Linux “find“ 命令查找特定权限的文件（-perm参数）

最近遇到了有 "find . -perm"的需求，搜了一些文章发现讲的都不是很清晰，甚至有的还有错误。所以还是回到Linux官方手册（https://linux.die.net/man/1/find），把find命令的相关部分截取出来便于一次学对。
（每段话附加了一些个人理解，如有错误，欢迎指正。）

Options

-perm mode

File’s permission bits are exactly mode (octal or symbolic). Since an exact match is required, if you want to use this form for symbolic modes, you may have to specify a rather complex mode string. For example -perm g=w will only match files which have mode 0020 (that is, ones for which group write permission is the only permission set). It is more likely that you will want to use the ‘/’ or ‘-’ forms, for example -perm -g=w, which matches any file with group write permission. See the EXAMPLES section for some illustrative examples.

（查找文件权限“准确”匹配。例如 -perm g=w 或 -perm 0020，只会检索出权限准确为0020的文件，其他权限不等于0020的文件都不会检索出来。而例如 -perm -g=w 会检索出所有group bit “包含”写权限的文件，其他权限不管）

-perm -mode

All of the permission bits mode are set for the file. Symbolic modes are accepted in this form, and this is usually the way in which would want to use them. You must specify ‘u’, ‘g’ or ‘o’ if you use a symbolic mode. See the EXAMPLES section for some illustrative examples.

（查找“所有”满足权限要求的文件，非严格匹配，而是不论其他未要求的权限位是如何设置，都会被检索出来。是常用的查找模式，具体详见EXAMPLES）

-perm /mode

Any of the permission bits mode are set for the file. Symbolic modes are accepted in this form. You must specify ‘u’, ‘g’ or ‘o’ if you use a symbolic mode. See the EXAMPLES section for some illustrative examples. If no permission bits in mode are set, this test matches any file (the idea here is to be consistent with the behavior of -perm -000).

（查找满足“任何”一个权限位的文件。如果mode中某个权限位没有限定，则认为该权限位满足条件，即 -perm -000等价于所有文件）

-perm +mode

Deprecated, old way of searching for files with any of the permission bits in mode set. You should use -perm /mode instead. Trying to use the ‘+’ syntax with symbolic modes will yield surprising results. For example, ‘+u+x’ is a valid symbolic mode (equivalent to +u,+x, i.e. 0111) and will therefore not be evaluated as -perm +mode but instead as the exact mode specifier -perm mode and so it matches files with exact permissions 0111 instead of files with any execute bit set. If you found this paragraph confusing, you’re not alone - just use -perm /mode. This form of the -perm test is deprecated because the POSIX specification requires the interpretation of a leading ‘+’ as being part of a symbolic mode, and so we switched to using ‘/’ instead.

（已弃用）

Example

find . -perm 664

Search for files which have read and write permission for their owner, and group, but which other users can read but not write to. Files which meet these criteria but have other permissions bits set (for example if someone can execute the file) will not be matched.

（查找owner和group有读写权限，且其他users有只读权限的文件，权限非严格664的文件不会被检索到，可以理解为权限是 rw-rw-r–的文件）

find . -perm -664

Search for files which have read and write permission for their owner and group, and which other users can read, without regard to the presence of any extra permission bits (for example the executable bit). This will match a file which has mode 0777, for example.

（查找权限“子集”为664的权限，即满足owner和group有读写权限，且其他users有只读权限，而不管除此以外其他权限位，比如执行权限，是否有设置。因此查找结果中也会包括权限为777的文件。可以理解为权限是rw*rw*r**的文件，*代表任意，可以是x也可以是-）

find . -perm /222

Search for files which are writable by somebody (their owner, or their group, or anybody else).

（查找可以被任何人可写的文件，任何人可以是owner，或者可以是group，或者可以是others，满足一组有w权限即可）

find . -perm /220
find . -perm /u+w,g+w
find . -perm /u=w,g=w

All three of these commands do the same thing, but the first one uses the octal representation of the file mode, and the other two use the symbolic form. These commands all search for files which are writable by either their owner or their group. The files don’t have to be writable by both the owner and group to be matched; either will do.

（以上三个命令效果相同，都是查找可以被owner或者group写入的文件，owner和group的写权限满足一个即可查到，不需要同时满足）

find . -perm -220
find . -perm -g+w,u+w

Both these commands do the same thing; search for files which are writable by both their owner and their group.

（以上两个命令效果相同，都是查找同时可以被owner和group写入的文件）

find . -perm -444 -perm /222 ! -perm /111
find . -perm -a+r -perm /a+w ! -perm /a+x

These two commands both search for files that are readable for everybody ( -perm -444 or -perm -a+r), have at least one write bit set ( -perm /222 or -perm /a+w) but are not executable for anybody ( ! -perm /111 and ! -perm /a+x respectively).

（以上两个命令效果相同，都是查找可以被任何人读取，且至少可以被人（owner或group或others）写入，但任何人都不可以执行的文件…)

补充内容

看到一个手册里没有的内容，就是关于SUID和SGID的查找，关于SUID和SGID的概念一两句话说不清，直接上命令。

查找当前路径下全部有SUID的文件(u+s)

find . -perm /4000
find . -perm /u=s

查找当前路径下全部有SGID的文件(g+s)

find . -perm /2000
find . -perm /g=s

查找当前路径下同时有SUID和SGID的文件

find . -perm /6000
find . -perm /u=s,g=s