If you're coming from other systems like Windows, managing files in Linux from the terminal can easily seem daunting. However, once you understand how they work, you'll find it much easier. file attributes, permissions, ACLs, and other metadataThe console goes from being something intimidating to becoming a Swiss Army knife with which you can do practically anything.
In this article we will see, in detail and step by step, how View, interpret, and modify file attributes in LinuxThis includes both classic (permissions, dates, owner) and advanced (extended attributes, access control lists, special file system flags) settings. All of this is done using the terminal and commands such as ls, stat, chattr, lsattr, setfacl, getfacl and attr.
Basic concepts of the file system in Linux
Before we start tinkering with attributes, it's important to understand a key idea: in Linux practically everything is treated as a fileNot only text documents or images, but also directories, devices, pipes, sockets, symbolic links… This philosophy allows the system to use the same tools to handle very different elements.
File types and how to identify them
When you run Ls -l In a directory, each line of output begins with a string of ten characters, something like this: drwxrwxr-x o -rw-rw-r--The first character indicates the file type, while the other nine represent user, group, and other permissions.
- - Regular file (typical: text, binaries, images, etc.)
- d Directory
- b Block device (disks, for example, in
/dev) - c Character device (terminals, serial ports, etc.)
- l Symbolic link
- p Pipeline or FIFO file
- s Socket
- n Network file (depending on the system and tools used)
So if you see something like drwxrwxr-x 2 lorenzo lorenzo 4096 feb 11 08:33 documentos, The The initial 'd' indicates that it is a directory, followed by its permissions, number of hard links, owner, group, size, date and name.
Linux is case sensitive
One detail that often confuses people at first is that the Linux file system clearly distinguishes between uppercase and lowercase letters. Is not the same archivo that Archivo o ArChivoThese are completely different names. If you mistype a capital letter in a command, the system will tell you that the file or directory does not exist, even if it looks identical to you.
Extensions don't rule
In Linux the A file extension does not define its type or behavior.A file called programa.exe It doesn't have to be executable; what determines whether it can be executed or not are the permissions and, in some cases, the content (headers, shebang, etc.). Extensions are used purely for human convenience, not because the system needs them to know what to do.
Spaces and special characters in names
Spaces in filenames are perfectly valid, but when working in the terminal you have to treat them with care, because the command interpreter separate the parameters with spaces.For example, if you type:
mkdir mis documentos
You're actually creating two directories, one called my and another call documentsTo treat the full name as a single unit, you have two very common options:
- Use quotation marks:
mkdir 'mis documentos' - Escape space with a backslash:
mkdir mis\ documentos
That escapist character (\) is also used for other special symbols. Some of the most common are \ ' (single quote), \» (double quote), \\ (backslash), \n (line break), \t (tabulator) or \r (carriage return).
Hidden files and directories
In Linux, a file is considered hidden in a very simple way: if your name begins with a period, does not appear in the normal list of lsTo view them you need to use:
ls -a
If you have a file called miarchivo.txt, will be visible; however, .miarchivo.txt It will be hidden unless you use the option -aThere is another, less well-known possibility: creating a file called .hidden and, within it, list the filenames you want to hide in some graphical file managers. In the terminal, anyway, the main criterion for concealment remains the starting point.
Basic file management commands
To manipulate attributes, you first need to be comfortable managing files and directories at a basic level: create, delete, move, copy and list.
Navigating the file system
To change directories, use the command cd:
cd /ruta/al/directorio
If you simply write cd Without arguments, the shell takes you to your personal directory (for example, /home/tuusuarioTo know your location at any given moment, we use:
pwd
which shows the full path of the current working directory. To list its contents, we use lswhich allows a good assortment of options to adjust the information displayed.
List files with ls
The command ls It is used to view the contents of a directory, and with its various modifiers we can obtain fairly detailed information about each fileSome of the most useful ones are:
- -a: includes hidden files (those that begin with a period)
- -l: long format, with permissions, owner, size, dates, etc.
- -R: recursive listing of subdirectories
- -t: sorts by modification date
- -r: reverses the order of the list
- -i: displays the inode number
- -s: displays the size (in blocks) next to the name
If you combine, for example, ls -laYou get a very comprehensive summary with practically all the fields we need to start talking about classic file attributes.
Create and delete directories
To create directories we use mkdirA typical use would be:
mkdir midirectorio
If you are in /home/lorenzoAll of the following commands create the same directory example on that route:
mkdir ejemplo
mkdir /home/lorenzo/ejemplo
mkdir ~/ejemplo
mkdir ./ejemplo
mkdir ../lorenzo/ejemplo
The tilde ~ represent your home directory, . refers to the current directory and .. refers to the parent directory. If you want to create multiple levels at once (for example) /home/lorenzo/este/es/otro/ejemplo when part of that structure does not exist), you must add the option -p:
mkdir -p /home/lorenzo/este/es/otro/ejemplo
To delete empty directories, there is rmdirand to delete directories with content we use rm - r, in as much as rmdir only works if the directory is completely empty.
Delete files and directories with rm
The command rm It handles deleting files. To delete a specific file, simply:
rm archivo.txt
If what we want is to delete a directory and everything under it, we use the option -r (recursive). If you don't want the system to ask you anything, you can add -f (force):
rm -rf directorio
This command is extremely powerful and dangerous: a rm-rf / executed as administrator can wipe out the entire file systemThat's why it's crucial to fully understand what you're deleting before pressing Enter.
Copy with cp and move with mv
To duplicate files and directories we have cpIts basic syntax supports both file-to-file and file-to-directory copying:
cp archivo_origen archivo_destino
cp archivo_origen directorio_destino/
If you are copying a directory, you need the option -R (o -r) so that it is recursive. Furthermore, cp includes specific options for preserving attributesThis is key when it comes to permissions, times, and extended attributes:
- -p: retains owner, group, permissions and dates
- -aFile mode attempts to retain all possible attributes
- –preserve=mode,ownership,timestamps,xattr: preserves permissions, ownership, timestamps, and extended attributes
To move or rename files and directories, you use mvThe idea is simple: you specify the current location or name and the new destination or new name.
mv /home/lorenzo/archivo.txt /home/lorenzo/directorio/archivo.txt
mv archivo_viejo.txt archivo_nuevo.txt
When moving within the same file system, mv retains all attributes by defaultunless the destination is a limited file system (for example, extended attributes on a USB drive with a limited file system).
When moving within the same file system, mv retains all attributes by default, unless the destination is a system that does not support some of them (for example, extended attributes on a USB drive with a limited file system).
Classic permissions: chmod and octal representation
The traditional permissions model in Linux is based on three groups of bits: owner user, owner group, and othersEach person can have read permission (r), writing (w) and execution (x). To modify this set we use the command chmod.
Modify permissions using symbolic notation
The symbolic form of chmod It indicates who the changes apply to, what operation we are performing, and what permissions we are adding or removing. The structure is:
chmod archivo
- Who:
u(user),g(cluster),o(others),a(all) - Operations:
+(add),-(remove),=(assign exactly) - Excuse me:
r(reading),w(writing),x(execution),s(setuid/setgid in specific contexts)
For example, if we want the user to be able to read and execute a file called manual_linux, we would do:
chmod u+rx manual_linux
If we want anyone to be able to read a file, we could use:
chmod a+r nombre_archivo
or, more explicitly, by manipulating user, group, and others separately:
chmod u=r,g=r,o=r nombre_archivo
Modify permissions using octal notation
The other common way to use chmod is through octal valuesEach permission group (user, group, others) is represented by a number from 0 to 7 based on the sum of the activated bits:
- r (reading) is worth 4
- w (writing) is worth 2
- x (execution) is worth 1
Thus, a user with read, write, and execute permissions will have 7 (4+2+1), a read-only group will have 5 (4+1), and others with only execution will have 1If we want, for example, the user to have all permissions, the group to have read and execute permissions, and the rest to have only execute permissions on a file called permisos.txtWe would use:
chmod 751 permisos.txt
When running ls -l we'll see something like -rwxr-x--xwhich corresponds to those values. This octal system is very convenient once you are already familiar with the relationship between numbers and permission bits.
View attributes and metadata with stat
Although Ls -l It provides a lot of information; sometimes we want to go further and check exact dates or specific attributes. That's where the command comes in. stat, shows comprehensive details about a file or file system.
Basic use of stat
If you run:
stat archivo.txt
You will get a summary with several fields: size, number of blocks, inode number, permissions, owner, group, and three fundamental timestamps:
- Access (atime): last date and time of access (reading)
- Modify (mtime): last content modification
- Change (ctime): last change in metadata (permissions, owner, etc.)
Furthermore, stat allows you to customize the output with the modifier -c followed by a format. Some very practical specifiers are:
- %x: date of last access
- %y: date of last modification
- %a: permissions in octal notation
For example, to see only the last access date of prueba.txt:
stat -c %x prueba.txt
If you're interested in when its content was last modified, you would use:
stat -c %y prueba.txt
And to obtain your octal permissions directly:
stat -c %a prueba.txt
If you read the file with cat And then you check the atime again, you'll see that The access date has changedSimilarly, if you add content with threw out and redirection, the mtime will also be updated.
Check the file system with stat -f
When you are interested in the file system as a whole, not a specific file, you can use stat with the option -fIn that case, the tool shows global file system data: type, maximum file size, number of free blocks, etc. This is especially useful for larger-scale administrative tasks.
Extended file system attributes
Beyond the classic permissions, some file systems (such as ext2, ext3, and ext4) allow you to set extended attributes at the system level that alter file behavior. They are not permissions themselves, but they can limit operations such as deleting, modifying, or logging access times. To work with them, we mainly use chattr y lsattr.
Query system attributes with lsattr
The command lsattr It displays the extended attributes associated with files and directories. Its typical output is a series of letters or dashes indicating which flags are active. For example:
lsattr archivo.txt
It might return something like:
----i---------e------- archivo.txt
If you want a more readable description, you can add the option -l:
lsattr -l archivo.txt
and you'll see labels like Immutable o Append_Only next to the file name, which makes it easier to understand what special behavior it has.
Most common system attributes
Among the various extended system attributes, there are some that are used much more frequently because of their direct impact on security and performance:
- a: append-only mode. The file It can only be opened to add data at the endIt cannot be truncated or have its existing content modified.
- A: disables access time updates (Don't wait), so that reading the file It does not change its access markwhich can improve performance under certain loads.
- dThe file is excluded from backups performed with tools such as
dump(no dump). - D: synchronizes the directory contents with disk on each write.
- i: immutable attribute. The file It cannot be deleted, renamed, or modified While this flag is active, it won't work even with root access, unless the root removes the flag first.
- S: forces disk synchronization of writes to that file.
- e: indicates that the file uses extents to map the blocks on disk. It is typical in ext4 and It cannot be modified with chattr.
These attributes can only be changed by system administratorprecisely because they affect the internal behavior of the file system and can be used as a protection mechanism.
Modify system attributes with chattr
To add or remove extended system attributes, the command is used chattrIts general syntax is:
chattr archivo...
The operators work similarly to those of chmod:
- +: adds the specified attribute or attributes to the existing ones
- -: removes the specified attributes from those already active
- =: sets exactly the given attributes, substituting for any others
For example, to mark a file as immutable:
sudo chattr +i prueba.txt
Whereas to remove that immutability you would do:
sudo chattr -i prueba.txt
As you see, Only the root user can set or remove certain sensitive flags such as immutability. Other attributes, depending on the file system, may have additional restrictions.
Extended user attributes (xattr)
In addition to system attributes, there is another level of metadata called extended user attributes (xattr), which do not affect permissions or the ability to modify or delete a file. They are used to store additional key-value pairs: for example, data about the author, application metadata, tags, etc.
Requirements for using user attributes
To work with these attributes, the file system must be mounted with the option user_xattr and have the package installed attrwhich provides the necessary commands. Once these conditions are met, we can manage xattr with the tool attr.
Manage user attributes with attr
The command attr It offers several options for listing, adding, displaying, or deleting attributes:
- -ql: lists all the attributes of a file
- -qs: adds or modifies an attribute
- -qg: displays the value of a specific attribute
- -qr: deletes an attribute
If you want, for example, to add an attribute called Author to file fichero1.txt with the value EtaboadaYou could do:
attr -qs autor -V "Etaboada" fichero1.txt
Then, to see what attributes that file has, it would be enough to:
attr -ql fichero1.txt
These attributes are very useful for applications or scripts that need to save additional information associated with the files without mixing it with its contents.
Preserve extended attributes when copying or synchronizing
An important detail is that Not all file operations automatically preserve extended attributes.If you need them, you'll need to add specific options to the tools you use:
| cp | –preserve=mode,ownership,timestamps,xattr |
| mv | Retain the default attributes, unless the target system does not support them. |
| tar | –xattrs (both when creating and extracting the tar file) |
| bsdtar | -p (in extraction) to preserve attributes |
| Rsync | –xattrs to synchronize extended attributes along with the data |
If you omit these options, it is very likely that lose the xattr files during copies, backups, or synchronizationswhich can lead to unexpected behavior in applications that depend on them.
Access control lists (ACLs) for granular permissions
The traditional permissions model (user, group, and others) works well in many cases, but falls short when you need something more precise, such as granting specific permissions for various users or specific groupsThat's what they're for. ACL (Access Control Lists), which expand the permissions system by offering much more granular control.
When to use ACL instead of just chmod
Imagine you have a shared directory and you want to only three specific users can write in it, while the rest can only read. With the classic model, you would have to deal with the owning group and the permissions of others, which can become complicated or simply not fit with the security policy you're trying to implement. ACLs allow you to define, for example, that the user user1 takes rwx, user2 takes rx and the rest only rall this without excessively altering the group structure of the system.
Install ACL tools
In many distributions, the commands for managing ACLs are not installed by default. If you don't have them, installing the package will usually suffice. aclOn systems based on Debian or Ubuntu, for example, you could do the following:
sudo apt install acl
This will provide you with the commands setfacl y getfaclessential for working with access control lists.
Assign ACL with setfacl
The command setfacl It is used to add or modify ACL entries in files and directories. Its basic form is:
setfacl {ACCIÓN}{ESPECIFICACIÓN_ACL} archivo_o_directorio
The most commonly used actions are:
- -m: modifies (or adds) an ACL entry
- -x: removes an existing ACL entry
The ACL specification has the form:
- u:username:permissions for users
- g:groupname:permissions For groups
For example, suppose there is a directory /home/shared owned by root, which other users can only access in read-only mode. If you want to user1 To read, write, and access that directory, you can:
sudo setfacl -m u:user1:rwx /home/shared
It is important to note that, although the permit others read-only, the ACL for user1 will give you additional permissions that They have priority over the general maskprovided the mask allows it.
View ACL with getfacl
To inspect the ACLs of a file or directory, you use getfaclA typical example would be:
getfacl /home/shared
which might show something like:
# file: shared
# owner: root
# group: root
user::rwx
user:user1:rwx
group::r-x
mask::rwx
other::r-x
Here it can be seen that, in addition to the owner's basic entry (user::rwx), appears a specific entry for user1, the group one and the mask (mask::), which limits the maximum set of effective permissions for users and groups other than the owner.
Remove ACL with setfacl -x
To remove a specific ACL entry, we continue using setfaclbut with the option -xThe specification is similar to the one used to create it, only without the permissions. If the output of getfacl sample:
user:user1:rwx
the relevant specification would be u:user1To remove it we would use:
setfacl -x u:user1 /home/shared
After that, another call to getfacl will confirm that The ACL entry for that user has disappeared., and their permissions will once again be governed solely by the classic model (user/group/others).
Related query and search tools
To complete the picture, it is worth remembering some commonly used utilities when working with files from the terminal, which do not directly modify attributes but do rely on them or help us to locate information efficiently.
Search for files with find and filter by attributes
The command find allows you to search for files based on very varied criteria: name, size, creation or modification date, owner, group, permissions, etc. Its minimum syntax is:
find ruta
Some interesting options for working with attributes and metadata are:
- -name "pattern": locates files whose name matches the specified pattern
- -user user: searches for files belonging to a specific user
- -group group: searches for files whose owner group matches the specified one
- -perm mode: filters by permissions, using symbolic or octal notation
- -size +nK: locates files larger than n kilobytes
- -ctime n: files created or changed ago n days
- -maxdepth n: limits the search depth level to n directories
- -follow: follows symbolic links
Additionally, you can combine find with actions like -print to show results or -Exec to execute a command on each file found. For example, to locate and delete all files with the extension . .bak with /usr/doc would you do:
find /usr/doc -name "*.bak" -exec rm -f {} \;
Sequence {} is replaced by the file name, and \; indicates the end of the command to be executed.
Examine content with cat and search for text with grep
To quickly view the contents of a text file, the classic approach is catwhich outputs the content to standard output. With options such as -n (number all lines) or -b (numbering only non-empty lines) can facilitate reading in certain cases.
For its part, grep It is the ultimate tool for search for text patterns within filesIt accepts regular expressions and has a multitude of modifiers, for example:
- -i: ignores uppercase and lowercase letters
- -c: shows how many lines match the pattern
- -l: lists only the filenames that contain the pattern
- -v: shows the lines that do not match
By combining find, grep, and the tools seen previously, you can build very powerful pipelines for audit permissions, locate files with specific attributes or simply find what you need in a large directory tree.
With all this repertoire —from traditional permits managed with chmod even the extended attributes with chattr y attr, passing through the ACLs with setfacl y getfacl and the detailed queries of stat— You now have a fairly complete view of how to handle file attributes in Linux from the terminal, safely and accurately, adjusting the behavior and access to your files far beyond what the basic options allow.
