find: simple tricks to find certain specific permissions

Isaac

2 minutes

find

find is a very useful command to find directories and files, since it has a multitude of options to filter searches by dates, size, type, etc. A very powerful tool that can be used for a multitude of purposes if it is combined with pipes, or with xargs, as we have shown in other tutorials. For example, you can delete all localized files in one go.

It is also used for audits performed for security or by system administrators. For example, to locate some files or directories with certain active permissions, which could be dangerous for security. I will dedicate this tutorial especially to some options that perhaps you did not know and that can help you locate certain files with very specific permissions.

You already know that with the -perm option you can search for files / directories that have a series of specific permissions. But additionally you can use some extra options to further refine your search or expand it.

For example, imagine that you want to locate the files or directories of the current path that have total permits 777 (rwxrwxrwx), which can be a security risk:

<br data-mce-bogus="1">

find . -perm 777<br data-mce-bogus="1">

This is typical, but imagine that you want to search for those that do not have those permissions, for this you can use -note:

find . -not -perm 777

If you want to broaden the search a little more, and not find files or directories with such specific permissions, you can use -. With this, you will be specifying that the files with "at least" those permissions or higher (in this case at least 644):

find . -perm -644

You can also search for files / directories that have the bits set SUID, SGID, and Sticky Bit, which could also represent security issues as you know. But of course, for it to search for anyone, regardless of the rest of the permissions (be it 777, 644, or whatever), you must use / to bypass the standard permissions. For this, you can use respectively:

find . -perm /4000
find . -perm /2000
find . -perm /1000

In this case, it won't matter if it's 4777, 4644, or whatever. It would locate all those who have that bit active.

Lastly, you can also use this other command, though you must be careful or you could inappropriately configure some files that have to have specific permissions. But if you know what you're doing, you can modify all the permissions of the files located by find to the ones you want with a single command:

find -perm -744 -exec chmod -R 644 {} \;

In this case change all 744 found to 644 ...


Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.