$ Linux One Liners
Back to commands

Cybersecurity Triage

Read-only, can be slow

Find Writable Directories Missing the Sticky Bit

You need to find directories that any user can write to, but where users can also rename or delete each other's files.

Command

find fixtures/perm-audit -type d -perm -0002 ! -perm -1000 -printf '%m %u:%g %p\n' | sort

Before you run this

System impact: Read-only. Can create load on large logs, directories, filesystems, or process tables.

When not to use it: Do not assume every result is exploitable without checking service users and directory purpose.

Expected output

Mode, owner, group, and path for writable directories missing the sticky bit.

System impact

Read-only, can be slow. Nothing changes. The command lists world-writable directories that lack sticky-bit protection.

Scope this to the smallest useful path or service on busy systems.

Recovery / rollback: no state is changed.

When to use it

Use during permission audits when shared write paths may have been opened too broadly.

When not to use it

Do not assume every result is exploitable without checking service users and directory purpose.

Explanation-only example

Illustrated output, not a live lab run

This example is intentionally illustrative. It shows the command shape without killing real processes or changing your machine.

demo@lab:~$

$ find sample-files/perm-audit -type d -perm -0002 -printf '%m %u:%g %p\n' | sort

777 root:root sample-files/perm-audit/releases/2026-06-25/storage/logs

$ find sample-files/perm-audit -type d -perm -0002 ! -perm -1000 -printf '%m %u:%g %p\n' | sort

777 root:root sample-files/perm-audit/releases/2026-06-25/storage/logs
View commands shown

These are the commands shown in the sanitized transcript.

Commands shown

  1. find fixtures/perm-audit -type d -perm -0002 -printf '%m %u:%g %p\n' | sort
  2. find fixtures/perm-audit -type d -perm -0002 ! -perm -1000 -printf '%m %u:%g %p\n' | sort

next steps

Related commands

Cybersecurity Triage Can be slow

Find Upload Files Writable Outside the Owner

Uploads are supposed to be writable at the edge, not writable forever by everyone.

find fixtures/perm-audit/releases/2026-06-25/uploads -type f -perm /0022 -printf '%M %u:%g %p\n' | sort
Cybersecurity Triage Can be slow

Find Config Files with Execute Bits

Config files do not usually need to be executable.

find fixtures/perm-audit -type f -perm /111 \( -path '*/config/*' -o -name '*.env' -o -name '*.conf' \) -printf '%M %u:%g %p\n' | sort
Cybersecurity Triage Sensitive output

Find World-Readable Secret-Looking Files

The fastest secret audit starts with readable files that look like secrets.

find fixtures/perm-audit -type f -perm -0004 \( -iname '*secret*' -o -iname '*.env' -o -iname '*token*' -o -iname '*key*' \) -printf '%M %u:%g %p\n' | sort
Hosting Operations Can be slow

Find Release Files Writable Outside the Owner

A release file that someone besides the owner can modify deserves a second look.

find fixtures/perm-audit/releases/2026-06-25 -type f -perm /0022 -printf '%M %u:%g %p\n' | sort
Study mapping

Use this as independent command practice: read the notes, predict the output, then compare it with the example before using a real shell.

  • lpic1:103-gnu-unix-commands
  • lpic1:104-filesystems-permissions-fhs
  • lpic1:110-security
  • lfcs:essential-commands
  • lfcs:security-hygiene
  • lfcs:storage
  • linuxplus:automation-scripting
  • linuxplus:provisional
  • linuxplus:system-management
  • risk:read-only

Useful for

  • LPIC-1 style command-line practice
  • LFCS style performance tasks
  • Linux+ style troubleshooting review

Independent study support only. No affiliation, endorsement, exam dumps, or real exam questions.