Basics
find file metadata flags
Some useful find flags related to file metadata.
Ownership
Filter files based on ownership in find
The
Link to original-user
and-group
flags match files and folders owned by a particular user or group (both numeric and symbolic-readable names are allowed).File size
Filter files based on size in find
The
-size
flag matches files of sizen
.Prefix
n
with+
or-
to match files strictly greater than or less thann
in size. To specify useful sizes, use a suffix.
c
— Bytesk
— KilobytesM
— MegabytesG
— GigabytesFor example, use
Link to original-size +4G
to find files over 4 GB (i.e., those that can’t be written to a FAT32 file system).Permissions
Filter files based on file permissions in find
The
-perm
flag matches files and folders with a given permission. Both numeric and symbolic permissions are allowed.Use the
Link to original/
or-
prefix to match files with any of the specified permissions or at least the specified permissions. For example,-perm -644
will match any file where the current user has at least read + write access and any other user has at least read access (so,-
requires the specified permissions, but is agnostic as to the presence/absence of additional permissions). Likewise,-perm /666
will match files where the current user has read + write access and/or the current group has read + write access and/or everyone has read + write access (so,/
requires that at least one of the specified permissions groups matches exactly, but is agnostic to the state of any other group outside of that match).Timestamps
Link to originalFilter files based on timestamp in find
The
-Xmin
and-Xtime
flags match files accessed (a
), had their contents modified (m
), or had their inode changed (c
)n
minutes (-Xmin
) or days (-Xtime
) ago.All mtime changes are ctime changes, but the reverse is not necessarily true.
Prefix
n
with+
or-
to match files strictly before or after the specified time in the past.For example:
Link to original
Reconnaissance
Find SUID and SGID executables
How to find SUID and SGID executables with find
Link to original
Find world writable/executable folders
How to find world-accessible and world-modifiable folders with find
Link to original
Shell escape
find shell escape
If find can be run with NOPASSWD via sudo, then try:
Link to original