"find" command examples
From Brandonhutchinson.com
(Difference between revisions)
| Line 13: | Line 13: | ||
* Find SUID or SGID files that are actually executable by user, group, or other: | * Find SUID or SGID files that are actually executable by user, group, or other: | ||
$ '''find / -perm -4000 -o -perm -2000 -a -perm +111''' | $ '''find / -perm -4000 -o -perm -2000 -a -perm +111''' | ||
| + | |||
| + | * Find all SUID or SGID files that are actually executable by user, group, or other. Exclude files from ''dir1'' and ''dir2''. | ||
| + | $ '''find / \( -path '/dir1' -o -path '/dir2' \) -prune -o \( -perm -4000 -o -perm -2000 \) -a -perm +111 | ||
== Notes == | == Notes == | ||
Current revision
- Find group-writable or other-writable files:
$ find . -type f -perm -022
- Find only group-writable files:
$ find . -type f -perm -020 ! -perm -022
- Find SUID files:
$ find / -perm -4000
- Find SUID or SGID files:
$ find / -perm -4000 -o -perm -2000
- Find SUID or SGID files that are actually executable by user, group, or other:
$ find / -perm -4000 -o -perm -2000 -a -perm +111
- Find all SUID or SGID files that are actually executable by user, group, or other. Exclude files from dir1 and dir2.
$ find / \( -path '/dir1' -o -path '/dir2' \) -prune -o \( -perm -4000 -o -perm -2000 \) -a -perm +111
Notes
- -perm
- If the mask is unsigned, an exact match on the permissions is required.
- If the mask is +, at least one of the bits set must match.
- If the mask is -, all of the bits set must match.
- When specifying times with find,
- 0 means within the last day (24 hours)
- 1 means between 24 and 48 hours old
- 2 means between 48 and 72 hours old, etc.
