BestHub
Sign in
Operations 7 min read

Unlock Linux File Permissions: Master SUID, SGID, and Advanced Find Commands

This guide explains Linux permission basics, the special SUID/SGID/sticky bits, and shows how to use the powerful find command to locate files by name, timestamps, size, or exact permissions, complete with practical code examples.

Efficient Ops
Efficient Ops
Efficient Ops
Unlock Linux File Permissions: Master SUID, SGID, and Advanced Find Commands

Introduction

Linux file permissions are represented by three characters (rwx) for read, write, and execute. For example,

-rwxr-xr-x /etc/nginx/nginx.conf

corresponds to the numeric mode 755.

Permission Basics

When inspecting

/etc/shadow

, you may see

-rwsr-xr-x

. The extra

s

indicates a special permission bit.

SUID, SGID, and Sticky Bit

SUID (Set User ID) allows a program to run with the file owner's privileges, commonly used by

passwd

. SGID (Set Group ID) grants the executing user the file's group privileges and can also apply to directories. The sticky bit (often called SBIT) prevents unauthorized users from deleting or renaming files they do not own. Numerically, SUID = 4, SGID = 2, Sticky = 1, so a mode like 4755 includes the SUID bit.

Using find to Locate Files

The

find

command can filter files by various criteria. For example, to list files with any of the special bits set:

<code>find / -perm +7000</code>

This searches for files with the

---s--s--t

pattern.

Finding by Name or Regex

<code>find . -name test.txt</code>

To locate all PDF books:

<code>find ./yang/books -name "*.pdf"</code>

Adding

-type f

restricts the search to regular files:

<code>find ./yang/books -type f -name "*.pdf"</code>

Finding by Timestamps

Linux tracks three timestamps:

atime : last access time.

mtime : last modification time of file content.

ctime : last change time of file metadata (owner, permissions, etc.).

Timestamp illustration
Timestamp illustration

Examples:

<code>find . -type f -atime +365</code>

Find files modified exactly 5 days ago (no

+

sign):

<code>find . -type f -mtime 5</code>

Search files with ctime between 5 and 10 days ago:

<code>find . -type f -ctime +5 -ctime -10</code>

Finding by Size

The

-size

option accepts units:

b: 512‑byte blocks (default)

c: bytes

w: two‑byte words

k: kilobytes

M: megabytes

G: gigabytes

Example to find files between 10 MB and 1 GB:

<code>find . -type f -size +10M -size -1G</code>

Finding by Permissions

Use

-perm

to match exact permission bits. For instance, to list all files with 777 permissions:

<code>find . -type f -perm 777</code>

This returns files readable, writable, and executable by owner, group, and others.

Conclusion

Understanding Linux permission bits and mastering the

find

command empowers administrators to efficiently locate and manage files based on ownership, timestamps, size, and security attributes.

LinuxPermissionsfile-searchfind commandSUID
Efficient Ops
Written by

Efficient Ops

This public account is maintained by Xiaotianguo and friends, regularly publishing widely-read original technical articles. We focus on operations transformation and accompany you throughout your operations career, growing together happily.

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment