What does "?" means in ls -l output?

Question

I saw a few files/dir are inaccessible even to the root user:

find: ‘/run/user/1000/gvfs’: Permission denied.

So I went a level deeper and ran ls -l; below is the output.

/run/user/125# ll
ls: cannot access 'gvfs': Permission denied
total 4
drwx------ 12 gdm  gdm  340 Sep  3 10:20 ./
drwxr-xr-x  4 root root  80 Sep  3 10:19 ../
srw-rw-rw-  1 gdm  gdm    0 Sep  3 10:19 bus=
drwx------  3 gdm  gdm   60 Sep  3 10:19 dbus-1/
drwx------  2 gdm  gdm   60 Sep  3 10:19 dconf/
drwx--x--x  2 gdm  gdm   60 Sep  3 10:19 gdm/
prw-rw-r--  1 gdm  gdm    0 Sep  3 10:19 gnome-session-leader-fifo|
drwx------  3 gdm  gdm   60 Sep  3 10:19 gnome-shell/
drwx------  2 gdm  gdm  140 Sep  3 10:19 gnupg/
d?????????  ? ?    ?      ?            ? gvfs/
-rw-------  1 gdm  gdm  318 Sep  3 10:19 ICEauthority
d---------  3 gdm  gdm  160 Sep  3 10:19 inaccessible/
drwx------  2 gdm  gdm  100 Sep  3 10:19 keyring/
srw-rw-rw-  1 gdm  gdm    0 Sep  3 10:19 pk-debconf-socket=
drwx------  2 gdm  gdm   80 Sep  3 10:19 pulse/
srw-rw-rw-  1 gdm  gdm    0 Sep  3 10:19 snapd-session-agent.socket=
drwxr-xr-x  3 gdm  gdm  100 Sep  3 10:19 systemd/

Why do we see ? against file/dir gvfs?

This is a nice addition to https://unix.stackexchange.com/questions/103114/what-do-the-fields-in-ls-al-output-mean — Jeff Schaller, Sep 03 '20 at 14:04

Stephen Kitt · Answer 1 · 2020-09-04T04:40:31.693

13

The question marks mean that ls can’t read the corresponding information; it reports that at the top of its output:

ls: cannot access 'gvfs': Permission denied

gvfs is inaccessible to all users except its owner, even to root, because it’s a user-owned FUSE mount — such mounts are inaccessible even to root, to prevent a malicious FUSE process from taking advantage of the situation:

$ mount|grep /run/user/125/gvfs
gvfsd-fuse on /run/user/125/gvfs type fuse.gvfsd-fuse (rw,nosuid,nodev,relatime,user_id=125,group_id=125)

The information displayed for a mount point comes from “inside” the mount, and the only user allowed to read the FUSE mount is the owner. (And yes, this is somewhat surprising given the expected privilege of the root user.)

edited Sep 04 '20 at 04:40

answered Sep 03 '20 at 13:32

Stephen Kitt

434,908

:-) thx - cat /etc/passwd | grep 125 whoopsie:x:120:125::/nonexistent:/bin/false gdm:x:125:130:Gnome Display Manager:/var/lib/gdm3:/bin/false , does gdm user have any default pass. I know, i should not be bothered. It's just to explore. – samshers Sep 03 '20 at 13:46
?? bit amazed - well said- And yes, this is somewhat surprising given the expected privilege of the root user. – samshers Sep 03 '20 at 13:48
gdm doesn’t have a default password, no. The account is set up so that you can’t log in with it. – Stephen Kitt Sep 03 '20 at 13:55
:-) :-) hurray --> then --> su gdm --> no passwd promt --> but nothing happens, prompt still says root NOT gdm and ll returns same error. :-) :-) As you quoted - The account is set up so that you can’t log in with it. – samshers Sep 03 '20 at 14:00
1

User-owned FUSE mounts aren't readable by root by default because the FUSE process runs as the user and that process could detect the root user and provide malicious data to them. – bk2204 Sep 03 '20 at 23:58

What does "?" means in ls -l output?

1 Answers1

Linked