Expected behavior of `find -depth` if execute permission denied for subdirectory

directoryfindpermissions

I'd like to know if I can rely on the behavior I am seeing when using find with -depth option and user does not have execute permission for a subdirectory.

Assume the following directory structure:

drwxrwxrwt. 10 root    root     12288 Mar 14 04:31 .
dr-xr-xr-x. 24 root    root      4096 Dec  6 03:33 ..
drwx------   4 root    root      4096 Mar 14 04:03 jen

Run the following command as non-root user:

find -type d

The output is:

.
./jen
find: `./jen': Permission denied

So find found the directory jen and output that. It then tried to descend into jen, but didn't have permission so it printed the error. The first line above is printed to stdout and the second line to stderr.

Now run the following as non-root user:

find -depth -type d

And the output is:

find: `./jen': Permission denied
.

So the pathname is not output to stdout unless the user has permission to list the contents of the directory.

This output is perfect for what I want to do. However, I'm not sure if this is just a coincidence or not. Can I rely on this behavior?

I'm using GNU findutils 4.4.2. I'm wondering if this behavior is the same across all versions of find. And if not, is it at least the same across all versions of GNU find.

It doesn't matter to me (for this use case) whether or not jen is printed in the first example. I'm just wondering if I can depend on it being excluded when -depth is used. Normally, it's not a good idea to rely on undocumented behavior. But, to me, this side effect makes sense. So I'm thinking that this might be the intended behavior.

The manual says:

— Option: -depth

Process each directory's contents before the directory itself.

This is exactly what I want, but it's not clear that the pathname of the directory itself will be excluded from the output if it doesn't descend into it.

Thanks to a hint from Hauke Laging, I discovered that I can list only directories and explicitly exclude directories where permission to list their contents is denied:

find -type d \( \( -type d \( \! -executable -or \! -readable \) \) -prune -or -print \)

This also has the effect of stopping the "Permission denied" errors because find never tries to descend into a directory if it doesn't have permission.

Unfortunately, there are two reasons why this will not work for my needs.

I want the error messages
I need the -depth option

Quoting from the manual

If the ‘-depth’ option is in effect, the subdirectories will have already been visited in any case. Hence ‘-prune’ has no effect in this case.

So I am back to where I started.

It's still not clear whether or not "Process each directory's contents before the directory itself." also means "Don't process the directory if you can't process it's contents".

Best Answer

Probably the better approach is to handle such directories explicitly. I don't know whether these are standard features but at least with Gnu find this is possible:

find . \( -type d \( \! -executable -or \! -readable \) \) -prune -or -type d

of course, it is also possible to print a message if a directory is ignored:

find . \( -type d \( \! -executable -or \! -readable \) \) \
  -printf "Permission denied: %p\n" -prune -or -type d -print

Related Solutions

Find – How to Delete All Files Except in a Certain Subdirectory

one way is to use -exec rm instead of -delete.

find a \( -name b -prune \) -o -type f -exec rm {} +

alternatively use -not -path instead of -prune:

find a -not -path "*/b*" -type f -delete

Explanation why -prune collides with -delete:

find complains when you try to use -delete with -prune because -delete implies -depth and -depth makes -prune ineffective.

observe the behaviour of find with and without -depth:

$ find foo/
foo/
foo/f1
foo/bar
foo/bar/b2
foo/bar/b1
foo/f2

There is no guarantee about the order in a single directory. But there is a guarantee that a directory is processed before its contents. Note foo/ before any foo/* and foo/bar before any foo/bar/*.

This can be reversed with -depth.

$ find foo/ -depth
foo/f2
foo/bar/b2
foo/bar/b1
foo/bar
foo/f1
foo/

Note that now all foo/* appear before foo/. Same with foo/bar.

more explanation:

-prune prevents find from descending into a directory. In other words -prune skips the contents of the directory. In your case -name b -prune means that when find reaches a directory with the name b it will skip the directory including all subdirectories.
-depth makes find to process the contents of a directory before the directory itself. That means by the time find gets to process the directory entry b its contents has already been processed. Thus -prune is ineffective with -depth in effect.
-delete implies -depth so it can delete the contents first and then the empty directory. -delete refuses to delete non-empty directories.

Explanation of alternative method:

find a -not -path "*/b*" -type f -delete

This may or may not be easier to remember.

This command still descends into the directory b and proceses every single file in it only for -not to reject them. This can be a performance issue if the directory b is huge.

-path works differently than -name. -name only matches against the name (of the file or directory) while -path is matching against the entire path. For example observe the path /home/lesmana/foo/bar. -name bar will match because the name is bar. -path "*/foo*" will match because the string /foo is in the path. -path has some intricacies you should understand before using it. Read the man page of find for more details.

Beware that this is not 100% foolproof. There are chances of "false positives". The way the command is written above it will skip any file which has any parent directory which name is starting with b (positive). But it will also skip any file which name is starting with b regardless of position in the tree (false positive). This can be fixed by writing a better expression than "*/b*". That is left as an exercise for the reader.

I assume that you used a and b as placeholders and the real names are more like allosaurus and brachiosaurus. If you put brachiosaurus in place of b then the amount of false positives will be drastically reduced.

At least the false positives will be not deleted, so it will be not as tragic. Furthermore, you can check for false positives by first running the command without -delete (but remember to place the implied -depth) and examine the output.

find a -not -path "*/b*" -type f -depth

Permissions – Permission Denied When Executing Binary Despite RWX Privilege and Root User

According to the info provided you are trying to run 64-bit executable on 32-bit kernel. It won't work that way. You either need 32-bit binary or 64-bit kernel/glibc libraries.

Best Answer

Related Solutions

Find – How to Delete All Files Except in a Certain Subdirectory

Permissions – Permission Denied When Executing Binary Despite RWX Privilege and Root User

Related Question