file
Determine a file's type by inspecting its contents
By CMD Script Team · 4 min read · Last updated
file [OPTIONS] FILE...Options
| Flag | Description |
|---|---|
-i | Output a MIME type string (e.g. text/plain; charset=us-ascii) instead of a human-readable description |
-z | Look inside compressed files and report the type of the compressed content |
-b | Brief mode: omit the filename from the output |
-L | Follow symbolic links and report the type of the target, not the link itself |
-s | Read special/device files, not just regular files (useful for block devices) |
Distribution compatibility
- Ubuntu
- Debian
- Fedora
- Arch
- macOS
What it does
file examines a file's actual content — its magic bytes and internal structure —
rather than trusting its name or extension, and reports what kind of file it really is:
text, a specific image format, an executable, an archive, a script, and so on. This makes
it invaluable for identifying files with missing, wrong, or suspicious extensions.
Beginner examples
file document.pdf— confirm a file really is a PDFfile *— identify every file in the current directoryfile unknown_download— figure out what a file with no useful extension actually isfile script.sh— check whether a script is a shell script, and which interpreter it expects
file ~/Downloads/mystery_file
Advanced examples
- Get a machine-readable MIME type for use in scripts:
file -i uploaded_file - Peek inside a compressed archive without extracting it:
file -z backup.tar.gz - Check the type of what a symlink actually points to:
file -L /usr/bin/python - Identify every file's type in bulk and pipe to further processing:
file * | grep "ASCII text" - Inspect a device file's type (needs appropriate permissions):
file -s /dev/sda1
find . -type f -exec file {} \; | grep -i "executable"
Common mistakes
- Trusting a file's extension over what
filereports — a.txtfile can actually be a renamed image, script, or executable, andfilewill reveal that mismatch. - Assuming
filecan always determine a definitive type — some ambiguous or corrupted files get reported simply as "data" when no known signature matches. - Forgetting
-zwhen trying to identify content inside a compressed file, and only getting "gzip compressed data" instead of what's inside it. - Using
fileon a huge directory of files without redirecting output, producing an overwhelming wall of text; pipe throughgreporlessinstead.
Tips
- Use
file -iwhen you need output suitable for scripting or comparison, since MIME types are more standardized than the free-form human descriptions. - Combine
filewithfindto audit a directory for unexpected file types, e.g. finding executables hiding among what should be plain documents. - Before opening or executing an unfamiliar downloaded file, run
fileon it first as a quick sanity check.
Best practices
- Always verify unknown or user-uploaded files with
file(or equivalent magic-byte inspection) before processing them — never trust a client-supplied extension or Content-Type header alone for security-sensitive handling. - In upload-handling scripts, combine
file -ioutput with an allowlist of expected MIME types rather than filtering purely on file extension. - Use
fileas a first diagnostic step when a tool refuses to open a file, since it often reveals the file is not the type you assumed.
Try it yourself
A simulated shell with a sample home directory — experiment freely, nothing leaves your browser. Type help to list supported commands.
Real-world use cases
- Verifying an uploaded file's real type server-side before accepting it, to guard against disguised executables or scripts.
- Figuring out what a mystery file left behind by a coworker or a backup actually is, when it has no extension.
- Confirming a downloaded installer or archive isn't corrupted or mislabeled before running it.
Common interview questions
- How does the file command determine a file's type? It reads the file's contents and matches known byte-sequence signatures ("magic numbers") against a magic database, rather than relying on the filename or extension.
- Why shouldn't you trust a file's extension for security purposes? Extensions are
just naming conventions that can be wrong or deliberately spoofed; the
filecommand's content-based detection is far more reliable for determining what a file actually is. - How would you check what type of content is inside a .gz archive without
extracting it?
file -z archive.gz, which inspects the compressed content and reports both the compression format and the type of data inside.
Frequently Asked Questions
How does file know a file's type if the extension is wrong or missing?
file inspects the actual bytes of the file — its "magic number" or header signature — and compares them against a database of known file-type signatures (typically /usr/share/file/magic), rather than trusting the filename extension.
How do I get a MIME type instead of a description?
Use file -i filename, which outputs something like image/jpeg; charset=binary instead of the plain description "JPEG image data".
Can file identify what's inside a compressed archive?
With -z, file will look inside compressed files (like .gz) and describe the type of the decompressed content in addition to noting the compression format.
Why would I use file instead of just checking the extension?
Extensions are just naming conventions and can be wrong, missing, or deliberately misleading (e.g. a renamed executable). file's magic-byte detection reveals what a file actually is, which matters for security and for handling unknown downloads correctly.
Cheat sheet
Download a quick-reference cheat sheet for file.