Recursively list file permissions

Posted in July 2012 by under sysadmin

Here are a couple of commands that are handy when troubleshooting permissions. Especially handy for use in deep directory strucutres.

They will produce a recursive list of each directory in the path that shows ownership and permissions.

namei -l

namei starts from a given file and recurses upwards through the path. This makes it easy to troubleshoot permission problems. For example

richard@richardjh:~$ namei -l /var/ ... /Controller/PageController.php
f: /var/www/richardjh.local/module/RjhSite/src/RjhSite/Controller/PageController.php
drwxr-xr-x root    root    /
drwxr-xr-x root    root    var
drwxr-x--- richard www-data www
drwxr-x--- richard www-data richardjh.local
drwxrwx--- richard www-data module
drwxrwx--- richard richard RjhSite
drwxrwx--- richard www-data src
drwxrwx--- richard www-data RjhSite
drwxrwx--- richard www-data Controller
-rw-rw---- richard www-data PageController.php
            

In this example you can see at a glance that www-data cannot access anything below /var/www/richardjh.local/module/RjhSite/ which could be a problem.

tree -ifugp

tree works the other way and allows you to recurse downwards from a specified directory.

tree has many useful options and is a command I use a lot. It is not installed in Ubuntu by default but is available in the repositories:

sudo apt-get install tree
            

In order to remember this command I call it "Tree Fu Pig" after the kids TV show Tree Fu Tom. So I type it as

tree -fu -pig
            

This gives you a top down view and is handy for checking that permissions are secure enough, without having to wade through directories. An example

richard@richardjh:/var/www$ tree -fu -pig /var/www/richardjh.local/public/
/var/www/richardjh.local/public
[drwxrwxr-x richard  www-data ]  /var/www/richardjh.local/public/css
[-rw-rw-r-- richard  www-data ]  /var/www/richardjh.local/public/css/bootstrap.min.css
[-rw-rw-r-- richard  www-data ]  /var/www/richardjh.local/public/css/bootstrap-responsive.min.css
[-rw-rw-r-- richard  www-data ]  /var/www/richardjh.local/public/css/style.css
[drwxrwxr-x richard  www-data ]  /var/www/richardjh.local/public/images
[-rw-rw-r-- richard  www-data ]  /var/www/richardjh.local/public/images/favicon.ico
[-rw-rw-r-- richard  www-data ]  /var/www/richardjh.local/public/images/zf2-logo.png
[-rw-rw-r-- richard  www-data ]  /var/www/richardjh.local/public/index.php
[drwxrwxr-x richard  www-data ]  /var/www/richardjh.local/public/js
[-rw-rw-r-- richard  www-data ]  /var/www/richardjh.local/public/js/html5.js
[-rw-rw-r-- richard  www-data ]  /var/www/richardjh.local/public/js/jquery-1.7.2.min.js

3 directories, 8 files
            

In this example we can see at a glance that the web service has write access to files in the document root. Probably not what we want.