I have always found GNU find to be a little bit tricky to use. It is indeed quite a powerful program. It allows you to search anywhere, for anything! With the output, you can use the -exec option to run a command on each and every file find finds.

-perm is a fantastic feature to GNU find. With it, you can search for file permissions. Lately, I’ve been running it to find out which files have at least the SETUID bit set.

setuid and setgid (short for set user ID upon execution and set group ID upon execution, respectively) are Unix access rights flags that allow users to run an executable with the permissions of the executable’s owner or group. They are often used to allow users on a computer system to run programs with temporarily elevated privileges in order to perform a specific task.

To search for files that have at least the SETUID (4xxx), or SETGID (2xxx), or sticky bits (1xxx) set, you run:

find /directory -perm /7000

This will make find search for files that have at least one of the bits turned on that make up the octal value ‘7.’ 7 is composed of 4+2+1, so it will search for files that have a 1, 2, 3, 4, 5, 6, or 7 as their first number.

  • 1xxx
  • 2xxx
  • 3xxx
  • 4xxx
  • 5xxx
  • 6xxx
  • 7xxx

x here means any bit, or lack of a bit, such as 4640, or 5222.

Additionally,

find /directory -perm /222

searches for files that are writeable by someone. That is, it has at least the ‘w’ set for the user, or the group, or others, regardless if other bits that might be set, such as the e’x’ecute bit.

find has two other -perm features. We’ll talk about those next time.