Tutonics

Find files based on their permissions

inspect-code

In this post we'll show you how to use the Ubuntu/Linux find command to locate files on your system based on file permissions.

Reading time:
3 min
Tags:

If you're not familiar with Linux file permissions you may want to read our post about file permissions.

Find files based on permissions (numeric)

If you want to use the find command to check for matches based on the permissions of the file you need to use the -perm test. This takes the form:

find / -perm pmode

Where pmode can be a symbolic or numeric mode optionally prefixed by a - or a / (these prefixes are explained below).

When there is no prefix, the permissions of the file being examined must match those specified by pmode exactly.

For example,

find / -perm 644

the above command will only match files with permissions of exactly 644.

The - prefix

If a - is used to prefix the mode as in:

find -perm -644

What this does is match files where the read and write permission bits are set for the owner, but group and other only have "read" permissions bits set. Any extra file mode bits are ignored. This means that files with the following permissions would match OK: 777, 776, 766, 755, 754, 744, 666, 655, 654, 644

While files with permissions 642, 624, 622, 611, 600, 544, 543, 533, 532, 522, 521, etc ... would not match.

So you can think of the - prefix as meaning at least these bit(s) must be set for a file to match.

The / Prefix

If a / is used as the prefix, as in:

find / -perm /222

it means that a match will occur if either the owner, the group, or other have their write bit set.

So you can think of it as at least one category has at least the respective bit(s) set for a file to match.

As another example, if you want a match to occur when the owner has read/write/execute permissions, or the group has at least execute permission, or other has at least execute permission, you could use:

find / -perm /711

Find files based on permissions (symbolic)

You can use the symbolic notation for representing file permissions if you wish.

The same rules for the prefixes - and / apply (explained above), to find an exact match just omit the prefix.

If you need a reminder about how to use the symbolic notation of file permissions, you may want to read our file permissions post.

We can use the a,u,g,o and r,w,x,s, and t letters to accomplish the same job as the numeric values.

For example, to construct a find command using the symbolic notation that matches the numeric notation for find / -perm /222 mentioned earlier (matches if either the owner, the group, or other have their write bit set), one could use:

find / -perm /u+w,g+w,o+w

or to be more concise:

find / -perm /a+w

To find files that are writable by group or other, you could use:

find / -perm /g+w,o+w

This command will find the same files:

find / -perm /g=w,o=w

Thus when using the -perm option, you can use = or + for symbolic notation... it doesn't matter.

To find files with at least permissions -rw-r--r-- (octal 644), use:

find / -perm -u+rw,g+r,o+r

Once again note that all must match at least their respective bits, so a file with permissions -rw-r-xr-- (octal 654) would match, while a file with -rw--wxr-- (octal 634) would not match.

Alternatively, to find files with any of the categories matching at least the respective bits, use the / prefix instead:

find / -perm /u+rw,g+r,o+r

Thank you for reading this article.
Please share if you liked it.