How to match files to packages in Debian-based operating systems
# List all installed packages#dpkg-query -l# List files in an installed package#dpkg-query -L $PACKAGE_NAME# List the package that owns a particular file#dpkg-query -S $FULL_PATH_TO_FILE
How to match files to packages in Red Hat-based operating systems
# List all installed packages#rpm -qa# List files in an installed package#rpm -ql $PACKAGE_NAME# List the package that owns a particular file#rpm -qf $FULL_PATH_TO_FILE
The -perm flag matches files and folders with a given permission. Both numeric and symbolic permissions are allowed.
Use the / or - prefix to match files with any of the specified permissions or at least the specified permissions. For example, -perm -644 will match any file where the current user has at least read + write access and any other user has at least read access (so, - requires the specified permissions, but is agnostic as to the presence/absence of additional permissions). Likewise, -perm /666 will match files where the current user has read + write access and/or the current group has read + write access and/or everyone has read + write access (so, / requires that at least one of the specified permissions groups matches exactly, but is agnostic to the state of any other group outside of that match).
The -Xmin and -Xtime flags match files accessed (a), had their contents modified (m), or had their inode changed (c) n minutes (-Xmin) or days (-Xtime) ago.
Executables can also have an SUID “capability” set in Linux, which is not the same as the SUID permission!
The getcap command displays a binary’s capabilities (if there are any), and can even be used to perform a search for such binaries using getcap -r $PATH 2> /dev/null.