Linux / UNIX : Examples of find command to find files with specific sets of permissions

Sometimes, for security audit purposes it might be required to find files with specific permissions. find command comes handy to achieve this kind of requirements. The post describes few examples of find command used to find files with specific sets of permissions. Before we dive into the examples, here are few basics on the permission bits

4 - Read Permission (r)
2 - Write Permission (w)
1 - Executable Permission (x)

So if a file has “rwx” it will have 4+2+1=7 or if a file has “rx” it will be 4+1=5

perm parameter of find command

The -perm parameter of the find command can be used to find the files with specific permissions. The 2 ways to specify the permissions with the -perm parameter are :

-perm -mode    ---    All of the permission bits mode are set for the file.
-perm /mode    ---    Any of the permission bits mode are set for the file.

In perm we are mentioning 4 bits

1st bit is for special permission e.g. SUID(4) SGID(2) or sticky bit(1)
2nd bit is for owner permission
3rd bit is for group permission
4th bit is for others permission

1. Command to find files with (group or other or both) writable permission and SET UID set .

# find / -perm /022 -and -perm -4000 -exec ls -ldb {} ;
               ^^^^             ^
               ||||             |-- So the SUID is 4
               ||||-- Other is writable (2)  
               |||--Group permission is writable (2)
               ||-- No owner permission mentioned (0)
               |-- As the logic is OR - group or other or both

So the logic is : ( group writable OR other writable ) AND SUID set

2. Command to list files with other writable excluding sticky bit set.

# find / -perm -002 -not -perm -1000 -exec ls -ldb {} ;
               ^^^^             ^
               ||||             |-- So the sticky bit is set (1)
               ||||-- Other is writable (2)        
               |||--No owner permission mentioned (0)
               ||-- No owner permission mentioned (0)
               |-- Well it does not matter if it is "-" or "/" as there is only one condition mentioned

Now the logic here is : Other writable NOT sticky bit set

Examples

1. Command to list files with other writable and sticky bit set.

# find / -perm -002 -and -perm -1000 -exec ls -ldb {} ;

2. Command to list files with other writable excluding sticky bit set.

# find / -perm -002 -not -perm -1000 -exec ls -ldb {} ;

3. Command to list files with (group + other) writable permission and SET UID set.

# find / -perm -4022 -exec ls -ldb {} ;

4. Command to list files with (group + other) writable and SET GID set.

# find / -perm -2022 -exec ls -ldb {} ;

5. Command to list files with other writable and sticky bit set.

# find / -perm -1002 -exec ls -ldb {} ;

6. Command to list files with other writable excluding sticky bit set.

# find / -perm -002 -not -perm -1000 -exec ls -ldb {} ;

Next Read: CentOS / RHEL 6 : How to Save iptables Rules »

mk Command Examples
mk is a task runner tool commonly used for controlling the compilation process of executables…
mixxx Command Examples
Mixxx is a free and open-source DJ software designed for DJs of all skill levels.…
mix Command Examples
Mix is a versatile build tool designed specifically for Elixir projects. It offers a wide…
mitmproxy Command Examples
mitmproxy is an interactive HTTP proxy tool that operates as a man-in-the-middle (MITM) between a…
mitmdump Command Examples
mitmdump is a command-line tool that is part of the mitmproxy suite, which is designed…