Next: Contents, Previous: Owner, Up: Finding Files [Contents][Index]
See File Permissions, for information on how file mode bits are structured and how to specify them.
Four tests determine what users can do with files. These are ‘-readable’, ‘-writable’, ‘-executable’ and ‘-perm’. The first three tests ask the operating system if the current user can perform the relevant operation on a file, while ‘-perm’ just examines the file’s mode. The file mode may give a misleading impression of what the user can actually do, because the file may have an access control list, or exist on a read-only filesystem, for example. Of these four tests though, only ‘-perm’ is specified by the POSIX standard.
The ‘-readable’, ‘-writable’ and ‘-executable’ tests
are implemented via the access system call. This is
implemented within the operating system itself. If the file being
considered is on an NFS filesystem, the remote system may allow or
forbid read or write operations for reasons of which the NFS client
cannot take account. This includes user-ID mapping, either in the
general sense or the more restricted sense in which remote superusers
are treated by the NFS server as if they are the local user
‘nobody’ on the NFS server.
None of the tests in this section should be used to verify that a user is authorised to perform any operation (on the file being tested or any other file) because of the possibility of a race condition. That is, the situation may change between the test and an action being taken on the basis of the result of that test.
True if the file can be read by the invoking user.
True if the file can be written by the invoking user. This is an in-principle check, and other things may prevent a successful write operation; for example, the filesystem might be full.
True if the file can be executed/searched by the invoking user.
True if the file’s mode bits match pmode, which can be either a symbolic or numeric mode (see File Permissions) optionally prefixed by ‘-’ or ‘/’.
Note that pmode starts with all file mode bits cleared, i.e.,
does not relate to the process’s file creation bit mask (also known
as umask).
A pmode that starts with neither ‘-’ nor ‘/’ matches if mode exactly matches the file mode bits. (To avoid confusion with an obsolete GNU extension, mode must not start with a ‘+’ immediately followed by an octal digit.)
A pmode that starts with ‘-’ matches if all the file mode bits set in mode are set for the file; bits not set in mode are ignored.
A pmode that starts with ‘/’ matches if any of the file mode bits set in mode are set for the file; bits not set in mode are ignored. This is a GNU extension.
If you don’t use the ‘/’ or ‘-’ form with a symbolic mode string, you may have to specify a rather complex mode string. For example ‘-perm g=w’ will only match files that have mode 0020 (that is, ones for which group write permission is the only file mode bit set). It is more likely that you will want to use the ‘/’ or ‘-’ forms, for example ‘-perm -g=w’, which matches any file with group write permission.
Match files that have read and write permission for their owner, and group, but that the rest of the world can read but not write to. Do not match files that meet these criteria but have other file mode bits set (for example if someone can execute/search the file).
Match files that have read and write permission for their owner, and group, but that the rest of the world can read but not write to, without regard to the presence of any extra file mode bits (for example the executable bit). This matches a file with mode 0777, for example.
Match files that are writable by somebody (their owner, or their group, or anybody else).
Match files that are writable by their group or everyone else - the latter often called other. The files don’t have to be writable by both the group and other to be matched; either will do.
As above.
As above.
Match files that are writable by both their group and everyone else.
As above.
Match files that are readable for everybody, have at least one write bit set (i.e., somebody can write to them), but that cannot be executed/searched by anybody. Note that in some shells the ‘!’ must be escaped.
As above.
Warning: If you specify ‘-perm /000’ or ‘-perm /mode’ where the symbolic mode ‘mode’ has no bits set, the test matches all files. Versions of GNU
findprior to 4.3.3 matched no files in this situation.
True if file’s SELinux context matches the pattern pattern. The pattern uses shell glob matching.
This predicate is supported only on find versions compiled with
SELinux support and only when SELinux is enabled.
Next: Contents, Previous: Owner, Up: Finding Files [Contents][Index]