Fork me on GitHub

linux basics: find & locate

find

Usual commands

find / -name "*.c"
find / -maxdepth 4 -name "*.c"
find / -size +1M
find / -group ben
find / -user ben

File type

find /etc/ -type d
find /etc/ -type f

Execute action on file

without confirmation

find ~ -type d -exec ls -l {} \;
  • {} replace the argument of the command, here it means a file in ls -l file
  • \;: escape the ; => terminate the ls -l {} command

with confirmation

find ~ -type d -ok -exec ls -l {} \;

operator

and -a

find /etc/ \( -type d -a -group root \)

or -o

find ~ \( -name "*txt" -o -name "*.md" \)

negation !

find ~ ! -name "*.md"

locate

  • faster than find
  • only works on file name

  • use a db

    locate README.md updatedb

modern locate

mlocate README.md

secure locate

slocate README.md

the locate command is a symlink to one of these programs:

ls -l /usr/bin/locate
lrwxrwxrwx 1 root root 24 avril 21 13:09 /usr/bin/locate -> /etc/alternatives/locate

ls -l /etc/alternatives/locate
lrwxrwxrwx 1 root root 16 avril 21 13:09 /etc/alternatives/locate -> /usr/bin/mlocate

linux basics: file permissions 4 - umask

umask -S
u=rwx,g=rwx,o=rx

umask -p
umask 0002

default rights when a file is created are:

  • file: 0666
  • folder : O777

The calculated rights for new files are the default rights - the umask: 0666-0002=0664

touch umasktest
ls -l umasktest 
-rw-rw-r-- 1 ordinateur ordinateur 0 avril 21 14:30 umasktest

modify umask

umask 0022

linux basics: file permissions 3 - ACL

ACL usage: when POSIX rights are too limited. Check ACL support is enabled:

grep ACL /boot/config* | grep -i ext4

install package:

apt install acl

Enable if needed in /etc/fstab, with option acl

create a test file: touch test create a test user: adduser testuser create a group user: groupadd testgroup

getfacl

getfacl test

# file: test
# owner: root
# group: root
user::rw-
group::r--
other::r--

setfacl

Let's say we want to give an extra rw permissions to our testuser without using POSIX rights:

setfacl -m u:testuser:rw test

check that:

getfacl test
# file: test
# owner: root
# group: root
user::rw-
user:testuser:rw-
group::r--
mask::rw-
other::r--

Let's say we want to give an extra rwx permissions to our testgroup without using POSIX rights:

setfacl -m g:testgroup:rwx test

check that:

getfacl test
# file: test
# owner: root
# group: root
user::rw-
user:testuser:rw-
group::r--
group:testgroup:rwx
mask::rwx
other::r--

It is possible to edit POSIX rights without specifying user or group:

setfacl -m g::r test
getfacl test
# file: test
# owner: root
# group: root
user::rw-
user:testuser:rw-
group::r--
group:testgroup:rwx
mask::rwx
other::r--

same for user:

setfacl -m u::r test
getfacl test
# file: test
# owner: root
# group: root
user::r--
user:testuser:rw-
group::r--
group:testgroup:rwx
mask::rwx
other::r--

ACL on folder

  • -d: inheritance. file in folder will inherit folder ACL

  • -R: recursive

    mkdir test-folder setfacl -dm u:testuser:rwx test-folder/

check:

getfacl test-folder/
# file: test-folder/
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
default:user::rwx
default:user:testuser:rwx
default:group::r-x
default:mask::rwx
default:other::r-x

check child file inherits ACL from parent folder:

touch test-folder/a
getfacl test-folder/a

=>

# file: test-folder/a
# owner: root
# group: root
user::rw-
user:testuser:rwx       #effective:rw-
group::r-x          #effective:r--
mask::rw-
other::r--

Recursive mode is not linked to file.

Delete ACL

Delete all ACLs

setfacl -b test

There is no more ACL rights, only POSIX rights:

getfacl test
# file: test
# owner: root
# group: root
user::r--
group::r--
other::r--

Delete default ACLs with -k

getfacl test-folder/
# file: test-folder/
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
default:user::rwx
default:user:testuser:rwx
default:group::r-x
default:mask::rwx
default:other::r-x

delete: setfacl -k test-folder/ check: getfacl test-folder/

# file: test-folder/
# owner: root
# group: root
user::rwx
group::r-x
other::r-x

Delete a particular ACL with -x

setfacl -x u:testuser test

Mask

A mask is a logical AND operator. The effective rights will result of the logical AND operation of the right mask and the user or group ACL. Check the #effective: in getfacl output:

Let a rwx ACL to testuser:

setfacl -m u:testuser:rwx test

Let a rw mask ACL:

setfacl -m m::rw test

Check rights:

 getfacl test
# file: test
# owner: root
# group: root
user::r--
user:testuser:rwx               #effective:rw-
group::r--
mask::rw-
other::r--

For testuser:

user:testuser:rwx               #effective:rw

The effective rights are the result of the logical AND operation, thus rw

ACL hierarchy

mask > user ACL > group ACL > owner group ACL > POSIX rights