[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Request for enhancements to find

From: Wayne Pollock
Subject: Request for enhancements to find
Date: Fri, 19 Oct 2007 21:08:04 -0400
User-agent: Thunderbird (Windows/20070728)

Recently wrote a script to find suspicious Unix files.
I found some parts difficult or impossible to do well,
and would like to ask for some additional functionality
to be added to find:

For -perm:
  You can't easily find files with odd combinations of
  permissions, such as files with more access for group
  members than the owner/user, or more for others than
  for group members.
  I would like to see the syntax extended to allow something
    -perm -u-r,g=r -o -perm -g-r,o=r
  Currently I don't believe find allows 'u-r".  I think this
  should be allowed, with the meaning of "-perm -u-r,g=r"
  to be "user read is off, group read is on, other permission
  bits can be anything".

For time comparisons:
  To check for files with invalid, future dates, you must
  currently create a file first, then use "-newer", then
  delete the file.
  This doesn't work well in this case, as you can only test
  the mtime of the files.  One possible fix would be to add
  -anewer and -cnewer (and maybe -mnewer, for completeness).

  However when searching a large filesystem for such files,
  find many take several seconds or minutes.  Thus this test
  shows many false positives (all files modified since the
  temp file was created).

  I would like to have a way to compare a file with the current
  time.  I don't know the best way to allow this, perhaps a
  special string "NOW" in place of the filename, or perhaps
  a new test -future or -newernow  or even -badtimestamp?

Thank you for listening!


reply via email to

[Prev in Thread] Current Thread [Next in Thread]