ls - List files#
The ls command is used to list files and directories and their meta data like access permissions or size. Most common options are -l, -a and -h. The command ls -lah shows a long listing of all files (including hidden ones) in the current working directory and display human-readable file sizes, e.g. 5.3M instead of 5266573.
A long file listing (-l) shows a lot of metadata information. The following could be an example of an ls -lh invocation:
lrwxrwxrwx 1 root root 9 Mar 13 2020 /usr/bin/python3 -> python3.8
-rwxr-xr-x 1 root root 5.3M Jun 2 12:49 /usr/bin/python3.8
-rwsr-xr-x 1 root root 67K Jul 15 00:08 /usr/bin/passwd
drwxrwxrwt 1 root root 130 Sep 3 07:01 /scratch
-rw-rw----+ 1 john isg 652 Sep 10 15:13 my_notes
The following table breaks down the output into the individual fields:
Example |
file type |
owner permissions |
group permissions |
other permissions |
ACL |
hard links |
owner |
owning group |
file size |
modification time stamp |
file name |
info |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 |
l |
rwx |
rwx |
rwx |
1 |
root |
root |
9 |
Mar 13 2020 |
/usr/bin/python3 |
-> python3.8 |
|
2 |
- |
rwx |
r-x |
r-x |
1 |
root |
root |
5.3M |
Jun 2 12:49 |
/usr/bin/python3.8 |
||
3 |
- |
rws |
r-x |
r-x |
1 |
root |
root |
67K |
Jul 15 00:08 |
/usr/bin/passwd |
||
4 |
d |
rwx |
rwx |
rwt |
1 |
root |
root |
130 |
Sep 3 07:01 |
/scratch |
||
5 |
- |
rw- |
rw- |
— |
+ |
1 |
john |
isg |
66K |
Sep 10 15:13 |
my_notes |
File type#
The file type field indicates the nature of the file. Most common are regular files indicated by - or a directory indicated by d. But there are other file types as well. Note there is no difference between an executable program, a video file or a text document, for the file system all are just regular files. See Examples 2, 3 and 5.
Another file type is symbolic link indicated by l. This correspondents to junctions in Windows file systems. This is an actual file, and its content is just the file name of its target. So in example 1 /usr/bin/python3 is a file with the actual content python3.8 (9 bytes). The link target is shown the last column of the output. The permissions on links are always rwxrwxrwx, the final access rights depend on the link target.
Most programs follow or dereference symbolic links by default. So for example by executing the link from example 1 it dereferenced ans its target /usr/bin/python3.8 is executed. This way programs are often provided by different names.
Warning: Some programs actually check how exactly they were invoked and behave very different. An example are the symbolic links mkfs.ext2, mkfs.ext3 and mkfs.ext4 all referring to the same program mke2fs. It creates and ext2, ext3 or ext4 file systems depending by which link it was executed. You may use this “feature” in your own scripts by inspecting the environment variable $0.
There are more file types as shown in the following table.
indicator |
file type |
|---|---|
|
regular file |
|
symbolic link |
|
directory |
|
block device |
|
character device |
|
network file |
|
FIFO |
|
socket |
permissions#
The next three blocks of 3 letters show the POSIX permissions of the file for owner, group and others respectively.
There could be a + behind the POSIX permissions, see example 5, indicating that this file has extra permissions via an access control list (ACL).
There are some subtleties for executable files (and directories). The x in the owner or group triplet may be replaced by a s (example 3). In this case the file is executable and additionally the set uid or set gid permission is set. The process owner or group after execution will be set to the file owner or group.
Similarly the execution permission of the “others” triple for directories may be replaced by a t like in example 5. This marks an activated sticky bit: Only the owner of a file may delete or rename that file. That makes sense for shared directories like /scratch or /tmp
To be complete, there is a sticky bit for files indicated by T but this was historically important and has no meaning in modern Linux systems.
To review or modify ACLs on files use setfacl and getfacl respectively.
modification time#
On most file Linux file systems are three time stamps which are tracked with each file. The are called atime, mtime, and ctime. It may be that file systems suppress updates on time stamps (notably atime via noatime mount option) to improve performance.
time stamp |
name |
ls option |
meaning |
|---|---|---|---|
atime |
access time |
|
Time of the last read-only access of the files data |
mtime |
modification time |
(default) |
Time of the last write access to the files data |
ctime |
change time |
|
Time of the last change to the files metadata |
other useful options#
There are many options to ls. The following table shows the most common ones:
option |
meaning |
|---|---|
|
Show also hidden files, i.e. files name beginning with a |
|
Sort the output by file size |
|
Sort the output by modification time |
|
Sort the output by access time |
|
Sort the output by change time |
|
Reverse the ordering |
|
Recursively list the contents of all directories as well |