What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again.

Delete that bloated snippets file you've been using and share your personal repository with the world. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

If you have a new feature suggestion or find a bug, please get in touch via http://commandlinefu.uservoice.com/

Get involved!

You can sign-in using OpenID credentials, or register a traditional username and password.

First-time OpenID users will be automatically assigned a username which can be changed after signing in.

Universal configuration monitoring and system of record for IT.

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for:



May 19, 2015 - A Look At The New Commandlinefu
I've put together a short writeup on what kind of newness you can expect from the next iteration of clfu. Check it out here.
March 2, 2015 - New Management
I'm Jon, I'll be maintaining and improving clfu. Thanks to David for building such a great resource!

Top Tags





Commands tagged permissions from sorted by
Terminal - Commands tagged permissions - 20 results
stat -c '%n %U:%G-%a' *
2014-05-03 04:56:23
User: snipertyler
Functions: stat
Tags: permissions


alias perm="stat -c '%n %U:%G-%a'"


perm() { for ll in $@; do stat -c "%n %U:%G-%a" "$ll"; done; }

tar -xvpf file.tar.gz
2014-04-25 10:23:03
User: shajeen
Functions: tar

-x, --extract, --get

extract files from an archive

-p, --preserve-permissions, --same-permissions

extract information about file permissions (default for superuser)

-f, --file=ARCHIVE

use archive file or device ARCHIVE

-v, --verbose

verbosely list files processed

icacls directory_or_file /grant user_or_group:(OI)(CI)rx /t / l /q
print -rl /**/*(.f:o+w:)
2013-04-03 02:53:00
User: khayyam

Example of using zsh glob qualifier ...

"." = files

"f:" = files with access rights matching:

o+w = other plus write

getfacl file1 | setfacl --set-file=- file2
sudo find / \( -nouser -o -nogroup \)
2012-07-13 07:09:08
User: gwd
Functions: find sudo

suspicious/anomalous ownership may indicate system breach; should return no results

sudo find / -perm -2 ! -type l -ls
find . -type f ! -perm /u+x -printf "\"%p\"\n" | xargs file | grep -i executable
2012-03-12 17:29:36
User: aaronjcopley
Functions: file find grep xargs

Helps to fix permissions when a user clobbers them in their home directory or elsewhere. Does not rely on file extension, but uses the `file` command for context.

if [[ $EUID -ne 0 ]]; then echo 'Root permissions required! Exiting.'; exit; fi
2011-11-19 23:06:52
User: lordtoran
Functions: echo

This example code is intended to be used as a root permissions check in a script. It makes use of the $EUID (effective user ID) environment variable which is fully su- and sudo-safe.

sudo chown -R nobody:admin /Applications/XAMPP/xamppfiles/htdocs/
find $PWD -maxdepth 1 -printf '%.5m %10M %#9u:%-9g %#5U:%-5G [%AD | %TD | %CD] [%Y] %p\n'

I love this function because it tells me everything I want to know about files, more than stat, more than ls. It's very useful and infinitely expandable.

find $PWD -maxdepth 1 -printf '%.5m %10M %#9u:%-9g %#5U:%-5G [%AD | %TD | %CD] [%Y] %p\n' | sort -rgbS 50%

00761 drwxrw---x askapache:askapache 777:666 [06/10/10 | 06/10/10 | 06/10/10] [d] /web/cg/tmp

The key is:

# -printf '%.5m %10M %#9u:%-9g %#5U:%-5G [%AD | %TD | %CD] [%Y] %p\n'

which believe it or not took me hundreds of tweaking before I was happy with the output.

You can easily use this within a function to do whatever you want.. This simple function works recursively if you call it with -r as an argument, and sorts by file permissions.

lsl(){ O="-maxdepth 1";sed -n '/-r/!Q1'<<<$@ &&O=;find $PWD $O -printf '%.5m %10M %#9u:%-9g %#5U:%-5G [%AD | %TD | %CD] [%Y] %p\n'|sort -rgbS 50%; }

Personally I'm using this function because:

lll () { local a KS="1 -r -g"; sed -n '/-sort=/!Q1' <<< $@ && KS=`sed 's/.*-sort=\(.*\)/\1/g'<<<$@`; find $PWD -maxdepth 1 -printf '%.5m %10M %#9u:%-9g %#5U:%-5G [%AD | %TD | %CD] [%Y] %p\n'|sort -k$KS -bS 50%; }

# i can sort by user

lll -sort=3

# or sort by group reversed

lll -sort=4 -r

# and sort by modification time

lll -sort=6

If anyone wants to help me make this function handle multiple dirs/files like ls, go for it and I would appreciate it.. Something very minimal would be awesome.. maybe like:

for a; do lll $a; done

Note this uses the latest version of GNU find built from source, easy to build from gnu ftp tarball. Taken from my http://www.askapache.com/linux-unix/bash_profile-functions-advanced-shell.html

find . -type d -name .svn -exec chmod g+s "{}" \;
2010-04-27 16:51:00
User: mitzip
Functions: chmod find

The above command will set the GID bit on all directories named .svn in the current directory recursively. This makes the group ownership of all .svn folders be the group ownership for all files created in that folder, no matter the user.

This is useful for me as the subversion working directory on my server is also the live website and needs to be auto committed to subversion every so often via cron as well as worked on by multiple users. Setting the GID bit on the .svn folders makes sure we don't have a mix of .svn metadata created by a slew of different users.

strace php tias.php -e open,access 2>&1 | grep foo.txt
2010-04-20 19:42:42
User: rkulla
Functions: grep strace

Sometimes a program refuses to read a file and you're not sure why. You may have display_errors turned off for PHP or something. In this example, fopen('/var/www/test/foo.txt') was called but doesn't have read access to foo.txt.

Strace can tell you what went wrong. E.g., if php doesn't have read access to the file, strace will say "EACCESS (Permission denied)". Or, if the file path you gave doesn't exist, strace will say "ENOENT (No such file or directory)", etc.

This works for any program you can run from the command-line, e.g., strace python myapp.py -e open,access...

Note: the above command uses php-cli, not mod_php, which is a different SAPI with diff configs, etc.

getfacl <file-with-acl> | setfacl -f - <file-with-no-acl>
2009-12-08 22:56:35
User: tcfusion

If you copy windows file in e.g. cygwin the ACL might miss on the copied file.

With this command you can copy the ACL of an existing file to another.

WARNING: Existing ACL will get lost.

awk 'BEGIN{dir=DIR?DIR:ENVIRON["PWD"];l=split(dir,parts,"/");last="";for(i=1;i<l+1;i++){d=last"/"parts[i];gsub("//","/",d);system("ls -ld \""d"\"");last=d}}'
2009-10-22 16:28:07
User: arcege
Functions: awk

Handled all within awk. Takes the value from $PWD and constructs directory structures and runs commands against them. The gsub() call is not necessary, but added for better visibility.

If a variable DIR is given on the awk command-line, then that directory is used instead:

awk -vDIR=$HOME/.ssh 'BEGIN{dir=DIR?...}'
pushd .> /dev/null; cd /; for d in `echo $OLDPWD | sed -e 's/\// /g'`; do cd $d; echo -n "$d "; ls -ld .; done; popd >/dev/null
2009-10-22 12:32:11
User: syladmin
Functions: cd echo ls sed
Tags: permissions

Can easily be scripted in order to show permission "tree" from any folder. Can also be formated with

column -t

{ pushd .> /dev/null; cd /; for d in `echo $OLDPWD | sed -e 's/\// /g'`; do cd $d; echo -n "$d "; ls -ld .; done; popd >/dev/null ; } | column -t

from http://www.commandlinefu.com/commands/view/3731/using-column-to-format-a-directory-listing

git diff --numstat | awk '{if ($1 == "0" && $2 == "0") print $3}' | xargs git checkout HEAD
2009-09-17 22:12:50
User: lingo
Functions: awk diff xargs

I sometimes (due to mismanagement!) end up with files in a git repo which have had their modes changed, but not their content. This one-liner lets me revert the mode changes, while leaving changed-content files be, so I can commit just the actual changes made.

git diff --numstat -w --no-abbrev | perl -a -ne '$F[0] != 0 && $F[1] !=0 && print $F[2] . "\n";'
2009-08-19 05:07:58
User: lingo
Functions: diff perl

Only shows files with actual changes to text (excluding whitespace). Useful if you've messed up permissions or transferred in files from windows or something like that, so that you can get a list of changed files, and clean up the rest.

stat -f '%Sp %p %N' * | rev | sed -E 's/^([^[:space:]]+)[[:space:]]([[:digit:]]{4})[^[:space:]]*[[:space:]]([^[:space:]]+)/\1 \2 \3/' | rev
2009-08-04 08:45:20
User: vwal
Functions: rev sed stat

Since the original command (#1873) didn't work on FreeBSD whose stat lacks the "-c" switch, I wrote an alternative that does. This command shows also the fourth digit of octal format permissions which yields the sticky bit information.

find -writable
2009-04-11 22:16:35
User: kFiddle
Functions: find

Have a grudge against someone on your network? Do a "find -writable" in their directory and see what you can vandalize! But seriously, this is really useful to check the files in your own home directory to make sure they can't inadvertently be changed by someone else's wayward script.