ServerBuddies Support Blog

How to find World/Group writable files and directories.

Finding world-writable files and directories

This will create a huge file with permission of all files having either write permission set to the group or everybody. Check the permissions and eliminate world writable files to everyone, by executing /bin/chmod on the files.

To remove the permission execute.

Using find Command for security check

The ‘find’ command is usually used to find filenames which have specific patterns. However, we can also use it to find the files modified/accessed within a specific time period.

For example we can find all files in /etc owned by root that have been modified within the last 2 days:

The options we can use here are:

You may have noticed that we have a minus sign in front of ‘2′ in the last example. The ‘time’ options for the find command are expressed in 24-hour increments, and the sign in front of the number can indicate ‘less than’ or ‘greater than’. Thus ‘-2′ means we want to find files which were modified within the last two days. If we wanted to find files that were modified more than 2 days ago, we would need to put a plus sign in front of the 2:

There are also versions of the atime, ctime, and mtime arguments that measure time in minutes:

To match -atime +1, a file has to have been accessed at least two days ago. More example in the find man pages.

find command numeric arguments

Numeric arguments can be specified as:

+n for greater than n.

-n for less than n.

n for exactly n.

-amin n

File was last accessed n minutes ago.

-anewer file

File was last accessed more recently than file was modified. If file is a symbolic link and the -H option or the -L option is in effect, the access time of the file it points to is always used.

-atime n

File was last accessed n*24 hours ago. When find figures out how many 24-hour periods ago the file was last accessed, any fractional part is ignored, so to match -atime +1, a file has to have been accessed at least two days ago.

-cmin n

File’s status was last changed n minutes ago.

-cnewer file

File’s status was last changed more recently than file was modified.

-ctime n

File’s status was last changed n*24 hours ago. See the comments for -atime to understand how rounding affects the interpretation of file status change times.

Find text in a large number of files

If you need to find a string in a file, you would typically use:

However, grep doesn’t handle a large number of files well. If you specify grep “string” * or even grep “string” `find ./`you may find yourself facing this error:

Simple bash script to do the searching.

In this sample, We will be looking for a string “welcome” in a directory named “./Document/”:

This uses the find command to do the searching. It actually returns a list of filenames, which we can then grep one-by-one. The -H option tells grep to let us know the filename it found the string in so we can go right into that file to find the location of it.

The find command plays an integral part in some of the most important scripts that are used in any Linux system.

Find Linux Command.

* Find can search for files in a directory hierarchy.

More about the find command.

By default, find returns all files below the current working directory. Further, find allows the user to specify an action to be taken on each matched file.

The find program is no longer preferred for searching for files by name in the entire filesystem. Instead, the locate programs, which use a database of indexed files (obtained through find), are more efficient.

A single white space is needed to divide syntax elements when writing a find command. In it’s simplest use the find command searches for files in the current directory and its subdirectories:

* As always, the dot indicates the current directory.

Search all directories:

This searches every file on the computer for a file with the name myfile. It is generally not a good idea to look for data files this way.

Execute an action

This command changes the permissions of all files with a name ending in .mp3 in the directory /var/ftp/mp3.

The action is carried out by specifying the option -exec chmod 644 {} \;

The semicolon (backslashed to avoid the shell interpreting it as a command separator) indicates the end of the command.

EXAMPLES

Find files named core in or below the directory /tmp and delete them. Note that this will work incorrectly if there are any filenames containing newlines, single or double quotes, or spaces.

Find files named core in or below the directory /tmp and delete them, processing file?names in such a way that file or directory names containing single or double quotes, spaces or newlines are correctly handled. The -name test comes before the -type test in order to avoid having to call stat(2) on every file.

Runs ‘file’ on every file in or below the current directory. Notice that the braces are enclosed in single quote marks to protect them from interpretation as shell script punctuation. The semicolon is similarly protected by the use of a backslash, though’;’ could have been used in that case also.

Search for files in your home directory which have been modified in the last twenty-four hours. This command works this way because the time since each file was last modified is divided by 24 hours and any remainder is discarded. That means that to match -mtime 0, a file will have to have a modification in the past which is less than 24 hours ago.

Search for files which have read and write permission for their owner, and group, but which other users can read but not write to. Files which meet these criteria but have other permissions bits set (for example if someone can execute the file) will not be matched.

Search for files which are writable by somebody (their owner, or their group, or anybody else).

All three of these commands do the same thing, but the first one uses the octal repre?sentation of the file mode, and the other two use the symbolic form. These commands all search for files which are writable by either their owner or their group. The files don’t have to be writable by both the owner and group to be matched; either will do.

Both these commands do the same thing; search for files which are writable by both their owner and their group.

These two commands both search for files that are readable for everybody (-perm -444 or -perm -a+r), have at least on write bit set (-perm /222 or -perm /a+w) but are not executable for anybody (! -perm /111 and ! -perm /a+x respectively).

Now, suppose you want to see what hidden files in your home directory changed in the last 5 days:

If you know something has changed much more recently than that, say in the last 14 minutes, and want to know what it was there’s the mmin argument:

Be aware that doing a ‘ls’ will affect the access time-stamps of the files shown by that action. If you do an ls to see what’s in a directory and try the above to see what files were accessed in the last 14 minutes all files will be listed by find.