How to find files by permissions in Linux

This blog post will teach you how to find files by permissions in Linux using the find command. You will learn how to use the different options of the find command to specify the permissions you are looking for and to filter the results.

  • Can match Ownership by name or id
    • find / -user joe -o -uid 500
  • Can match octal or symbolic permissions
    • find -perm 755
      • matches if mode is exactly 755
    • find -perm +222
      • matches if anyone can write
    • find -perm -222
      • matches if everyone can write
    • find -perm -002
      • matches if other can write

find can search for files based on their ownership or permissions. Useful options when searching by owner are -user and -group, which search by name, and -uid and -gid, which search by ID.

The -perm option is used to look for files with a particular set of permissions. Permissions can be described as octal values (some combination of 4, 2 and 1 for read, write and execute, respectively) or using symbolic notation (eg u+w for “user has write access”). Permissions should be preceded by a + or – sign. The meanings of these operators are slightly different depending on whether you are using numeric or symbolic notation.

A numeric permission preceded by + will match files that have at least one bit (user, group or other) for that permission set. So, for example, a file with permissions r–r–r– would not match +222, but one with rw-r–r– would. A minus sign (-) before a permission means that all three instances of that bit must be on, so neither of the previous examples would match but something like rw-rw-rw- would.

So, to use a more complex example, the following command would match any file for which the user has read, write and execute permissions, members of the group have read and write permissions and others have read-only access:

[user@user-pc ~]$ find /home -perm 764

To match files for which the user has at least read, write and execute permissions, and the group has at least read and write permissions and others have at least read access:

[user@user-pc ~]$ find /home -perm -764

And to match files for which the user has read, write and execute permissions, or the group has at least read and write permissions or others have at least read access:

[user@user-pc ~]$ find /home -perm +764

When used with + or -, a value of 0 works like a wild card, since it means “a permission of at least nothing. Thus, the following command would match any file for which others have at least read access:

[user@user-pc ~]$ find /home -perm -004

Leave a Comment