Dot in linux permissions

What does a dot after the file permission bits mean?

I performed an ls -la on directory on my CentOS 6.4 server here and the permissions for a given file came out as:

I understand what -rwxr-xr-x means, what I don’t understand is the . after the last attribute. Can someone explain it to me? Is it harmful in any way? Can it be removed?

2 Answers 2

GNU ls uses a . character to indicate a file with an SELinux security context, but no other alternate access method.

To see the actual security context applied to the file run this:

The security contexts can be assigned to a file even having SELinux disabled. You can check your security context with this:

If SELinux is disabled you will get this message:

id: --context (-Z) works only on an SELinux-enabled kernel 

You must log in to answer this question.

Linked

Hot Network Questions

Subscribe to RSS

To subscribe to this RSS feed, copy and paste this URL into your RSS reader.

Site design / logo © 2023 Stack Exchange Inc; user contributions licensed under CC BY-SA . rev 2023.7.12.43529

Linux is a registered trademark of Linus Torvalds. UNIX is a registered trademark of The Open Group.
This site is not affiliated with Linus Torvalds or The Open Group in any way.

By clicking “Accept all cookies”, you agree Stack Exchange can store cookies on your device and disclose information in accordance with our Cookie Policy.

Источник

What does the dot at the end of the permissions in the output of «ls -lah» mean? [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.

This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.

. drwxr-xr-x. 2 root root . -rw-rw-r--. 1 root root . 

I would like to know, what is the meaning of the dot ( -rw-rw-r—. ) at the end of the permissions format?

4 Answers 4

From info coreutils ‘ls invocation’ | grep -1 ‘[.+]. character’ under Linux

GNU `ls' uses a `.' character to indicate a file with an SELinux security context, but no other alternate access method. A file with any other combination of alternate access methods is marked with a `+' character.

GNU ls uses a ‘.’ character to indicate a file with a SELinux security context, but no other alternate access method.

This basically implies that the file has an Access Control List (ACL) with SELinux. You can set or delete ACL association for a file by using the setfacl command

Читайте также:  Unix особенность от linux

So NOT ACL, from @Tom van der Lee reference

+ (plus) suffix indicates an access control list that can control additional permissions. . (dot) suffix indicates an SELinux context is present. Details may be listed with the command ls -Z. @ suffix indicates extended file attributes are present. 
$ ls -l 35mm DNS-cache -rw-r--r--. 1 graeme graeme 60 Feb 27 2010 35mm -rw-r--r-- 1 graeme everyone 5193 Jun 1 14:45 DNS-cache $ $ getfacl -s 35mm DNS-cache $ ls -Z 35mm DNS-cache unconfined_u:object_r:user_home_t:s0 35mm ? DNS-cache 

So the getfacl -s produced no output, because there was no ACL. There was however a security context (seen with ls -Z)

Источник

How to remove dot permission in linux

how-to-remove-dot-permission-in-linux

We are going to share how to remove dot permission in linux. You might have found it annoying to trailing “dot” in the permissions in RHEL or any other linux distros. These are basically SELinux permissions leftover after disabling SELinux. SELinux context still remains associated with files regardless of SELinux is disabled.

Sample output of trailing dot.

# ls -ld /var/EPM drwxr-xr-x. 4 sales users 12288 Nov 17 02:37 /var/EPM

You need to make sure SELinux must be disabled before removing dot permissions in linux . You can refer to How to disable SELinux in Linux.

You can simply use the getenforce command in linux or the sestatus command in linux to get selinux current status.

# getenforce Disabled # sestatus Disabled

How to remove selinux file permissions in linux

Let us review using a few samples to have a look at the SELinux permissions issue.

# ls –alt /etc/rc.d/ drwxr-xr-x. 131 root root 12288 Nov 17 02:30 .. drwxr-xr-x. 2 root root 4096 Nov 16 14:14 rc2.d drwxr-xr-x. 2 root root 4096 Nov 16 14:14 rc3.d drwxr-xr-x. 2 root root 4096 Nov 16 14:14 rc4.d drwxr-xr-x. 2 root root 4096 Nov 16 14:14 rc5.d drwxr-xr-x. 2 root root 4096 Oct 27 01:29 init.d drwxr-xr-x. 2 root root 4096 Oct 22 23:31 rc1.d -rw-r--r--. 1 root root 473 Feb 18 2020 rc.local drwxr-xr-x. 10 root root 4096 Mar 29 2019 . drwxr-xr-x. 2 root root 4096 Mar 29 2019 rc0.d drwxr-xr-x. 2 root root 4096 Mar 29 2019 rc6.d

Another sample command to see context using the Z option with the listing command.

# ls -Z /etc/rc.d/ drwxr-xr-x. root root system_u:object_r:etc_t:s0 init.d drwxr-xr-x. root root system_u:object_r:etc_t:s0 rc0.d drwxr-xr-x. root root system_u:object_r:etc_t:s0 rc1.d drwxr-xr-x. root root system_u:object_r:etc_t:s0 rc2.d drwxr-xr-x. root root system_u:object_r:etc_t:s0 rc3.d drwxr-xr-x. root root system_u:object_r:etc_t:s0 rc4.d drwxr-xr-x. root root system_u:object_r:etc_t:s0 rc5.d drwxr-xr-x. root root system_u:object_r:etc_t:s0 rc6.d -rw-r--r--. root root system_u:object_r:initrc_exec_t:s0 rc.local

Another option to see the SELinux context is below.

# ls –lcontext /etc/rc.d/ drwxr-xr-x. 2 system_u:object_r:etc_t:s0 root root 4096 Oct 27 01:29 init.d drwxr-xr-x. 2 system_u:object_r:etc_t:s0 root root 4096 Mar 29 2019 rc0.d drwxr-xr-x. 2 system_u:object_r:etc_t:s0 root root 4096 Oct 22 23:31 rc1.d drwxr-xr-x. 2 system_u:object_r:etc_t:s0 root root 4096 Nov 16 14:14 rc2.d drwxr-xr-x. 2 system_u:object_r:etc_t:s0 root root 4096 Nov 16 14:14 rc3.d drwxr-xr-x. 2 system_u:object_r:etc_t:s0 root root 4096 Nov 16 14:14 rc4.d drwxr-xr-x. 2 system_u:object_r:etc_t:s0 root root 4096 Nov 16 14:14 rc5.d drwxr-xr-x. 2 system_u:object_r:etc_t:s0 root root 4096 Mar 29 2019 rc6.d -rw-r--r--. 1 system_u:object_r:initrc_exec_t:s0 root root 473 Feb 18 2020 rc.local

See all the output above all you can easily see each file and folder have trailing dots. So we have a lifesaver setfattr command in linux to recover from it and it is used for setting extended attributes of file system objects linux.

setfattr command in linux

Читайте также:  Linux открыть файл в бинарном виде

For reference sharing the setfattr command man page . We will see it’s usage to solve our trailing dot selinux permissions on file system objects.

# man setfattr SETFATTR(1) File Utilities SETFATTR(1) NAME setfattr-set extended attributes of filesystem objects SYNOPSIS setfattr [-h] -n name [-v value] pathname.  setfattr [-h] -x name pathname.  setfattr [-h] --restore=file DESCRIPTION :The setfattr command associates a new value with an extended attribute name for each specified file. OPTIONS : -n name, --name=name Specifies the name of the extended attribute to set. -v value, --value=value Specifies the new value of the extended attribute. There are three methods available for encoding the value. If the given string is enclosed in double quotes, the inner string is treated as text. In that case, backslashes and double quotes have special meanings and need to be escaped by a preceding backslash. Any control characters can be encoded as a backslash followed by three digits as its ASCII code in octal. If the given string begins with 0x or 0X, it expresses a hexadecimal number. If the given string begins with 0s or 0S, base64 encoding is expected. See also the --encoding option of getfattr (1). -x name, --remove=name Remove the named extended attribute entirely. -h, --no-dereference Do not follow symlinks. If pathname is a symbolic link, it is not followed, but is instead itself the inode being modified. --restore=file Restores extended attributes from file. The file must be in the format generated by the getfattr command with the --dump option. If a dash (-) is given as the file name, setfattr reads from standard input. --version Print the version of setfattr and exit. --help Print help explaining the command line options. -- End of command line options. All remaining parameters are interpreted as file names, even if they dash character.

So now let us see how to remove SELinux permissions by some of the examples.

# setfattr -h -x security.selinux /var/EPM # ls -ld /var/EPM drwxr-xr-x 4 sales users 12288 Nov 17 02:37 /var/EPM

See now trailing dot permissions gone. Basically, this is what we intended to resolve how to remove dot permission in linux post.

Читайте также:  Great little radio player linux

You can find trailing dot permissions using the find command and use setfattr to remove selinux file permissions with root user.

# find /path -print0 |xargs -0 -n 1 setfattr -h -x security.selinux # find /path -exec setfattr -h -x security.selinux <> \;

I guess that`s related to how to remove dot permissions in linux and how to remove selinux file permissions in linux and details about the setfattr command in linux .

I hope you will find it helpful in a crunch situation. If you like our work please do subscribe to our blog to keep getting notified with the latest post solving individual technical issues in your journey of system administration and personal request to share it as much as you can in your network and help us to increase the reach of the post to the intended audience.

You may like other similar articles…

Источник

What is the meaning of trailing dot in drwxr-xr-x Linux file permissions?

The Linux Juggernaut

Q. Today I am came across a strange permissions listing ie dot, What is meant by dot in file/folder permissions in drwxr-xr-x in Linux?

This is actually a small post, which is asked by one of the requester. This is a special permission in Linux which is recently included. Some times you will be seeing dot at the trailing end of permissions

ls -l Videos drwxr-xr-x. 3 surendra surendra 4096 2011-07-06 00:19 Videos

If you observe you will find 11 th character to the initial 10 characters permission field available in Linux. This is new and is available in Linux when SELinux is included in the package from RHEL5+.

When using SELinux(Security Enhanced Linux ) the files/folder permissions are set in different way. The dot is indicating that files/folders are set with some sort of SELinux permissions on them.

Surendra Anne

Mr Surendra Anne is from Vijayawada, Andhra Pradesh, India. He is a Linux/Open source supporter who believes in Hard work, A down to earth person, Likes to share knowledge with others, Loves dogs, Likes photography. He works as Devops Engineer with Taggle systems, an IOT automatic water metering company, Sydney . You can contact him at surendra (@) linuxnix dot com.

Latest posts by Surendra Anne (see all)

  • Docker: How to copy files to/from docker container — June 30, 2020
  • Anisble: ERROR! unexpected parameter type in action: Fix — June 29, 2020
  • FREE: JOIN OUR DEVOPS TELEGRAM GROUPS — August 2, 2019
  • Review: Whizlabs Practice Tests for AWS Certified Solutions Architect Professional (CSAP) — August 27, 2018
  • How to use ohai/chef-shell to get node attributes — July 19, 2018

Источник

Оцените статью
Adblock
detector