what means a dot after the file permission ?

  • This is a special permission in Linux which is recently included.
  • Some times you will be seeing dot at the trailing end of permissions
bash code 
Example:

ls -l Videos

drwxr-xr-x. 3 surendra surendra 4096 2011-07-06 00:19 Videos
[ad type=”banner”]
  • If you observe you will find 11th character to the initial 10 characters permission field available in Linux.
  • This is new and is available in Linux when SELinux is included in the package from RHEL5+.
  • When using SELinux(Security Enhanced Linux ) the files/folder permissions are set in different way.
  • The dot is indicating that files/folders are set with some sort of SELinux permissions on them.

Just like a + shows files that have ACL’s on them

bash code 

someone@somewhere:~$ ls /var/www -lh
total 72K
-rw-rwxr--+  1 root     root      330 2009-08-04 15:09 base64.php
-rw-rw-r--+  1 www-data www-data   93 2010-01-04 16:25 blot.php
bash code 
someone@somewhere:~$ getfacl /var/www/base64.php
getfacl: Removing leading '/' from absolute path names
# file: var/www/base64.php
# owner: root
# group: root
user::rw-
user:someone:rwx
group::r--
mask::rwx
other::r--
[ad type=”banner”]

Code:

bash code 
Code:
grub.d]# ls -l
total 64
-rwxr-xr-x. 1 root root 7528 Mar 15 11:40 00_header
-rwxr-xr-x. 1 root root 8872 Mar 15 11:40 10_linux
-rwxr-xr-x. 1 root root 9552 Mar 15 11:40 20_linux_xen
-rwxr-xr-x. 1 root root 9339 Mar 15 11:40 30_os-prober
-rwxr-xr-x  1 root root  691 Apr  5 10:55 39_puppy
-rwxr-xr-x. 1 root root  301 Mar 28 16:49 40_custom
-rwxr-xr-x. 1 root root   95 Mar 15 11:40 41_custom
-rwxr-xr-x. 1 root root 1259 Mar 15 11:40 90_persistent
-rw-r--r--. 1 root root  483 Mar 15 11:40 README

Note that 39_puppy has no dot. Code:

bash code 
grub.d]# lsattr *
-------------e- 00_header
-------------e- 10_linux
-------------e- 20_linux_xen
-------------e- 30_os-prober
-------------e- 39_puppy
-------------e- 40_custom
-------------e- 41_custom
-------------e- 90_persistent
-------------e- README
  • The dot after file permissions in ‘ls’ long output denotes that the file in question has a SELinux security context, no matter if SELinux is enabled or not:

Code:

bash code 
[root@backup /]# sestatus
SELinux status:                 disabled
[root@backup /]# ls -ald /lib
dr-xr-xr-x. 8 root root 4096 Feb 14 16:45 /lib
[root@backup /]# ls -Zd /lib
dr-xr-xr-x. root root system_u:object_r:lib_t:s0       /lib
[root@backup /]# 
[root@backup /]# ls -ald /srv
drwxr-xr-x 9 root root 4096 May  8 15:37 /srv
[root@backup /]# ls -Zd /srv
drwxr-xr-x root root ?                                /srv
[root@backup /]#
[ad type=”banner”]

  • GNU ls uses a . character to indicate a file with an SELinux security context, but no other alternate access method.

— From ls man page (info coreutils ‘ls invocation’).

  • This basically implies that the file has an Access Control List (ACL) with SELinux.
  • You can set or delete ACL association for a file by using the setfacl command

Categorized in:

LINUX

Tagged in:

, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,