Читать книгу Linux Bible - Christopher Negus - Страница 165

Searching for files by permission is an excellent way to turn up security issues on your system or uncover access issues. Just as you changed permissions on files using numbers or letters (with the chmod command), you can likewise find files based on number or letter permissions along with the -perm options. (Refer to Chapter 4, “Moving Around the Filesystem,” to see how to use numbers and letters with chmod to reflect file permissions.)

If you use numbers for permission, as I do below, remember that the three numbers represent permissions for the user, group, and other. Each of those three numbers varies from no permission (0) to full read/write/execute permission (7) by adding read (4), write (2), and execute (1) bits together. With a hyphen (-) in front of the number, all three of the bits indicated must match; with a forward slash (/) in front of it, any of the numbers can match for the search to find a file. The full, exact numbers must match if neither a hyphen nor a forward slash is used.

Consider the following examples:

 $ find /usr/bin -perm 755 -ls 788884 28 -rwxr-xr-x 1 root root 28176 Mar 10 2014 /bin/echo $ find /home/chris/ -perm -222 -type d -ls 144503 4 drwxrwxrwx 8 chris chris 4096 Jun 23 2014 /home/chris/OPENDIR

By searching for -perm 755, any files or directories with exactly rwxr-xr-x permission are matched. By using -perm -222, only files that have write permission for user, group, and other are matched. Notice that, in this case, the -type d is added to match only directories.

 $ find /myreadonly -perm /222 -type f 685035 0 -rw-rw-r-- 1 chris chris 0 Dec 30 16:34 /myreadonly/abc $ find . -perm -002 -type f -ls 266230 0 -rw-rw-rw- 1 chris chris 0 Dec 30 16:28 ./LINUX_BIBLE/abc

Using -perm /222, you can find any file (-type f) that has write permission turned on for the user, group, or other. You might do that to make sure that all files are read-only in a particular part of the filesystem (in this case, beneath the /myreadonly directory). The last example, -perm /002, is very useful for finding files that have open write permission for “other,” regardless of how the other permission bits are set.