Permission
Read
Other/World
find / -a -perm -o+r
World-readable
find / -a -perm -4
World-readable
grep -r "r-." /
Alternative method
Extracts usernames from /etc/passwd and finds files owned by each user where "others" have read permission (Need to test):
grep "r-" /etc/passwd | cut -d: -f1 | xargs find . -userCurrent User
find / -a -readable
Current user readable.
find / -a -perm -u+r
Current user readable.
User specific
find / -a -user [username] -readable
Specific user readable.
find / -a -user [username] -perm -4
Specific user readable.
find / -a -user [username] -perm -u+r
Combines owner read permission to show files owned by user with read permissions.
Group
find / -a -perm -g+r
Group readable.
find / -a -group <group_name> -readable
Specific group readable.
Write
Other/World
find / -a -perm -o+w
Writable by "Other"
find / -a -perm -2
Writable by "Other"
grep -r "w-." /
Alternative method
Find world-writable config files:
Current User
find / -a -writable 2>/dev/null
Current user writable
find / -a -perm -u+r
Current user writable
Current-user writable filtering out running processes:
User Specific
find / -a -user [username] -readable
Specific user writable
find / -a -user [username] -perm -2
Specific user writable
find / -a -user [username] -perm -u+r
Combines owner read permission to show files owned by user with read permissions.
Group
find / -a -perm -g+w
Group Writable.
find / -a -group <group_name> -readable
Specific group Writable.
Execute
Other/World
find / -a -perm -o+x
World-executable
find / -a -perm -1
World-executable
grep -r "x-." /
Alternative method
Finds files owned by each user where "others" have execute permission:
Current User
find / -a -executable
Current user executable
find / -a -perm -u+x
Current user executable
User specific
find / -a -user [username] -executable
Specific user executable
find / -a -user [username] -perm -1
Specific user executable
find / -a -user [username] -perm -u+x
Combines owner read permission to show files owned by user with read permissions
Group
find / -a -perm -g+x
Group executable
find / -a -group <group_name> -executable
Specific group executable
Wide-Open
find / -a -perm 0777
Wide open files
Find files with insecure permissions:
SUID/SGID
Permission Filters
-2000 = Owner has write permissions, SGID is set. File inherits the GID of the process that executes it. -4000 = Only files with SUID bit.
/6000 = SUID, SGID, or Both.
SUID Only
find / -a -perm -4000
SUID set
find / -a -perm /u=s
SUID set
find / -a -perm -4000 -user root
SUID files owned by root
find / -a -perm -4000 -not -user root
SUID files NOT owned by root
grep -r "w-s-" /
SUID set (Alternate method)
Processes usernames from /etc/passwd, searches for world-executable SUID files owned by each user.
Use with Caution!
SGID Only
find / -a -perm -2000
Owner has write permissions, SGID is set
find / -a -perm /u=g
SGID set
find / -a -perm -2000 -user root
SGID set and owned by root
find / -a -perm -2000 -not -user root
SGID set and NOT owned by root
grep -r "w-S-" /
SGID set (Alternate method)
SUID AND/OR SGID
find / -a -perm /6000
SUID, SGID, or both set
find / -a -perm /u=s,g=s
Both SUID and SGID set
find / -a -perm /6000 -user root
SUID, SGID, or both set and owned by root
find / -a -perm /6000 -not -user root
SUID, SGID, or both set and NOT owned by root
SUID or SGID then execute ls -l:
Capabilties
getcap [filepath]
Check a specific file for capabilities.
getcap -r [filepath]
Recursively check capabilities of files in a directory hierarchy.
find / -a -perm -0002 | getcap -d -
Searches for capabilities (excluding sticky bits) and pipes getcap for details.
Recursively to search for capabilities within open file descriptors, potentially revealing files in use with capabilities. Requires root privileges:
This searches for specific capabilities by name within open file descriptors of a specific process ID (PID). Requires root privileges:
Last updated
Was this helpful?