$ Linux One Liners
Back to lessons

Linux Survival Basics

Trace Every Parent Directory on a Permission Denial

You need to inspect each directory component in a path to find where traversal permission fails.

Command

namei -l fixtures/perm-audit/current/app/config/prod.token

What changed

Nothing changes. The command shows each path component with owner and mode.

Danger

safe

When to use it

Use when a process gets permission denied even though the final file looks readable.

When not to use it

Do not stop at the final file mode; parent execute bits and symlink targets matter.

Undo or recovery

No undo needed because this command is read-only.

Expected output

A component-by-component ownership and mode trace for the full path.

demo script

Disposable terminal steps

  1. stat -c '%A %U:%G %n' fixtures/perm-audit/current/app/config/prod.token
  2. namei -l fixtures/perm-audit/current/app/config/prod.token
Terminal transcript Demo JSON

simulated output

What it looks like

disposable vessel 
::fixture-ready::
$ stat -c '%A %U:%G %n' fixtures/perm-audit/current/app/config/prod.token
lrwxrwxrwx root:root fixtures/perm-audit/current/app/config/prod.token
::exit-code::0
$ namei -l fixtures/perm-audit/current/app/config/prod.token
f: fixtures/perm-audit/current/app/config/prod.token
drwxr-xr-x root root fixtures
drwxr-xr-x root root perm-audit
drwxr-xr-x root root current
lrwxrwxrwx root root app -> ../releases/2026-06-25
drwxr-xr-x root root   ..
drwxr-xr-x root root   releases
drwxr-xr-x root root   2026-06-25
drwxr-xr-x root root config
lrwxrwxrwx root root prod.token -> ../../../shared/secrets/prod.token
drwxr-xr-x root root   ..
drwxr-xr-x root root   ..
drwxr-xr-x root root   ..
drwxr-xr-x root root   shared
drwxr-xr-x root root   secrets
-rw------- root root   prod.token
::exit-code::0

YouTube Short

Trace the whole path.

Permission denied is not always about the file. Namei shows every parent directory and symlink in the path.

LinkedIn hook

The file mode can look fine while a parent directory blocks the whole path.

Question: When permission denied makes no sense, do you check parent directories first?

experiments

A/B tests to run

Metric: short_click_through_rate

A: Check the whole path.

B: The parent directory may block access.