find: Mode Bits
2.8 File Mode Bits
==================
⇒File Permissions, for information on how file mode bits are
structured and how to specify them.
Four tests determine what users can do with files. These are
'-readable', '-writable', '-executable' and '-perm'. The first three
tests ask the operating system if the current user can perform the
relevant operation on a file, while '-perm' just examines the file's
mode. The file mode may give a misleading impression of what the user
can actually do, because the file may have an access control list, or
exist on a read-only filesystem, for example. Of these four tests
though, only '-perm' is specified by the POSIX standard.
The '-readable', '-writable' and '-executable' tests are implemented
via the 'access' system call. This is implemented within the operating
system itself. If the file being considered is on an NFS filesystem,
the remote system may allow or forbid read or write operations for
reasons of which the NFS client cannot take account. This includes
user-ID mapping, either in the general sense or the more restricted
sense in which remote superusers are treated by the NFS server as if
they are the local user 'nobody' on the NFS server.
None of the tests in this section should be used to verify that a
user is authorised to perform any operation (on the file being tested or
any other file) because of the possibility of a race condition. That
is, the situation may change between the test and an action being taken
on the basis of the result of that test.
-- Test: -readable
True if the file can be read by the invoking user.
-- Test: -writable
True if the file can be written by the invoking user. This is an
in-principle check, and other things may prevent a successful write
operation; for example, the filesystem might be full.
-- Test: -executable
True if the file can be executed/searched by the invoking user.
-- Test: -perm pmode
True if the file's mode bits match PMODE, which can be either a
symbolic or numeric MODE (⇒File Permissions) optionally
prefixed by '-' or '/'.
Note that PMODE starts with all file mode bits cleared, i.e., does
not relate to the process's file creation bit mask (also known as
'umask').
A PMODE that starts with neither '-' nor '/' matches if MODE
exactly matches the file mode bits. (To avoid confusion with an
obsolete GNU extension, MODE must not start with a '+' immediately
followed by an octal digit.)
A PMODE that starts with '-' matches if _all_ the file mode bits
set in MODE are set for the file; bits not set in MODE are ignored.
A PMODE that starts with '/' matches if _any_ of the file mode bits
set in MODE are set for the file; bits not set in MODE are ignored.
This is a GNU extension.
If you don't use the '/' or '-' form with a symbolic mode string,
you may have to specify a rather complex mode string. For example
'-perm g=w' will only match files that have mode 0020 (that is,
ones for which group write permission is the only file mode bit
set). It is more likely that you will want to use the '/' or '-'
forms, for example '-perm -g=w', which matches any file with group
write permission.
'-perm 664'
Match files that have read and write permission for their
owner, and group, but that the rest of the world can read but
not write to. Do not match files that meet these criteria but
have other file mode bits set (for example if someone can
execute/search the file).
'-perm -664'
Match files that have read and write permission for their
owner, and group, but that the rest of the world can read but
not write to, without regard to the presence of any extra file
mode bits (for example the executable bit). This matches a
file with mode 0777, for example.
'-perm /222'
Match files that are writable by somebody (their owner, or
their group, or anybody else).
'-perm /022'
Match files that are writable by their group or everyone else
- the latter often called "other". The files don't have to be
writable by both the group and other to be matched; either
will do.
'-perm /g+w,o+w'
As above.
'-perm /g=w,o=w'
As above.
'-perm -022'
Match files that are writable by both their group and everyone
else.
'-perm -g+w,o+w'
As above.
'-perm -444 -perm /222 ! -perm /111'
Match files that are readable for everybody, have at least one
write bit set (i.e., somebody can write to them), but that
cannot be executed/searched by anybody. Note that in some
shells the '!' must be escaped.
'-perm -a+r -perm /a+w ! -perm /a+x'
As above.
Warning: If you specify '-perm /000' or '-perm /mode' where
the symbolic mode 'mode' has no bits set, the test matches all
files. Versions of GNU 'find' prior to 4.3.3 matched no files
in this situation.
-- Test: -context pattern
True if file's SELinux context matches the pattern PATTERN. The
pattern uses shell glob matching.
This predicate is supported only on 'find' versions compiled with
SELinux support and only when SELinux is enabled.