How to find files with permissions greater than xxx but ignore files with SUID and SGID

find

I'm trying to find files with permissions that exceed 755. Using the solution from another post here I have been able to get mostly what I want:

find /bin -type f -perm -755 ! -perm 755

This does ignore anything at 755 or below, but it returns files with the SUID and SGID bits set. I would like to ignore these. Is it possible to do this in one command? I've tried multiple ! -perm arguments with both 2000 and 4000 but that didn't do anything.

I have also used 2755 and 4755 in sequential commands, but again, I would prefer covering both in one command.

I was thinking the -o operator would help, but I'm not sure how to do that with an argument that contains a negated pattern like I'm using. I tried it as

find . -type f \(-perm -2755 ! -perm 2755 -o -perm -4755 ! -perm 4755\)

but that just threw the paths must precede expression error.

Best Answer

The solution that works with any POSIX compatible find is the following:

find DIR -type f -perm -0755 ! -perm 0755 ! -perm -04000 ! -perm -02000 -print

As previously noted, with GNU find you can collapse the setuid and setgid tests into ! -perm /06000.

Related Solutions

Grep Find Recursive – How to Find Files That Do NOT Contain a Text String

find . -type f | xargs grep -H -c 'shared.php' | grep 0$ | cut -d':' -f1

find . -type f -exec grep -H -c 'shared.php' {} \; | grep 0$ | cut -d':' -f1

Here we are calculating number of matching lines(using -c) in a file if the count is 0 then its the required file, so we cut the first column i.e. filename from the output.

Find files which have a higher permission than xxx

I think what you're after is

find -perm -640 ! -perm 640

i.e search files that have at least all the permissions in 640 and that don't have 640 as the permission bits. Or, in other words, amongst the files that are readable and writable by their owner and readable by the group, search files that are executable or writable by someone other than the owner or world-readable (assuming no ACLs). You may want to add -type f to restrict to regular files, or at least ! -type d -o -type d -perm 750 ! -perm 750 to allow directories to have execution permission.

If you want to match files whose permission bits, interpreted as an integer, are higher than 0o640 (which doesn't really make any sense), you're going to have to enumerate several cases. If you look at the bitwise representation, there are two ways for a number between 0 and 0o777 to be larger than 0o640: either the 0o100 bit is set in addition to the 0o600 bits, or the 0o640 bits are set. Remove the final ! -perm 640 if you want permissions 0o640 to match.

find -perm -700 -o -perm -640 ! -perm 640

Best Answer

Related Solutions

Grep Find Recursive – How to Find Files That Do NOT Contain a Text String

Find files which have a higher permission than xxx

Related Question