column are not meaningless characters. Directories and files created when SELinux is turned on have this point. This point in the permissions column indicates that the directory or file has SELinux-related permissions set. After disabling SELinux permissions, it is inconvenient for files or directories created when SELinux permissions were previously enabled to retain their original permissions, and the dots in the permissions column are still displayed. Newly created directories or files do not have this dot displayed in the permissions column.

4.2 If the last position in the permission column is a plus sign, it means that this directory or file has already set ACL permission related content. If the plus sign exists, the display of dots for directories or files that already have dots will be overwritten, but the original SELinux attributes remain unchanged.

The above is the detailed content of An in-depth interpretation of the plus sign and dot in the permission column in Linux. For more information, please follow other related articles on the PHP Chinese website!

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

How to Create GUI Applications In Linux Using PyGObjectMay 13, 2025 am 11:09 AM

Creating graphical user interface (GUI) applications is a fantastic way to bring your ideas to life and make your programs more user-friendly. PyGObject is a Python library that allows developers to create GUI applications on Linux desktops using the

How to Install LAMP Stack with PhpMyAdmin in Arch LinuxMay 13, 2025 am 11:01 AM

Arch Linux provides a flexible cutting-edge system environment and is a powerfully suited solution for developing web applications on small non-critical systems because is a completely open source and provides the latest up-to-date releases on kernel

How to Install LEMP (Nginx, PHP, MariaDB) on Arch LinuxMay 13, 2025 am 10:43 AM

Due to its Rolling Release model which embraces cutting-edge software Arch Linux was not designed and developed to run as a server to provide reliable network services because it requires extra time for maintenance, constant upgrades, and sensible fi

12 Must-Have Linux Console [Terminal] File ManagersMay 13, 2025 am 10:14 AM

Linux console file managers can be very helpful in day-to-day tasks, when managing files on a local machine, or when connected to a remote one. The visual console representation of the directory helps us quickly perform file/folder operations and sav

qBittorrent: A Powerful Open-Source BitTorrent ClientMay 13, 2025 am 10:12 AM

qBittorrent is a popular open-source BitTorrent client that allows users to download and share files over the internet. The latest version, qBittorrent 5.0, was released recently and comes packed with new features and improvements. This article will

Setup Nginx Virtual Hosts, phpMyAdmin, and SSL on Arch LinuxMay 13, 2025 am 10:03 AM

The previous Arch Linux LEMP article just covered basic stuff, from installing network services (Nginx, PHP, MySQL, and PhpMyAdmin) and configuring minimal security required for MySQL server and PhpMyadmin. This topic is strictly related to the forme

Zenity: Building GTK Dialogs in Shell ScriptsMay 13, 2025 am 09:38 AM

Zenity is a tool that allows you to create graphical dialog boxes in Linux using the command line. It uses GTK , a toolkit for creating graphical user interfaces (GUIs), making it easy to add visual elements to your scripts. Zenity can be extremely u

Top 22 Best Music Players for LinuxMay 13, 2025 am 09:25 AM

Some may describe it as their passion, while others may consider it a stress reliever or a part of their daily life. In every form, listening to music has become an inseparable part of our lives. Music plays different roles in our lives. Sometimes it

See all articles

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

How to fix KB5055612 fails to install in Windows 10?

4 weeks agoByDDD

Roblox: Grow A Garden - Complete Mutation Guide

3 weeks agoByDDD

Roblox: Bubble Gum Simulator Infinity - How To Get And Use Royal Keys

3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Mandragora: Whispers Of The Witch Tree - How To Unlock The Grappling Hook

3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Nordhold: Fusion System, Explained

3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Hot Tools

ZendStudio 13.5.1 Mac

Powerful PHP integrated development environment

SecLists

SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.