"find" command examples

From Brandonhutchinson.com

(Difference between revisions)
Jump to: navigation, search
(New page: * Find group-writable or world-writable files: $ '''find . -type f -perm -022''' * Find only group-writable files: $ '''find . -type f -perm -020 ! -perm -022''')
Current revision (01:41, 24 December 2008) (edit) (undo)
 
(6 intermediate revisions not shown.)
Line 1: Line 1:
-
* Find group-writable or world-writable files:
+
* Find group-writable or other-writable files:
$ '''find . -type f -perm -022'''
$ '''find . -type f -perm -022'''
* Find only group-writable files:
* Find only group-writable files:
$ '''find . -type f -perm -020 ! -perm -022'''
$ '''find . -type f -perm -020 ! -perm -022'''
 +
 +
* Find SUID files:
 +
$ '''find / -perm -4000'''
 +
 +
* Find SUID or SGID files:
 +
$ '''find / -perm -4000 -o -perm -2000'''
 +
 +
* Find SUID or SGID files that are actually executable by user, group, or other:
 +
$ '''find / -perm -4000 -o -perm -2000 -a -perm +111'''
 +
 +
* Find all SUID or SGID files that are actually executable by user, group, or other. Exclude files from ''dir1'' and ''dir2''.
 +
$ '''find / \( -path '/dir1' -o -path '/dir2' \) -prune -o \( -perm -4000 -o -perm -2000 \) -a -perm +111
 +
 +
== Notes ==
 +
 +
* '''-perm'''
 +
** If the mask is unsigned, an exact match on the permissions is required.
 +
** If the mask is +, at least one of the bits set must match.
 +
** If the mask is -, all of the bits set must match.
 +
 +
* When specifying times with find,
 +
** 0 means within the last day (24 hours)
 +
** 1 means between 24 and 48 hours old
 +
** 2 means between 48 and 72 hours old, etc.

Current revision

  • Find group-writable or other-writable files:
$ find . -type f -perm -022
  • Find only group-writable files:
$ find . -type f -perm -020 ! -perm -022
  • Find SUID files:
$ find / -perm -4000
  • Find SUID or SGID files:
$ find / -perm -4000 -o -perm -2000
  • Find SUID or SGID files that are actually executable by user, group, or other:
$ find / -perm -4000 -o -perm -2000 -a -perm +111
  • Find all SUID or SGID files that are actually executable by user, group, or other. Exclude files from dir1 and dir2.
$ find / \( -path '/dir1' -o -path '/dir2' \) -prune -o \( -perm -4000 -o -perm -2000 \) -a -perm +111

Notes

  • -perm
    • If the mask is unsigned, an exact match on the permissions is required.
    • If the mask is +, at least one of the bits set must match.
    • If the mask is -, all of the bits set must match.
  • When specifying times with find,
    • 0 means within the last day (24 hours)
    • 1 means between 24 and 48 hours old
    • 2 means between 48 and 72 hours old, etc.
Personal tools