Skip to content

Find

Basic tags

  • -name
  • -type
    • -type d - directory
    • -type f - file

Perm (from RedHat)

Find resource permissions by using absolute mode

Find by absolute mode

The most fundamental permissions search uses no additional parameters. The statement reads as "find a resource with these permissions."

find /etc -perm 777

The command is: Search the /etc directory for resources with the 777 access level (rwx for all identities).

Find by -

The use of the - option means "at least this permission level is set, and any higher permissions."

find . -perm -644

Find by /

The use of the / option means "any of the permissions listed are set."

find . -perm /644

This example displays resources with 644 or greater permissions.

Find resource permissions by using symbolic mode

Symbolic mode uses the ugo symbols (user, group, others), rwx symbols (read, write, execute), and mathematical operators (such as + or -) to define permissions.

Find by -

The - option operates the same in symbolic mode as it did above in absolute mode. It displays resources with "at least this access level."

Example:

find -perm -u+w,g+w

Find by /

The / also functions the same in symbolic mode. It displays resources with "any permissions listed."

Example:

find -perm /u+w,g+w

Find resources with special permissions configured

Take a look at this article for more information on the special permissions.

Special permissions are configured using a fourth bit (leftmost):

  • SUID = 4
  • SGID = 2
  • Sticky Bit = 1

Tip: The output of the ls -l command will display an s in the executable field for the user if SUID is configured, an s in the executable field for the group if SGID is configured, and a T or t if the Sticky Bit is set (depending on whether execute is also set).

The following content covers searching for files with specific special permissions configured.

Find files with SUID configured

To find files where the SUID access level is defined, use the -perm option but include the fourth digit. SUID has an octal value of 4.

find /usr/bin -perm 4755

Find files with SGID configured

You can use the same syntax to display resources with the SGID permission defined by using the SGID octal value of 2.

find /usr/bin -perm 2755

Find files with the Sticky Bit configured

Finally, you can use the octal value of 1 to display resources with the Sticky Bit configured.

Here is a Sticky Bit example:

find /etc -perm /1444

Note: The - and / parameters work the same with special permissions as they do with standard permissions.