Linux Show Permissions: traverse file access

This script walks the Linux directory structures to files, while checking ACL access to them and displaying the access rights to all subdirectories.

It can tell you if another user is able to access your files or not, or when used with sudo, check for access of files not owned by you, for any other user on the system. Native permissions (chmod) are shown in uppercase to distinguish them from ACL permissions (setfacl), which are lowercase.

Let's start with a Usage Example. I naively give user nobody access to t.pl, but as $HOME directories are closed and secure, the actual access is prevented:

fbrm@debian:~$ setfacl -m u:nobody:r ~/CODE/PERL/t.pl 

fbrm@debian:~$ find $HOME/CODE/PERL -name '*.pl' | USR=nobody ./showpe
+rms.pl | column -t
DEBUG: Testing permissions against user 'nobody'
/                                  OTHER::r-x
/home/                             OTHER::r-x
/home/fbrm/                        ---
/home/fbrm/CODE/                   OTHER::r-x
/home/fbrm/CODE/PERL/              OTHER::r-x
/home/fbrm/CODE/PERL/showperms.pl  OTHER::r-x
/home/fbrm/CODE/PERL/t.pl          user:nobody:r--


fbrm@debian:~$ find $HOME/CODE/PERL -name '*.pl' | ./showperms.pl | co
+lumn -t
DEBUG: Testing permissions against user 'fbrm'
/                                  OTHER::r-x       
/home/                             OTHER::r-x       
/home/fbrm/                        USER:fbrm:rwx
/home/fbrm/CODE/                   USER:fbrm:rwx  GROUP:fbrm:r-x
/home/fbrm/CODE/PERL/              USER:fbrm:rwx  GROUP:fbrm:rwx
/home/fbrm/CODE/PERL/showperms.pl  USER:fbrm:rwx  GROUP:fbrm:rwx
/home/fbrm/CODE/PERL/t.pl          USER:fbrm:rw-  GROUP:fbrm:rw-
[download]

TIP: Instead of a find, you can also cat a file with fully qualified files, or echo a file.

#!/usr/bin/perl
use strict;
use warnings;

my $DEBUG = 1;

my $u = $ENV{USR} || $ENV{USER}; # Set default user to check permissio
+ns for
warn "DEBUG: Testing permissions against user '$u'\n" if $DEBUG;
my $g;
my $o;

my %P;
my $file;

while( $file = <STDIN> ) {
    chomp($file);
    if ($file && -e $file) {
        my @F = split /\//, $file;
        while(@F){
            $P{ join("/", @F) || "/" } = 0; # Build a list of Fully Qu
+alified paths. Deduplicated.
            pop @F;
            $F[-1] .= "/" if @F; # also add the root path to check
        };
    }else{
        warn "Could not find file '$file' (maybe run this as root to g
+et access to the file?)\n";
    }
}

for my $k (sort keys %P) {
    my @A = `getfacl "$k" 2>/dev/null | grep -v -e default: -e file:`;
+ # grab output
    ($o) = map { /# owner: (\S+)/ } @A; # Get the file owner
    ($g) = map { /# group: (\S+)/ } @A; # Get the file group
    grep { s/user::/USER:$o:/} @A; # make native Linux dir/file permis
+sions uppercase
    grep { s/group::/GROUP:$g:/} @A; # idem
    grep { s/other::/OTHER::/} @A; # idem
    $P{$k} = join "\n", grep { !/^#/ && /$u|^other/i } @A;
    $P{$k} =~ s/:[^:]+effective:/:/; # consider only effective permiss
+ions
    $P{$k} =~ s/\S+:---//g; #remove empty permissions
    $P{$k} =~ s/(?:user|group):[\s\S]*\K(other:.*)//mi;
    $P{$k} =~ s/[\n\r\s]+/ /g; # remove newlines
    $P{$k} = '---' if $P{$k} eq " "; # if no permissions, default to -
+--
};
for my $k (sort keys %P){
    print "$k $P{$k}\n";
}
[download]

Comment on Linux Show Permissions: traverse file access Select or Download Code

Replies are listed 'Best First'.
Re: Linux Show Permissions: traverse file access by jwkrahn (Abbot) on Oct 20, 2025 at 06:58 UTC
`grep { s/user::/USER:$o:/} @A; # make native Linux dir/file permis +sions uppercase grep { s/group::/GROUP:$g:/} @A; # idem grep { s/other::/OTHER::/} @A; # idem` [download] That is usually written as: `s/user::/USER:$o:/ for @A; # make native Linux dir/file permission +s uppercase s/group::/GROUP:$g:/ for @A; # idem s/other::/OTHER::/ for @A; # idem` [download] `$P{$k} =~ s/(?:user\|group):[\s\S]\K(other:.)//mi;` [download] `[\s\S]` could also be written as `(?s:.)` and the `/m` modifier is only useful if the anchors `^` or `$` are used. `$P{$k} =~ s/[\n\r\s]+/ /g; # remove newlines` [download] The `\s` character class includes the characters `\n` and `\r` so that could be simplified to `$P{$k} =~ s/\s+/ /g;`. Naked blocks are fun! -- Randal L. Schwartz, Perl hacker	[reply] [d/l] [select]
Re^2: Linux Show Permissions: traverse file access by FreeBeerReekingMonk (Deacon) on Oct 20, 2025 at 18:36 UTC
Points for pointing out that `s/// for @array` is 50% faster than `grep {} @array`. Points for telling me about `(?s:.)` I did not know it could be written that way. It seems to be as fast as the other method (2% slightly faster), and might be more readable. For the third one, it comes at the prices of understanding the intention of the line code. But if I just don't use newlines, it might be better. `# perl -E '$x="abc\ndef"; $x=~s/./u/mi; say $x' u def # perl -E '$x="abc\ndef"; $x=~s/[\s\S]/u/mi; say $x' u # perl -E '$x="abc\ndef"; $x=~s/(?s:.)/u/mi; say $x' u` [download] Will test this one in the field for a while.	[reply] [d/l]
Re^3: Linux Show Permissions: traverse file access by jwkrahn (Abbot) on Oct 21, 2025 at 04:17 UTC
Points for pointing out that `s/// for @array` is 50% faster than `grep {} @array`. You could also do all three s/// at the same time: `s/user::/USER:$o:/, s/group::/GROUP:$g:/, s/other::/OTHER::/ for @ +A;` [download] For the third one, it comes at the prices of understanding the intention of the line code. But if I just don't use newlines, it might be better. Another way to do that which may be better: `$P{$k} =~ tr/ \n\r\t\f/ /s; # remove newlines` [download] Naked blocks are fun! -- Randal L. Schwartz, Perl hacker	[reply] [d/l] [select]