What does "+ 3" mean in result of 'ls -al'?

Question

Accidentally, when moving to a mounted volume, and typing ll (alias for ls -laF)

:/media/username/DATA$ ll
total 153
drwxrwxrwx  1 username username  8192 Sep  1 20:32 ./
drwxr-x---+ 3 root     root      4096 Sep  3 08:14 ../
drwxrwxrwx  1 username username 12288 Jul 26 22:29 documents/
drwxrwxrwx  1 username username 16384 Sep  2 02:01 downloads/

I have this interesting part: drwxr-x---+ 3

I understand the part drwxr-x---, but what the else part + 3 means?

Ps: I'm using Ubuntu 16.04 x86

You mean you're curious about the number between permissions string and owner name? — Byte Commander, Sep 03 '16 at 18:51
For the parts of ls -l output explained, see http://askubuntu.com/q/710905, http://askubuntu.com/q/517229 or http://unix.stackexchange.com/q/103114 please. — Byte Commander, Sep 03 '16 at 19:00

heemayl · Accepted Answer · 2016-09-03T20:48:01.577

The + after the normal permission bits indicate a special permission is in effect for the file/directory. The special permission is POSIX ACL (Access Control List).

You can set a ACL rule by using setfacl and view the already set rule(s) by getfacl.

Example:

% ls -l foo.sh
-rwxrwxr-x 1 foobar foobar 206 Aug 28 02:08 foo.sh

% setfacl -m u:spamegg:x foo.sh

% ls -l foo.sh                
-rwxrwxr-x+ 1 foobar foobar 206 Aug 28 02:08 foo.sh

% getfacl foo.sh
# file: foo.sh
# owner: foobar
# group: foobar
user::rwx
user:spamegg:--x
group::rwx
mask::rwx
other::r-x

Check man getfacl and man setfacl to get more idea.

As a side note, if you see a . inplace of +, that's for the SELINUX context.

And the 3 after + indicates number of hard links the file has. A hardlink is a name for the file (file's inode precisely) so number of hard links indicate number of names the file has.

In your case the entry is:

drwxr-x---+ 3 root     root      4096 Sep  3 08:14 ../

It's for the parent directory of the current directory (/media/username/DATA), so .. points to /media/username directory.

Now, in Linux, every directory has at least two hard links, one is for . (current directory, link to itself) and the other is it's entry in the parent directory (name-inode mapping), this was inherited from the Unix.

You have hard link count as 3 for /media/username, which means /media/username has one subdirectory (default 2 plus one for the .. entry of the subdirectory). If there were 2 subdirectories, the hard link count would be 4 due to both subdirectories mapping .. back to the parent.

Check man ls also.

That's a directory, so the link count is the number of subdirectories plus two. — Kevin, Sep 03 '16 at 20:33

score 8 · Answer 2 · edited Apr 13 '17 at 12:23

+ at the end of the permissions string signifies an ACL (Access Control List) permission. You can see exactly what permissions it allows and to which users with

getfacl ../

or rather

getfacl /media/$USER

In my case:

$ getfacl /media/zanna
getfacl: Removing leading '/' from absolute path names
# file: media/zanna
# owner: root
# group: root
user::rwx
user:zanna:r-x
group::---
mask::r-x
other::---

This shows the owner and group and then the unnamed "user" (owner) group and world (others) permissions with an extra entry for the user zanna. The "mask" limits the effective rights for group and named users.

ACLs are an extension to the traditional Linux permissions system that allows permissions to be set for a single user or group, allowing finer control. You can read more about the security reasons for having root own this mount point and the use of ACL permissions in /media in this post

The 3 is unrelated to the +. it indicates the number of hard links to the file.

This only explains the + though, which signals that ACLs are active for this entry in addition to the traditional permission settings. However, this does not explain the 3. — Byte Commander, Sep 03 '16 at 18:58
@ByteCommander hah it didn't occur to me they were asking about the 3, thanks! — Zanna, Sep 03 '16 at 19:10

What does "+ 3" mean in result of 'ls -al'?

2 Answers2

Linked