find: Mode Bits
1
1 2.7 File Mode Bits
1 ==================
1
1 ⇒File Permissions, for information on how file mode bits are
1 structured and how to specify them.
1
1 Four tests determine what users can do with files. These are
1 '-readable', '-writable', '-executable' and '-perm'. The first three
1 tests ask the operating system if the current user can perform the
1 relevant operation on a file, while '-perm' just examines the file's
1 mode. The file mode may give a misleading impression of what the user
1 can actually do, because the file may have an access control list, or
1 exist on a read-only filesystem, for example. Of these four tests
1 though, only '-perm' is specified by the POSIX standard.
1
1 The '-readable', '-writable' and '-executable' tests are implemented
1 via the 'access' system call. This is implemented within the operating
1 system itself. If the file being considered is on an NFS filesystem,
1 the remote system may allow or forbid read or write operations for
1 reasons of which the NFS client cannot take account. This includes
1 user-ID mapping, either in the general sense or the more restricted
1 sense in which remote superusers are treated by the NFS server as if
1 they are the local user 'nobody' on the NFS server.
1
1 None of the tests in this section should be used to verify that a
1 user is authorised to perform any operation (on the file being tested or
1 any other file) because of the possibility of a race condition. That
1 is, the situation may change between the test and an action being taken
1 on the basis of the result of that test.
1
1 -- Test: -readable
1 True if the file can be read by the invoking user.
1
1 -- Test: -writable
1 True if the file can be written by the invoking user. This is an
1 in-principle check, and other things may prevent a successful write
1 operation; for example, the filesystem might be full.
1
1 -- Test: -executable
1 True if the file can be executed/searched by the invoking user.
1
1 -- Test: -perm pmode
1
1 True if the file's mode bits match PMODE, which can be either a
1 symbolic or numeric MODE (⇒File Permissions) optionally
1 prefixed by '-' or '/'.
1
1 A PMODE that starts with neither '-' nor '/' matches if MODE
1 exactly matches the file mode bits. (To avoid confusion with an
1 obsolete GNU extension, MODE must not start with a '+' immediately
1 followed by an octal digit.)
1
1 A PMODE that starts with '-' matches if _all_ the file mode bits
1 set in MODE are set for the file; bits not set in MODE are ignored.
1
1 A PMODE that starts with '/' matches if _any_ of the file mode bits
1 set in MODE are set for the file; bits not set in MODE are ignored.
1 This is a GNU extension.
1
1 If you don't use the '/' or '-' form with a symbolic mode string,
1 you may have to specify a rather complex mode string. For example
1 '-perm g=w' will only match files that have mode 0020 (that is,
1 ones for which group write permission is the only file mode bit
1 set). It is more likely that you will want to use the '/' or '-'
1 forms, for example '-perm -g=w', which matches any file with group
1 write permission.
1
1 '-perm 664'
1 Match files that have read and write permission for their
1 owner, and group, but that the rest of the world can read but
1 not write to. Do not match files that meet these criteria but
1 have other file mode bits set (for example if someone can
1 execute/search the file).
1
1 '-perm -664'
1 Match files that have read and write permission for their
1 owner, and group, but that the rest of the world can read but
1 not write to, without regard to the presence of any extra file
1 mode bits (for example the executable bit). This matches a
1 file with mode 0777, for example.
1
1 '-perm /222'
1 Match files that are writable by somebody (their owner, or
1 their group, or anybody else).
1
1 '-perm /022'
1 Match files that are writable by either their owner or their
1 group. The files don't have to be writable by both the owner
1 and group to be matched; either will do.
1
1 '-perm /g+w,o+w'
1 As above.
1
1 '-perm /g=w,o=w'
1 As above.
1
1 '-perm -022'
1 Match files that are writable by both their owner and their
1 group.
1
1 '-perm -444 -perm /222 ! -perm /111'
1 Match files that are readable for everybody, have at least one
1 write bit set (i.e., somebody can write to them), but that
1 cannot be executed/searched by anybody. Note that in some
1 shells the '!' must be escaped;.
1
1 '-perm -a+r -perm /a+w ! -perm /a+x'
1 As above.
1
1 '-perm -g+w,o+w'
1 As above.
1
1 Warning: If you specify '-perm /000' or '-perm /mode' where
1 the symbolic mode 'mode' has no bits set, the test matches all
1 files. Versions of GNU 'find' prior to 4.3.3 matched no files
1 in this situation.
1
1 -- Test: -context pattern
1 True if file's SELinux context matches the pattern PATTERN. The
1 pattern uses shell glob matching.
1
1 This predicate is supported only on 'find' versions compiled with
1 SELinux support and only when SELinux is enabled.
1