# Enumerate Metadata
## Commands
| `ls -lisa` | File info |
| ------------------------------------------------------------- | --------------------------------------------------------------- |
| `file [file]` | Determine File Type. |
| `stat [file]` | Display Detailed File Information. |
| `statvfs [directory_path]` | Display Filesystem Information. |
| `lsattr [filename]` | Lists the attributes of the specified file. |
| `getfacl [filename]` | Displays the Access Control Lists (ACLs) of the specified file. |
| `getcap [filepath]` | Check a specific file for capabilities |
| `getcap -r [filepath]` | Recursive |
| `namei /sbin/init` | Shows available links to the file. D = dir, F = File, L = Link |
| `namei -mo /sbin/init` | Better, shows file permissions and owners |
### Identifying Symlinks and Hard Links
`ls -l`
Look at the third column:
Hard link: The number in this column represents the number of hard links pointing to the same data block. If it's greater than 1, it's a hard link.
Soft link: This column will display a hyphen (-) followed by the file size and filename of the file the link points to.
`file`
The output will tell you the file type.
Hard link: It will say something like "inode link to "
Soft link: It will say "symbolic link to "
`stat`
Look for the following differences:
Hard link: st\_ino (inode number) will be the same for both the link and the original file.
Soft link: st\_ino will be different for the link and the original file.
## Permission Notes
```bash
+------------------------+
| Owner | Group | Others |
| R W E | R W E | R W E |
| 4 2 1 | 4 2 1 | 4 2 1 |
+------------------------+
```
SUID (4): \
Execute with owner's permissions.
SGID (2):\
Execute with owning group's permissions.
Sticky Bit (1): \
Can't delete these files. Often root owned dirs. Only for dirs.
### Necessary Permissions by Action
```bash
Actions Dir File
----------------------------------------
Read File X R
Modify File X W
Create File WX
Delete File WX
Move File WX WX
Dir Listing R
Dir Listing w/ Metadata RX
Execute Binary X X
Execute Script X RX
```
## Timestamp Notes
ctime = Inode change
mtime = Content change
atime = Access time
`stat` - View inode info and timestamps of a file
Inode: Metadata about a file. Has pointers to the data that the file holds. Keeps track of file meteadata.
Changing the owner of a file changes `ctime` Creating a file changes ctime
Anytime the content is changed, the `ctime` is also changed, because the size of the file changes
Anytime file is moved or copied the path changes so the `ctime` also changes.
Anytime file is opened or executed, `atime` is changed.
#### Testing:
If you...
Create a dir
Go in to that dir
Create a subdir
Run stat on the original dir
The `atime` and `ctime` does NOT change.
If you...
Create a dir
Do NOT go in to that dir
Create a subdir
Run stat on the original dir
ALL times change. Except `birth` time.
## ls Options
`-a` or `--all`
`-l` or `--long`
`-h` or `--human-readable`
`-R` or `--recursive`
`-t` or `--sort=time`
`-S` or `--sort=size`
`-r` or `--reverse`
`-i` or `--inode`
`-d` or `--directory`
`-g` or `--group`
`-o` or `--owner`
`-F` or `--classify`
`-p` or `--indicator-style=slash`
`--color`
`-c` or `--time=ctime`
`-u` or `--time=atime`
`-1` or `--format=single-column`
`--group-directories-first`
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://www.shellspells.net/linux/file-ops/enumerate-metadata.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.