In this post we'll show you how to use the Ubuntu/Linux find command to locate files on your system based on file permissions.
If you're not familiar with linux file permissions you may want to read our post about file permissions.
If you want to use the find command to check for matches based on the permissions of the file you need to use the "-perm" test. This takes the form:
find / -perm pmode
Where pmode can be a symbolic or numeric mode optionally prefixed by a "-" or a "/" (these prefixes are explained below). When there is no prefix, the permissions of the file being examined must match those specified by pmode exactly. For example,
find / -perm 644
the above command will only match files with permissions of exactly 644.
If a "-" is used to prefix the mode as in:
find -perm -644
What this does is match files where the "read" and "write" permission bits are set for the owner, but group and other only have "read" permissions bits set. Any extra file mode bits are ignored. This means that files with the following permissions would match ok: 777, 776, 766, 755, 754, 744, 666, 655, 654, 644 While files with permissions 642, 624, 622, 611, 600, 544, 543, 533, 532, 522, 521, etc ... would not match. So you can think of the "-" prefix as meaning "at least these bit(s) must be set for a file to match".
If a "/" is used as the prefix, as in:
find / -perm /222
it means that a match will occur if either the owner, the group, or other have their "write" bit set. So you can think of it as "at least one category has at least the respective bit(s) set for a file to match". As another example, if you want a match to occur when the owner has read/write/execute permissions, or the group has at least execute permission, or other has at least execute permission, you could use:
find / -perm /711
You can use the symbolic notation for representing file permissions if you wish. The same rules for the prefixes "-" and "/" apply (explained above), to find an exact match just omit the prefix. If you need a reminder about how to use the symbolic notation of file permissions, you may want to read our file permissions post.
We can use the a,u,g,o and r,w,x,s, and t letters to accomplish the same job as the numeric values. For example, to construct a find command using the symbolic notation that matches the numeric notation for "find / -perm /222" mentioned earlier (matches if either the owner, the group, or other have their write bit set), one could use:
find / -perm /u+w,g+w,o+w
or to be more concise:
find / -perm /a+w `To find files that are writable by group or other, you could use:` find / -perm /g+w,o+w
This command will find the same files:
find / -perm /g=w,o=w
Thus when using the "-perm" option, you can use "=" or "+" for symbolic notation... it doesn't matter.
To find files with at least permissions -rw-r--r-- (octal 644), use:
find / -perm -u+rw,g+r,o+r
Once again note that all must match at least their respective bits, so a file with permissions -rw-r-xr-- (octal 654) would match, while a file with -rw--wxr-- (octal 634) would not match. Alternatively, to find files with any of the categories matching at least the respective bits, use the "/" prefix instead:
find / -perm /u+rw,g+r,o+r