"find" command examples

(Difference between revisions)

Current revision

$ find . -type f -perm -022

$ find . -type f -perm -020 ! -perm -022

$ find / -perm -4000

$ find / -perm -4000 -o -perm -2000

$ find / -perm -4000 -o -perm -2000 -a -perm +111

Find all SUID or SGID files that are actually executable by user, group, or other. Exclude files from dir1 and dir2.

$ find / \( -path '/dir1' -o -path '/dir2' \) -prune -o \( -perm -4000 -o -perm -2000 \) -a -perm +111

-perm
- If the mask is unsigned, an exact match on the permissions is required.
- If the mask is +, at least one of the bits set must match.
- If the mask is -, all of the bits set must match.

When specifying times with find,
- 0 means within the last day (24 hours)
- 1 means between 24 and 48 hours old
- 2 means between 48 and 72 hours old, etc.

@@ Line 4: / Line 4: @@
 * Find only group-writable files:
  $ '''find . -type f -perm -020 ! -perm -022'''
+* Find SUID files:
+ $ '''find / -perm -4000'''
+* Find SUID or SGID files:
+ $ '''find / -perm -4000 -o -perm -2000'''
+* Find SUID or SGID files that are actually executable by user, group, or other:
+ $ '''find / -perm -4000 -o -perm -2000 -a -perm +111'''
+* Find all SUID or SGID files that are actually executable by user, group, or other. Exclude files from ''dir1'' and ''dir2''.
+ $ '''find / \( -path '/dir1' -o -path '/dir2' \) -prune -o \( -perm -4000 -o -perm -2000 \) -a -perm +111
 == Notes ==
@@ Line 11: / Line 23: @@
 ** If the mask is +, at least one of the bits set must match.
 ** If the mask is -, all of the bits set must match.
+* When specifying times with find,
+** 0 means within the last day (24 hours)
+** 1 means between 24 and 48 hours old
+** 2 means between 48 and 72 hours old, etc.