Thursday, September 15, 2011

Understanding file permissions on Unix: a brief tutorial

Understanding file permissions on Unix: a brief tutorial

(For files on AFS fileservers, see below)


Every user on a Unix system has a unique username, and is a member of at least one group (the primary group for that user). This group information is held in the password file (/etc/passwd). A user can also be a member of one or more other groups. The auxiliary group information is held in the file /etc/group. Only the administrator can create new groups or add/delete group members (one of the shortcomings of the system). Every directory and file on the system has an owner, and also an associated group. It also has a set of permission flags which specify separate read, write and execute permissions for the 'user' (owner), 'group', and 'other' (everyone else with an account on the computer) The 'ls' command shows the permissions and group associated with files when used with the -l option. On some systems (e.g. Coos), the '-g' option is also needed to see the group information.
An example of the output produced by 'ls -l' is shown below.
drwx------ 2 richard staff  2048 Jan  2 1997  private
drwxrws--- 2 richard staff  2048 Jan  2 1997  admin
-rw-rw---- 2 richard staff 12040 Aug 20 1996  admin/userinfo
drwxr-xr-x 3 richard user   2048 May 13 09:27 public
Understanding how to read this output is useful to all unix users, but especially people using group access permissions. Field 1:   a set of ten permission flags.
Field 2:   link count (don't worry about this)
Field 3:   owner of the file
Field 4:   associated group for the file
Field 5:   size in bytes
Field 6-8: date of last modification (format varies, but always 3 fields)
Field 9:   name of file (possibly with path, depending on how ls was called)

The permission flags are read as follows (left to right)
position Meaning
1 directory flag, 'd' if a directory, '-' if a normal file, something else occasionally may appear here for special devices.
2,3,4 read, write, execute permission for User (Owner) of file
5,6,7 read, write, execute permission for Group
8,9,10 read, write, execute permission for Other
value Meaning
- in any position means that flag is not set
r file is readable by owner, group or other
w file is writeable. On a directory, write access means you can add or delete files
x file is executable (only for programs and shell scripts - not useful for data files). Execute permission on a directory means you can list the files in that directory
s in the place where 'x' would normally go is called the set-UID or set-groupID flag.

On an executable program with set-UID or set-groupID, that program runs with the effective permissions of its owner or group.

For a directory, the set-groupID flag means that all files created inside that directory will inherit the group of the directory. Without this flag, a file takes on the primary group of the user creating the file. This property is important to people trying to maintain a directory as group accessible. The subdirectories also inherit the set-groupID property.

The default file permissions (umask):

Each user has a default set of permissions which apply to all files created by that user, unless the software explicitly sets something else. This is often called the 'umask', after the command used to change it. It is either inherited from the login process, or set in the .cshrc or .login file which configures an individual account, or it can be run manually. Typically the default configuration is equivalent to typing 'umask 22' which produces permissions of:
-rw-r--r-- for regular files, or
drwxr-xr-x for directories.
In other words, user has full access, everyone else (group and other) has read access to files, lookup access to directories. When working with group-access files and directories, it is common to use 'umask 2' which produces permissions of:
-rw-rw-r-- for regular files, or
drwxrwxr-x for directories.
For private work, use 'umask 77' which produces permissions:
-rw------- for regular files, or
drwx------ for directories.
The logic behind the number given to umask is not intuitive. The command to change the permission flags is "chmod". Only the owner of a file can change its permissions.
The command to change the group of a file is "chgrp". Only the owner of a file can change its group, and can only change it to a group of which he is a member.
See the online manual pages for details of these commands on any particular system (e.g. "man chmod").
Examples of typical useage are given below:
chmod g+w myfile
give group write permission to "myfile", leaving all other permission flags alone

chmod g-rw myfile
remove read and write access to "myfile", leaving all other permission flags alone

chmod g+rwxs mydir
give full group read/write access to directory "mydir", also setting the set-groupID flag so that directories created inside it inherit the group

chmod u=rw,go= privatefile
explicitly give user read/write access, and revoke all group and other access, to file 'privatefile'

chmod -R g+rw .
give group read write access to this directory, and everything inside of it (-R = recursive)

chgrp -R medi .
change the ownership of this directory to group 'medi' and everything inside of it (-R = recursive). The person issuing this command must own all the files or it will fail.
WARNINGS:
Putting 'umask 2' into a startup file (.login or .cshrc) will make these settings apply to everything you do unless manually changed. This can lead to giving group access to files such as saved email in your home directory, which is generally not desireable.
Making a file group read/write without checking what its group is can lead to accidentally giving access to almost everyone on the system. Normally all users are members of some default group such as "users", as well as being members of specific project-oriented groups. Don't give group access to "users" when you intended some other group.
Remember that to read a file, you need execute access to the directory it is in AND read access to the file itself. To write a file, your need execute access to the directory AND write access to the file. To create new files or delete files, you need write access to the directory. You also need execute access to all parent directories back to the root. Group access will break if a parent directory is made completely private.

AFS Access Control Lists (ACLs)

Files on the central AFS fileservers all have the traditional Unix permissions as explained above, but they are also controlled by Access Control Lists (ACL) which take precedence. They provide access levels more flexible than the user/group/other attribute bits, but they work on the level of complete directories, not files. The command to set and list ACLs is fs.
"fs" is a big ugly command that does lots of things related to AFS filesystems depending on the arguments you call it with. For details see the man pages for: fs_setacl, fs_listacl, fs_cleanacl, fs_copyacl
For brief help, do (e.g.) "fs help setacl"
The default is to give the same permissions to a new directory as are on the parent directory. In practice, this is usually to give complete rights to the owner of the directory, and lookup rights to any other user (equivalent to execute attribute on a directory).
To render a directory private, the simplest command is:
fs setacl -d DIRNAME -clear -a MYNAME all
- replace DIRNAME with the appropriate directory name (or "." for the current directory, and MYNAME with your login name.
Check it with:
fs listacl DIRNAME
It should reply with:
Access list for DIRNAME is
Normal rights:
  USERNAME rlidwka
(see man fs_setacl for a description of the meaning of the flags "rlidwka")
To explicitly give public read/lookup access, use:
fs setacl -d DIRNAME -a system:anyuser read
This can be abbreviated to
fs sa DIRNAME system:anyuser read
If "fs" is not found, or the man pages are not found, your paths are not set up correctly. I recommend you run /usr/local/bin/mknewdotfiles to correct that.

Unix File Permissions

FILE PERMISSIONS:
--------------------------------

There are 3 fields, owner, group and other :

      owner group other
    rwx rwx rwx
    421 421 421
     7   7   7
  
    rwx r-- r--
    421 4-- 4--
     7   4   4

    rw- r-- r--
    42- 4-- 4--
     6   4   4

SUMMARY (from man page listed below):

           -r--------     Read by owner
           --w-------     Write by owner
           ---x------     Execute (or search directory) by owner; do not set
                          user ID on execution
           ---s------     Execute/search by owner; set user ID on execution
           ---S------     No execute/search by owner; set user ID on
                          execution
           ----r-----     Read by group
           -----w----     Write by group
           ------x---     Execute/search by group; do not set group ID on
                          execution
           ------s---     Execute/search by group; set group ID on execution
           ------S---     No execute/search by group; set group ID on
                          execution
           -------r--     Read by others
           --------w-     Write by others
           ---------x     Execute/search by others; do not set sticky bit on
                          execution
           ---------t     Execute/search by others; set sticky bit on
                          execution
           ---------T     No execute/search by others; set sticky bit on
                          execution

  
NOTE:  a file owned by root should NEVER be set with "w" permission in "other".  

--------------------------------------------------------------------------------------------------------------------------------
to change the permission add the bits to find the value desired
and use the chmod command, examples:

chmod 1777 file1
-rwxrwxrwt   1 root       sys              0 Aug  7 11:41 file1

chmod 1755 file2
-rwxr-xr-t   1 root       sys              0 Aug  7 11:41 file2

chmod 2644 file3
-rw-r-Sr--   1 root       sys              0 Aug  7 11:41 file3

chmod 2777 file4
-rwxrwsrwx   1 root       sys              0 Aug  7 11:41 file4

chmod 3777 file5
-rwxrwsrwt   1 root       sys              0 Aug  7 11:41 file5

chmod 3644 file6
-rw-r-Sr-T   1 root       sys              0 Aug  7 11:41 file6

chmod 4640 file7
-rwSr-----   1 root       sys              0 Aug  7 11:41 file7

chmod 5666 file8
-rwSrw-rwT   1 root       sys              0 Aug  7 11:41 file8

chmod 6777 file9
-rwsrwsrwx   1 root       sys              0 Aug  7 11:41 file9

=========================================================================
 chmod(1)                chmod(1)
 NAME
      chmod - change file mode access permissions

 SYNOPSIS
      /usr/bin/chmod [-A] [-R] symbolic_mode_list file ...

    Obsolescent form:
      /usr/bin/chmod [-A] [-R] numeric_mode file ...

 DESCRIPTION
      The chmod command changes the permissions of one or more files
      according to the value of symbolic_mode_list or numeric_mode.  You can
      display the current permissions for a file with the ls -l command (see ls(1)).

    Symbolic Mode List
      A symbolic_mode_list is a comma-separated list of operations in the
      following form.  Whitespace is not permitted.

       [who]op[permission][,...]

      The variable fields can have the following values:

       who           One or more of the following letters:

                u     Modify permissions for user (owner).
                g     Modify permissions for group.
                o     Modify permissions for others.
                a     Modify permissions for all users (a is
                 equivalent to ugo).

       op           Required; one of the following symbols:

                +     Add permission to the existing file mode
                 bits of who.
                -     Delete permission from the existing file
                 mode bits of who.
                =     Replace the existing mode bits of who with
                 permission.

       permission  One or more of the following letters:

                r     Add or delete the read permission for who.
                w     Add or delete the write permission for who.
                x     Add or delete the execute file (search
                 directory) permission for who.
                s     Add or delete the set-owner-ID-on-file-
                 execution or set-group-ID-on-file-execution
                 permission for who.  Useful only if u or g
                 is expressed or implied in who.
                t     Add or delete the save-text-image-on-file-
                 execution (sticky bit) permission.  Useful
                 only if u is expressed or implied in who.
                 See chmod(2).
                X     Conditionally add or delete the
                 execute/search permission as follows:
                 +  If file is a directory, add or delete
                    the search permission to the existing
                    file mode for who.    (Same as x.)
                 +  If file is not a directory, and the
                    current file permissions include the
                    execute permission (ls -l displays an x
                    or an s) for at least one of user,
                    group, or other, then add or delete the
                    execute file permission for who.
                 +  If file is not a directory, and no
                    execute permissions are set in the
                    current file mode, then do not change
                    any execute permission.

               Or one only of the following letters:

                u     Copy the current user permissions to who.
                g     Copy the current group permissions to who.
                o     Copy the current other permissions to who.

      The operations are performed in the order specified, and can override
      preceding operations specified in the same command line.

      If who is omitted, the r, w, x, and X permissions are changed for all
      users if the changes are permitted by the current file mode creation
      mask (see umask(1)).  The s and t permissions are changed as if a was
      specified in who.

      Omitting permission is useful only when used with = to delete all
      permissions.

    Numeric Mode (Obsolescent)
      Absolute permissions can be set by specifying a numeric_mode, an octal
      number constructed from the logical OR (sum) of the following mode
      bits:

      Miscellaneous mode bits:

       4000     (= u=s)  Set user ID on file execution (file only)
       2000     (= g=s)  Set group ID on file execution (file only)
       1000     (= u=t)  Set sticky bit; see below and chmod(2)

      Permission mode bits:
       0400     (= u=r)  Read by owner
       0200     (= u=w)  Write by owner
       0100     (= u=x)  Execute (search in directory) by owner
       0040     (= g=r)  Read by group
       0020     (= g=w)  Write by group
       0010     (= g=x)  Execute/search by group
       0004     (= o=r)  Read by others
       0002     (= o=w)  Write by others
       0001     (= o=x)  Execute/search by others

    Options
       -A    Preserve any optional access control list (ACL) entries
        associated with the file (HFS file systems only).  By
        default, in conformance with the IEEE Standard POSIX
        1003.1-1988, optional HFS ACL entries are deleted.  For JFS
        ACLs, this option has no effect, because optional JFS ACL
        entries are always preserved.  For information about access
        control lists, see acl(5) and aclv(5).

       -R    Recursively change the file mode bits.    For each file
        operand that names a directory, chmod alters the file mode
        bits of the named directory and all files and subdirectories
        in the file hierarchy below it.

      Only the owner of a file, or a user with appropriate privileges, can
      change its mode.

      Only a user having appropriate privileges can set (or retain, if
      previously set) the sticky bit of a regular file.

      If the sticky bit is set on a directory, files inside the directory
      may be renamed or removed only by the owner of the file, the owner of
      the directory, or the superuser (even if the modes of the directory
      would otherwise allow such an operation).

      In order to set the set-group-ID bit, the group of the file must
      correspond to your current group ID.

      If chmod is used on a symbolic link, the mode of the file referred to
      by the link is changed.

--------------------------------------------------------------------------------------------------------------------------------

EXAMPLES
      Deny write permission to others:
       chmod o-w file

      Make a file executable by everybody:
       chmod a+x file

      Assign read and execute permission to everybody, and set the set-
      user-ID bit:
       chmod a=rx,u+s file

      Assign read and write permission to the file owner, and read
      permission to everybody else:
       chmod u=rw,go=r file

      or the obsolescent form:
       chmod 644 file

      Traverse a directory subtree making all regular files readable by user
      and group only, and all executables and directories executable
      (searchable) by everyone:
       chmod -R ug+r,o-r,a+X pathname

      If the current value of umask is 020 (umask -S displays
      u=rwx,g=rx,o=rwx; do not change write permission for group) and the
      current permissions for file mytest are 444 (a=r), displayed by ls -l
      as -r--r--r--, then the command
       chmod +w mytest

      sets the permissions to 646 (uo=rw,g=r), displayed by ls -l as
      -rw-r--rw-.

      If the current value of umask is 020 (umask -S displays
      u=rwx,g=rx,o=rwx; do not change write permission for group) and the
      current permissions for file mytest are 666 (a=rw), displayed by ls -l
      as -rw-rw-rw-, then the command

       chmod -w mytest

      sets the permissions to 464 (uo=r,g=rw), displayed by ls -l as
      -r--rw-r--.

DEPENDENCIES
      The -A option causes chmod to fail on file systems that do not support ACLs.

 AUTHOR chmod was developed by AT&T and HP.

 SEE ALSO chacl(1), ls(1), umask(1), chmod(2), acl(5), aclv(5).

======================================================================

 Hewlett-Packard Company        - 5 -   HP-UX Release 11i: November 2000
 ls(1)                                       ls(1)
 NAME
      ls, lc, l, ll, lsf, lsr, lsx - list contents of directories
 SYNOPSIS
      ls [-abcdefgilmnopqrstuxACFLR1] [names]
      lc [-abcdefgilmnopqrstuxACFLR1] [names]
      l [ls_options] [names]
      ll [ls_options] [names]
      lsf [ls_options] [names]
      lsr [ls_options] [names]
      lsx [ls_options] [names]

 DESCRIPTION
      For each directory argument, the ls command lists the contents of the
      directory.  For each file argument, ls repeats its name and any other
      information requested.  The output is sorted in ascending collation
      order by default (see Environment Variables below).  When no argument
      is given, the current directory is listed.  When several arguments are
      given, the arguments are first sorted appropriately, but file
      arguments appear before directories and their contents.

      If you are a user with appropriate privileges, all files except . and
      .. are listed by default.

      There are three major listing formats.  The format chosen depends on
      whether the output is going to a login device (determined by whether
      output device file is a tty device), and can also be controlled by
      option flags.  The default format for a login device is to list the
      contents of directories in multicolumn format, with entries sorted
      vertically by column.  (When individual file names (as opposed to
      directory names) appear in the argument list, those file names are
      always sorted across the page rather than down the page in columns
      because individual file names can be arbitrarily long.) If the
      standard output is not a login device, the default format is to list
      one entry per line.  The -C and -x options enable multicolumn formats,
      and the -m option enables stream output format in which files are
      listed across the page, separated by commas.  In order to determine
      output formats for the -C, -x, and -m options, ls uses an environment
      variable, COLUMNS, to determine the number of character positions
      available on each output line.  If this variable is not set, the
      terminfo database is used to determine the number of columns, based on
      the environment variable TERM.  If this information cannot be
      obtained, 80 columns is assumed.

      The command lc functions the same as ls except that the lc default
      output is columnar, even if output is redirected.

    Options
      ls recognizes the following options:

       -a    List all entries; usually entries whose names begin with a
        period (.) are not listed.

       -b    List nonprinting characters in the octal \ddd notation.

       -c    Use time of last modification of the inode (file created,
        mode changed, etc.) for sorting (-t) or printing (-l (ell)).

       -d    If an argument is a directory, list only its name (not its
        contents); often used with -l (ell) to get the status of a
        directory.

       -e    List the extent attributes of the file.     If any of the files
        has a extent attribute, this option lists the extent size,
        space reserved and allocation flags.  This option must be
        used with the -l (ell) option.

       -f    Interpret each argument as a directory and list the name
        found in each slot.  This option disables -l (ell), -r, -s,
        and -t, and enables -a; the order is the order in which
        entries appear in the directory.

       -g    Same as -l (ell), except that only the group is printed
        (owner is omitted).  If both -l (ell) and -g are specified,
        the owner is not printed.

       -i    For each file, list the inode number in the first column of
        the report.  When used in multicolumn output, the number
        precedes the file name in each column.

       -l    (ell) List in long format, giving mode, number of links,
        owner, group, size in bytes, and time of last modification
        for each file (see further DESCRIPTION and Access Control
        Lists below).  If the time of last modification is greater
        than six months ago, or any time in the future, the year is
        substituted for the hour and minute of the modification
        time.  If the file is a special file, the size field
        contains the major and minor device numbers rather than a
        size.  If the file is a symbolic link, the filename is
        printed, followed by -> and the pathname of the referenced
        file.

       -m    Stream output format.

       -n    The same as -l, (ell) except that the owner's UID and
        group's GID numbers are printed, rather than the associated
        character strings.

       -o    The same as -l, (ell) except that only the owner is printed
        (group is omitted).  (If both -l (ell) and -o are specified,
        the group is not printed).

       -p    Put a slash (/) after each file name if that file is a
        directory.

       -q    List nonprinting characters in file names as the character
        (?).

       -r    Reverse the order of sort to get reverse (descending)
        collation or oldest first, as appropriate.

       -s    List size in blocks, including indirect blocks, for each
        entry.    The first entry listed is the total number of blocks
        in the directory.  When used in multicolumn output, the
        number of blocks precedes the file name in each column.     The
        number of indirect blocks in a file is filesystem dependent.

       -t    Sort by time modified (latest first) before sorting
        alphabetically.

       -u    Use time of last access instead of last modification for
        sorting (-t option) or printing (-l (ell) option).

       -x    List multicolumn output with entries sorted across rather
        than down the page.

       -A    The same as -a, except that the current directory . and
        parent directory .. are not listed.  For a user with
        appropriate privileges, this flag defaults to on, and is
        turned off by -A.

       -C    List multicolumn output with entries sorted down the
        columns.

       -F    After each file name, put one of:

        +  A slash (/) if the file is a directory or a symbolic link
           to a directory.
        +  An asterisk (*) if the file is executable;
        +  An at-sign (@) if the file is a symbolic link to a file;
        +  A vertical bar (|) if the file is a fifo.

       -L    If the argument is a symbolic link, list the file or
        directory to which the link refers rather than the link
        itself.

       -R    Recursively list subdirectories encountered.

       -1    (one) List the file names in single column format regardless
        of the output device.  This forces single column format to
        the user's terminal.

      Specifying more than one of the options in the following mutually
      exclusive pairs is not considered an error: -C and -l (ell), -m and -l
      (ell), -x and -l (ell), -C and -1 (one), and -c and -u.

      ls is known by several shorthand-version names for the various
      formats:

       l    is equivalent to ls -m
       ll    is equivalent to ls -l (ell)
       lsf    is equivalent to ls -F
       lsr    is equivalent to ls -R
       lsx    is equivalent to ls -x

      The shorthand notations are implemented as links to ls.  Option
      arguments to the shorthand versions behave exactly as if the long form
      above had been used with the additional arguments.

      Mode Bits Interpretation (-l option)
      The mode printed in listings produced by the -l (ell) option consists
      of 10 characters, for example, -rwxr-xr-x.

      The first character indicates the entry type:

       b    Block special file
       c    Character special file
       d    Directory
       l    Symbolic link
       n    Network special file
       p    Fifo (also called a "named pipe") special file
       s    Socket
       -    Ordinary file

      The next 9 characters are interpreted as three sets of three
      characters each which identify access and execution permissions for
      the owner, group, and others categories, as described in chmod(1).
      The - indicates the permission is not granted.  The various
      permissions can be put together in any combination, except that the x,
      s, S, t, and T characters are mutually exclusive, as implied below.

       -r--------      Read by owner
       --w-------      Write by owner
       ---x------      Execute (or search directory) by owner; do not set
              user ID on execution
       ---s------      Execute/search by owner; set user ID on execution
       ---S------      No execute/search by owner; set user ID on
              execution
       ----r-----      Read by group
       -----w----      Write by group
       ------x---      Execute/search by group; do not set group ID on
              execution
       ------s---      Execute/search by group; set group ID on execution
       ------S---      No execute/search by group; set group ID on
              execution
       -------r--      Read by others
       --------w-      Write by others
       ---------x      Execute/search by others; do not set sticky bit on
              execution
       ---------t      Execute/search by others; set sticky bit on
              execution
       ---------T      No execute/search by others; set sticky bit on
              execution

      The mode characters are interpreted as follows:

       -    Deny all permissions in the corresponding position.

       r    Grant read permission to the corresponding user class.

       w    Grant write permission to the corresponding user class.

       x    Grant execute (or search in directory) permission to the
        corresponding user class.

       s    Grant execute (search) permission to the corresponding user
        class.    Execute the file as if by the owner (set user ID,
        SUID) or group (set group ID, SGID), as indicated by
        position.

       S    Deny execute (search) permission to the corresponding user
        class.    Execute the file as if by the owner (set user ID,
        SUID) or group (set group ID, SGID), as indicated by
        position.

       t    Grant execute (search) permission to others.  The "sticky"
        (save text image) bit is set (see the description of S_ISVTX
        in chmod(2)).

       T    Deny execute (search directory) permission to others.  The
        "sticky" (save text image) bit is set.

      When an option is specified that results in a listing of directory
      and/or file sizes in bytes or blocks (such as the -s or -l (ell)
      option), a total count of blocks, including indirect blocks, is also
      printed at the beginning of the listing.

    Access Control Lists (ACLs)
      If a file has optional ACL entries, the -l (ell) option displays a
      plus sign (+) after the file's permissions.  The permissions shown are
      a summary representation of the file's access control list, as
      returned by stat() in the st_mode field (see stat(2)).  To list the
      contents of an access control list, use the lsacl command (see
      lsacl(1) and acl(5)) for HFS file systems, or the getacl command (see
      getacl(1) and aclv(5)) for JFS file systems.

 EXTERNAL INFLUENCES
    Environment Variables
      If the COLUMNS variable is set, ls uses the width provided in
      determining positioning of columnar output.

      LANG determines the locale to use for the locale categories when both
      LC_ALL and the corresponding environment variable (beginning with LC_)
      do not specify a locale.    If LANG is not set or is null, it defaults
      to C (see lang(5)).

      LC_COLLATE determines the order in which the output is sorted.

      LC_CTYPE determines which characters are classified as nonprinting for
      the -b and -q options, and the interpretation of single- and/or
      multibyte characters within file names.

      LC_TIME determines the date and time strings output by the -g, -l
      (ell), -n, and -o options.

      LC_MESSAGES determines the language in which messages (other than the
      date and time strings) are displayed.

      If any internationalization variable contains an invalid setting, they
      all default to C (see environ(5)).

    International Code Set Support
      Single- and multibyte character code sets are supported.

 RETURN VALUE
      ls exits with one of the following values:

        0    All input files were listed successfully.

       >0    ls was aborted because errors occurred when accessing files.
        The following conditions cause an error:

        +  Specified file not found.
        +  User has no permission to read the directory.
        +  Process could not get enough memory.
        +  Invalid option specified.

 EXAMPLES
      Print a long listing of all the files in the current working directory
      (including the file sizes).  List the most recently modified
      (youngest) file first, followed by the next older file, and so forth,
      to the oldest.  Files whose names begin with a . are also printed.
       ls -alst

 WARNINGS
      Setting options based on whether the output is a login (tty) device is
      undesirable because ls -s is very different from ls -s | lp.  On the
      other hand, not using this setting makes old shell scripts that used
      ls almost inevitably fail.

      Nonprinting characters in file names (without the -b or -q option) may
      cause columnar output to be misaligned.

 DEPENDENCIES
    NFS
      The -l (ell) option does not display a plus sign (+) after the access
      permission bits of networked files to represent existence of optional
      access control list entries.

 AUTHOR
      ls was developed by AT&T, the University of California, Berkeley and HP.

 FILES
      /etc/group            For group IDs for -l (ell) and -g.
      /etc/passwd            For user IDs for -l (ell) and -o.
      /usr/share/lib/terminfo/?/*   For terminal information.

 SEE ALSO
      chmod(1), find(1), getacl(1), lsacl(1), stat(2), acl(5), aclv(5).