what means a dot after the file permission ?
- This is a special permission in Linux which is recently included.
- Some times you will be seeing dot at the trailing end of permissions
- If you observe you will find 11th character to the initial 10 characters permission field available in Linux.
- This is new and is available in Linux when SELinux is included in the package from RHEL5+.
- When using SELinux(Security Enhanced Linux ) the files/folder permissions are set in different way.
- The dot is indicating that files/folders are set with some sort of SELinux permissions on them.
Just like a + shows files that have ACL’s on them
[pastacode lang=”bash” manual=”%0Asomeone%40somewhere%3A~%24%20ls%20%2Fvar%2Fwww%20-lh%0Atotal%2072K%0A-rw-rwxr–%2B%20%201%20root%20%20%20%20%20root%20%20%20%20%20%20330%202009-08-04%2015%3A09%20base64.php%0A-rw-rw-r–%2B%20%201%20www-data%20www-data%20%20%2093%202010-01-04%2016%3A25%20blot.php%0A” message=”bash code” highlight=”” provider=”manual”/] [pastacode lang=”bash” manual=”someone%40somewhere%3A~%24%20getfacl%20%2Fvar%2Fwww%2Fbase64.php%0Agetfacl%3A%20Removing%20leading%20’%2F’%20from%20absolute%20path%20names%0A%23%20file%3A%20var%2Fwww%2Fbase64.php%0A%23%20owner%3A%20root%0A%23%20group%3A%20root%0Auser%3A%3Arw-%0Auser%3Asomeone%3Arwx%0Agroup%3A%3Ar–%0Amask%3A%3Arwx%0Aother%3A%3Ar–%0A” message=”bash code” highlight=”” provider=”manual”/] [ad type=”banner”]Code:
[pastacode lang=”bash” manual=”Code%3A%0Agrub.d%5D%23%20ls%20-l%0Atotal%2064%0A-rwxr-xr-x.%201%20root%20root%207528%20Mar%2015%2011%3A40%2000_header%0A-rwxr-xr-x.%201%20root%20root%208872%20Mar%2015%2011%3A40%2010_linux%0A-rwxr-xr-x.%201%20root%20root%209552%20Mar%2015%2011%3A40%2020_linux_xen%0A-rwxr-xr-x.%201%20root%20root%209339%20Mar%2015%2011%3A40%2030_os-prober%0A-rwxr-xr-x%20%201%20root%20root%20%20691%20Apr%20%205%2010%3A55%2039_puppy%0A-rwxr-xr-x.%201%20root%20root%20%20301%20Mar%2028%2016%3A49%2040_custom%0A-rwxr-xr-x.%201%20root%20root%20%20%2095%20Mar%2015%2011%3A40%2041_custom%0A-rwxr-xr-x.%201%20root%20root%201259%20Mar%2015%2011%3A40%2090_persistent%0A-rw-r–r–.%201%20root%20root%20%20483%20Mar%2015%2011%3A40%20README%0A” message=”bash code” highlight=”” provider=”manual”/]Note that 39_puppy has no dot. Code:
[pastacode lang=”bash” manual=”grub.d%5D%23%20lsattr%20*%0A————-e-%2000_header%0A————-e-%2010_linux%0A————-e-%2020_linux_xen%0A————-e-%2030_os-prober%0A————-e-%2039_puppy%0A————-e-%2040_custom%0A————-e-%2041_custom%0A————-e-%2090_persistent%0A————-e-%20README%0A” message=”bash code” highlight=”” provider=”manual”/]- The dot after file permissions in ‘ls’ long output denotes that the file in question has a SELinux security context, no matter if SELinux is enabled or not:
Code:
[pastacode lang=”bash” manual=”%5Broot%40backup%20%2F%5D%23%20sestatus%0ASELinux%20status%3A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20disabled%0A%5Broot%40backup%20%2F%5D%23%20ls%20-ald%20%2Flib%0Adr-xr-xr-x.%208%20root%20root%204096%20Feb%2014%2016%3A45%20%2Flib%0A%5Broot%40backup%20%2F%5D%23%20ls%20-Zd%20%2Flib%0Adr-xr-xr-x.%20root%20root%20system_u%3Aobject_r%3Alib_t%3As0%20%20%20%20%20%20%20%2Flib%0A%5Broot%40backup%20%2F%5D%23%20%0A%5Broot%40backup%20%2F%5D%23%20ls%20-ald%20%2Fsrv%0Adrwxr-xr-x%209%20root%20root%204096%20May%20%208%2015%3A37%20%2Fsrv%0A%5Broot%40backup%20%2F%5D%23%20ls%20-Zd%20%2Fsrv%0Adrwxr-xr-x%20root%20root%20%3F%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%2Fsrv%0A%5Broot%40backup%20%2F%5D%23%0A” message=”bash code” highlight=”” provider=”manual”/] [ad type=”banner”]- GNU ls uses a . character to indicate a file with an SELinux security context, but no other alternate access method.
— From ls man page (info coreutils ‘ls invocation’).
- This basically implies that the file has an Access Control List (ACL) with SELinux.
- You can set or delete ACL association for a file by using the setfacl command
incredible!!