Unix file types

Last updated

The seven standard Unix file types are regular, directory, symbolic link, FIFO special, block special, character special, and socket as defined by POSIX. [1] Different OS-specific implementations allow more types than what POSIX requires (e.g. Solaris doors). A file's type can be identified by the ls -l command, which displays the type in the first character of the file-system permissions field.


For regular files, Unix does not impose or provide any internal file structure; therefore, their structure and interpretation is entirely dependent on the software using them. However, the file command can be used to determine what type of data they contain.



In the stat structure, file type and permissions (the mode) are stored together in a st_mode bit field, which has a size of at least 12 bits (3 bits to specify the type among the seven possible types of files; 9 bits for permissions). The layout for permissions is defined by POSIX to be at the least-significant 9 bits, but the rest is undefined. [1]

By convention, the mode is a 16-bit value written out as a six-digit octal number without a leading zero. The format part occupies the lead 4-bits (2 octal digits), and "010" (1000 in binary) usually stands for a regular file. The next 3 bits (1 digit) are usually used for setuid, setgid, and sticky. The last part is already defined by POSIX to contain the permission. An example is "100644" for a typical file. This format can be seen in git, tar, and ar, among other places. [2]

The type of a file can be tested using macros like S_ISDIR. Such a check is usually performed by masking the mode with S_IFMT (often the octal number "170000" for the lead 4 bits convention) and checking whether the result matches S_IFDIR. S_IFMT is not a core POSIX concept, but a X/Open System Interfaces (XSI) extension; systems conforming to only POSIX may use some other methods. [1]

Mode string

Take for example one line in the ls -l output:

drwxr-xr-x 2 root root     0 Jan  1  1970 home

POSIX specifies [3] the format of the output for the long format (-l option). In particular, the first field (before the first space) is dubbed the "file mode string" and its first character describes the file type. The rest of this string indicates the file permissions.

Therefore, in the example, the mode string is drwxr-xr-x: the file type is d (directory) and the permissions are rwxr-xr-x.

Examples of implementations

The GNU coreutils version of ls uses a call to filemode(), a glibc function (exposed in the gnulib library [4] ) to get the mode string.

FreeBSD uses a simpler approach but allows a smaller number of file types. [5]

Regular file

Regular files show up in ls -l with a hyphen-minus - in the mode field:

$ ls -l /etc/passwd -rw-r--r-- ... /etc/passwd


The most common special file is the directory. The layout of a directory file is defined by the filesystem used. As several filesystems are available under Unix, both native and non-native, there is no one directory file layout.

A directory is marked with a d as the first letter in the mode field in the output of ls -dl or stat, e.g.

$ ls -dl / drwxr-xr-x 26 root root 4096 Sep 22 09:29 /  $ stat /   File: "/"   Size: 4096            Blocks: 8          IO Block: 4096   directory Device: 802h/2050d      Inode: 128         Links: 26 Access: (0755/drwxr-xr-x)  Uid: (    0/    root)   Gid: (    0/    root) ...

A symbolic link is a reference to another file. This special file is stored as a textual representation of the referenced file's path (which means the destination may be a relative path, or may not exist at all).

A symbolic link is marked with an l (lower case L) as the first letter of the mode string, e.g.

lrwxrwxrwx ... termcap -> /usr/share/misc/termcap lrwxrwxrwx ... S03xinetd -> ../init.d/xinetd

FIFO (named pipe)

One of the strengths of Unix has always been inter-process communication. Among the facilities provided by the OS are pipes, which connect the output of one process to the input of another. This is fine if both processes exist in the same parent process space, started by the same user, but there are circumstances where the communicating processes must use FIFOs, here referred to as named pipes. One such circumstance occurs when the processes must be executed under different user names and permissions.

Named pipes are special files that can exist anywhere in the file system. They can be created with the command mkfifo as in mkfifo mypipe.

A named pipe is marked with a p as the first letter of the mode string, e.g.

prw-rw---- ... mypipe


A socket is a special file used for inter-process communication, which enables communication between two processes. In addition to sending data, processes can send file descriptors across a Unix domain socket connection using the sendmsg() and recvmsg() system calls.

Unlike named pipes which allow only unidirectional data flow, sockets are fully duplex-capable.

A socket is marked with an s as the first letter of the mode string, e.g.

srwxrwxrwx /tmp/.X11-unix/X0

Device file (block, character)

In Unix, almost all things are handled as files and have a location in the file system, even hardware devices like hard drives. The great exception is network devices, which do not turn up in the file system but are handled separately.

Device files are used to apply access rights to the devices and to direct operations on the files to the appropriate device drivers.

Unix makes a distinction between character devices and block devices. The distinction is roughly as follows:

Although, for example, disk partitions may have both character devices that provide un-buffered random access to blocks on the partition and block devices that provide buffered random access to blocks on the partition.

A character device is marked with a c as the first letter of the mode string. Likewise, a block device is marked with a b, e.g.

crw------- ... /dev/null brw-rw---- ... /dev/sda 


A door is a special file for inter-process communication between a client and server, currently implemented only in Solaris.

A door is marked with a D (upper case) as the first letter of the mode string, e.g.

Dr--r--r-- ... name_service_door

See also

Related Research Articles

Shell script Script written for the shell, or command line interpreter, of an operating system

A shell script is a computer program designed to be run by the Unix shell, a command-line interpreter. The various dialects of shell scripts are considered to be scripting languages. Typical operations performed by shell scripts include file manipulation, program execution, and printing text. A script which sets up the environment, runs the program, and does any necessary cleanup, logging, etc. is called a wrapper.

In Unix and Unix-like operating systems, chmod is the command and system call used to change the access permissions of file system objects sometimes known as modes. It is also used to change special mode flags such as setuid and setgid flags and a 'sticky' bit. The request is filtered by the umask. The name is an abbreviation of change mode. They are shown when listing files in long format.

In computing, tar is a computer software utility for collecting many files into one archive file, often referred to as a tarball, for distribution or backup purposes. The name is derived from "tape archive", as it was originally developed to write data to sequential I/O devices with no file system of their own. The archive data sets created by tar contain various file system parameters, such as name, timestamps, ownership, file-access permissions, and directory organization.


In computing, ls is a command to list computer files in Unix and Unix-like operating systems. ls is specified by POSIX and the Single UNIX Specification. When invoked without any arguments, ls lists the files in the current working directory. The command is also available in the EFI shell. In other environments, such as DOS, OS/2, and Microsoft Windows, similar functionality is provided by the dir command. The numerical computing environments MATLAB and GNU Octave include an ls function with similar functionality.

In computing, a symbolic link is a term for any file that contains a reference to another file or directory in the form of an absolute or relative path and that affects pathname resolution.

Unix security refers to the means of securing a Unix or Unix-like operating system. A secure environment is achieved not only by the design concepts of these operating systems, but also through vigilant user and administrative practices.

The inode is a data structure in a Unix-style file system that describes a file-system object such as a file or a directory. Each inode stores the attributes and disk block locations of the object's data. File-system object attributes may include metadata, as well as owner and permission data.

In Unix and Unix-like computer operating systems, a file descriptor is a unique identifier (handle) for a file or other input/output resource, such as a pipe or network socket.

stat (system call)

stat is a Unix system call that returns file attributes about an inode. The semantics of stat vary between operating systems. As an example, Unix command ls uses this system call to retrieve information on files that includes:

In computing, umask is a command that determines the settings of a mask that controls how file permissions are set for newly created files. It may also affect how the file permissions are changed explicitly. umask is also a function that sets the mask, or it may refer to the mask itself, which is formally known as the file mode creation mask. The mask is a grouping of bits, each of which restricts how its corresponding permission is set for newly created files. The bits in the mask may be changed by invoking the umask command.

Most file systems include attributes of files and directories that control the ability of users to read, change, navigate, and execute the contents of the file system. In some cases, menu options or functions may be made visible or hidden depending on a user's permission level; this kind of user interface is referred to as permission-driven.

Multi-Environment Real-Time (MERT), later renamed UNIX Real-Time (UNIX-RT), is a hybrid time-sharing and real-time operating system developed in the 1970s at Bell Labs for use in embedded minicomputers. A version named Duplex Multi Environment Real Time (DMERT) was the operating system for the AT&T 3B20D telephone switching minicomputer, designed for high availability; DMERT was later renamed Unix RTR.

The file command is a standard program of Unix and Unix-like operating systems for recognizing the type of data contained in a computer file.

In Unix-like and some other operating systems, find is a command-line utility that locates files based on some user-specified criteria and either prints the pathname of each matched object or, if another action is requested, performs that action on each matched object.

Comparison of command shells Wikimedia list article

A command shell is a command-line interface computer program to an operating system.

In computing, the sticky bit is a user ownership access right flag that can be assigned to files and directories on Unix-like systems.

In computing, tee is a command in command-line interpreters (shells) using standard streams which reads standard input and writes it to both standard output and one or more files, effectively duplicating its input. It is primarily used in conjunction with pipes and filters. The command is named after the T-splitter used in plumbing.

cpio is a general file archiver utility and its associated file format. It is primarily installed on Unix-like computer operating systems. The software utility was originally intended as a tape archiving program as part of the Programmer's Workbench (PWB/UNIX), and has been a component of virtually every Unix operating system released thereafter. Its name is derived from the phrase copy in and out, in close description of the program's use of standard input and standard output in its operation.

The Unix command fuser is used to show which processes are using a specified computer file, file system, or Unix socket.

Toybox is a free and open-source software implementation of over 200 Unix command line utilities such as ls, cp, and mv. The Toybox project was started in 2006, and became a 0BSD licensed BusyBox alternative. Toybox is included with Android 6.0 "Marshmallow" and all later Android versions, and also used to build Android on Linux and macOS. All of the tools are tested on Linux, and many of them also work on BSD and macOS.


  1. 1 2 3 "<sys/stat.h>". The Open Group Base Specifications Issue 6. The Open Group. 21 July 2019.
  2. Kitt, Stephen. "What file mode is a symlink?". Unix & Linux Stack Exchange.
  3. "IEEE Std 1003.1-2008 ls". The Open Group. 11 March 2017.
  4. "filemode function in GNU coreutils". GNU. 11 March 2017.
  5. "printtype function from FreeBSD". FreeBSD. 11 March 2017.