In the first part we talked about find command basic usage.
Now let us see how to use find command
(a) To gain lots of useful information about users and their files
(b) Monitor and enhance the security of system using find command
Finding all set user id files
setuid ("suid") and setgid are access right flags that can be assigned to files and directories on a Unix based operating system. They are mostly used to allow users on a computer system to execute binary executables with temporarily elevated privileges in order to perform a specific task.# find / -perm +u=s
OR# find / -perm +4000
See also, shell script to find all programs and scripts with setuid set on.
Finding all set group id files
# find / -perm +g=s
OR# find / -perm +2000
See also, shell script to find all programs and scripts with setgid bit set on.
Finding all large directories
To find all directories taking 50k (kilobytes) blocks of space. This is useful to find out which directories on system taking lot of space.# find / -type d -size +50k
Output:
/var/lib/dpkg/info
/var/log/ksymoops
/usr/share/doc/HOWTO/en-html
/usr/share/man/man3
Finding all large files on a Linux / UNIX
# find / -type f -size +20000k
Output:
var/log/kern.log
/sys/devices/pci0000:00/0000:00:02.0/resource0
/sys/devices/pci0000:00/0000:00:00.0/resource0
/opt/03Jun05/firefox-1.0.4-source.tar.bz2
However my favorite hack to above command is as follows:# find / -type f -size +20000k -exec ls -lh {} \; | awk '{ print $8 ": " $5 }'
/var/log/kern.log: 22M
/sys/devices/pci0000:00/0000:00:02.0/resource0: 128M
/sys/devices/pci0000:00/0000:00:00.0/resource0: 256M
/opt/03Jun05/firefox-1.0.4-source.tar.bz2: 32M
Above command will find all files block size greater than 20000k and print filename followed by the file size. Output is more informative as compare to normal find command output