- Find files based on their permissions
- Find files based on permissions (numeric)
- The — prefix
- The / Prefix
- Find files based on permissions (symbolic)
- How to Find Files With SUID and SGID Permissions in Linux
- What is SUID and SGID?
- How to Find Files with SUID Set in Linux
- How to Find Files with SGID Set in Linux
- How can I find files that only have certain permission for owner?
- 2 Answers 2
- Find files based on permission
- 2 Answers 2
Find files based on their permissions
In this post we’ll show you how to use the Ubuntu/Linux find command to locate files on your system based on file permissions.
If you’re not familiar with Linux file permissions you may want to read our post about file permissions.
Find files based on permissions (numeric)
If you want to use the find command to check for matches based on the permissions of the file you need to use the -perm test. This takes the form:
Where pmode can be a symbolic or numeric mode optionally prefixed by a — or a / (these prefixes are explained below).
When there is no prefix, the permissions of the file being examined must match those specified by pmode exactly.
find / -perm the above command will only match files with permissions of exactly 644 .
The — prefix
If a — is used to prefix the mode as in:
What this does is match files where the read and write permission bits are set for the owner, but group and other only have «read» permissions bits set. Any extra file mode bits are ignored. This means that files with the following permissions would match OK: 777 , 776 , 766 , 755 , 754 , 744 , 666 , 655 , 654 , 644
While files with permissions 642 , 624 , 622 , 611 , 600 , 544 , 543 , 533 , 532 , 522 , 521 , etc . would not match.
So you can think of the — prefix as meaning at least these bit(s) must be set for a file to match.
The / Prefix
If a / is used as the prefix, as in:
it means that a match will occur if either the owner, the group, or other have their write bit set.
So you can think of it as at least one category has at least the respective bit(s) set for a file to match.
As another example, if you want a match to occur when the owner has read / write / execute permissions, or the group has at least execute permission, or other has at least execute permission, you could use:
Find files based on permissions (symbolic)
You can use the symbolic notation for representing file permissions if you wish.
The same rules for the prefixes — and / apply (explained above), to find an exact match just omit the prefix.
If you need a reminder about how to use the symbolic notation of file permissions, you may want to read our file permissions post.
We can use the a , u , g , o and r , w , x , s , and t letters to accomplish the same job as the numeric values.
For example, to construct a find command using the symbolic notation that matches the numeric notation for find / -perm /222 mentioned earlier (matches if either the owner, the group, or other have their write bit set), one could use:
To find files that are writable by group or other, you could use:
This command will find the same files:
find / -perm /gThus when using the -perm option, you can use = or + for symbolic notation. it doesn't matter.
To find files with at least permissions -rw-r—r— (octal 644 ), use:
Once again note that all must match at least their respective bits, so a file with permissions -rw-r-xr— (octal 654 ) would match, while a file with -rw—wxr— (octal 634 ) would not match.
Alternatively, to find files with any of the categories matching at least the respective bits, use the / prefix instead:
Thank you for reading this article.
Please share if you liked it.
How to Find Files With SUID and SGID Permissions in Linux
In this tutorial, we will explain auxiliary file permissions, commonly referred to as “special permissions” in Linux, and also we will show you how to find files which have SUID (Setuid) and SGID (Setgid) set.
What is SUID and SGID?
SUID is a special file permission for executable files which enables other users to run the file with effective permissions of the file owner. Instead of the normal x which represents execute permissions, you will see an s (to indicate SUID) special permission for the user.
SGID is a special file permission that also applies to executable files and enables other users to inherit the effective GID of file group owner. Likewise, rather than the usual x which represents execute permissions, you will see an s (to indicate SGID) special permission for group user.
Let’s look at how to find files which have SUID and SGID set using the find command.
$ find directory -perm /permissions
Important: Certain directories (such as /etc, /bin, /sbin etc.) or files require root privileges in order to be accessed or listed, if you are managing your system as a normal user, use the sudo command to gain root privileges.
How to Find Files with SUID Set in Linux
This below example command will find all files with SUID set in the current directory using -perm (print files only with permissions set to 4000) option.
You can use the ls command with -l option (for long listing) to view the permissions on the listed files as shown in the image above.
How to Find Files with SGID Set in Linux
To find files which have SGID set, type the following command.
To find files which have both SUID and SGID set, run the command below.
You may also like to read these useful guides about file permissions in Linux:
That’s it for now! In this guide, we showed you how to find files which have SUID (Setuid) and SGID (Setgid) set in Linux. If you have any questions, use the feedback form below to share any queries or additional thoughts about this topic.
How can I find files that only have certain permission for owner?
I would like to find files only by a certain user’s permission. For example, if I want to find a file that I have full permission. I may do something like:
2 Answers 2
find /path/to/file -user user1 -perm -u+rwx
This means: look for files starting in /path/to/files , owned by user1 , where the permissions for group and other can be anything ( — in front of the permission string) and the users permissions are only: rwx
To search for files only (no directories) then add -type f .
Also, try some reading. This has great examples: Find tutorial
-perm -mode
All of the permission bits mode are set for the file. Symbolic modes are accepted in this form, and this is usually the way in which would want to use them. You must specify ‘u’, ‘g’ or ‘o’ if you use a symbolic mode.
find . -user $(whoami) -perm -007
for the specified user, it returns files with the following privileges: rwx,
find . -user $(whoami) -perm -006
for the specified user, it returns files with the following privileges: rwx, rw,
find . -user $(whoami) -perm -005
for the specified user, it returns files with the following privileges: rwx, rx,
find . -user $(whoami) -perm -004
for the specified user, it returns files with the following privileges: rwx, rw, rx, r,
find . -user $(whoami) -perm -003
for the specified user, it returns files with the following privileges: rwx, wx,
find . -user $(whoami) -perm -002
for the specified user, it returns files with the following privileges: rwx, rw, wx, w,
find . -user $(whoami) -perm -001
for the specified user, it returns files with the following privileges: rwx, rx, wx, x,
find . -user $(whoami) -perm -000
for the specified user, it returns files with the following privileges: rwx, rw, rx, wx, r, w, x, 0,
-perm /mode
Any of the permission bits mode are set for the file. Symbolic modes are accepted in this form. You must specify ‘u’, ‘g’ or ‘o’ if you use a symbolic mode. (. ) If no permission bits in mode are set, this test matches any file (the idea here is to be consistent with the behaviour of -perm -000 ).
find . -user $(whoami) -perm /007
for the specified user, it returns files with the following privileges: rwx, rw, rx, wx, r, w, x,
find . -user $(whoami) -perm /006
for the specified user, it returns files with the following privileges: rwx, rw, rx, wx, r, w,
find . -user $(whoami) -perm /005
for the specified user, it returns files with the following privileges: rwx, rw, rx, wx, r, x,
find . -user $(whoami) -perm /004
for the specified user, it returns files with the following privileges: rwx, rw, rx, r,
find . -user $(whoami) -perm /003
for the specified user, it returns files with the following privileges: rwx, rw, rx, wx, w, x,
find . -user $(whoami) -perm /002
for the specified user, it returns files with the following privileges: rwx, rw, wx, w,
find . -user $(whoami) -perm /001
for the specified user, it returns files with the following privileges: rwx, rx, wx, x,
find . -user $(whoami) -perm /000
for the specified user, it returns files with the following privileges: rwx, rx, rw, wx, r, w, x, 0.
Examples have been tested.
Find files based on permission
How can I find a list of files that have some specific permissions? I want to find files owned by root user that have rwx permission for the owner. Is there any way to find a list of such files? I am using Ubuntu 16.04.
2 Answers 2
-user uname
File is owned by user uname (numeric user ID allowed).
All of the permission bits mode are set for the file. Symbolic modes are accepted in this form, and this is usually the way in which you would want to use them. You must specify ‘u’, ‘g’ or ‘o’ if you use a symbolic mode. See the EXAMPLES section for some illustrative examples.
find /path/to/directory -user root -perm -u+rwx
If you want to find all files a user has certain permission for (regardless if he is the owner (and even set via ACL)) you can use find with -readable , -writable and -executable .
To find all files for which user sam has read-permission
sudo -u sam find /path/to/directory -readable -ls
- sudo -u sam is needed because the three mentioned switches work with the permissions of the user that invoked find — so you need sudo to run find as user sam.
- -ls shows the complete entry for each file found
further examples
To find all files for which sam has execute or write permissions
sudo -u sam find /path/to/directory -writable -or -executable -ls
To find all files for which sam has execute and read permissions
sudo -u sam find /path/to/directory -readable -and -executable -ls
writable is not misspelled!