$ Linux One Liners
Back to lessons

Hosting Operations

Group Writable Files by Owning Group

You need to see which groups can modify files under an application tree.

Command

find fixtures/perm-audit -type f -perm -0020 -printf '%g %M %p\n' | sort

What changed

Nothing changes. The command groups writable files by their owning group.

Danger

safe

When to use it

Use when service groups, deploy groups, or shared upload directories are under review.

When not to use it

Do not treat group-writable as bad by itself; runtime directories often need it.

Undo or recovery

No undo needed because this command is read-only.

Expected output

Group names, modes, and paths for group-writable files.

demo script

Disposable terminal steps

  1. find fixtures/perm-audit -type f -perm -0020 -printf '%g %M %p\n' | sort
  2. find fixtures/perm-audit -type f -perm -0020 -printf '%g\n' | sort | uniq -c
Terminal transcript Demo JSON

simulated output

What it looks like

disposable vessel 
::fixture-ready::
$ find fixtures/perm-audit -type f -perm -0020 -printf '%g %M %p\n' | sort
root -rw-rw-r-- fixtures/perm-audit/releases/2026-06-25/uploads/customer-export.csv
::exit-code::0
$ find fixtures/perm-audit -type f -perm -0020 -printf '%g\n' | sort | uniq -c
      1 root
::exit-code::0

YouTube Short

Audit group writes.

Do not just ask whether a file is writable. Ask which group can write it, then decide whether that group makes sense.

LinkedIn hook

Group-writable files are not automatically wrong, but the owning group decides the risk.

Question: Do you review group-writable files by group name or just by mode?

experiments

A/B tests to run

Metric: save_rate

A: The group tells you the risk.

B: Writable by which group?