$ Linux One Liners
Back to lessons

Hosting Operations

Find Release Files Writable Outside the Owner

You need to spot files under a release directory that are writable by group or other users.

Command

find fixtures/perm-audit/releases/2026-06-25 -type f -perm /0022 -printf '%M %u:%g %p\n' | sort

What changed

Nothing changes. The command reports files writable outside the owning user.

Danger

safe

When to use it

Use after deploys, restores, packaging changes, or chmod cleanup when release file mutability matters.

When not to use it

Do not blindly remove group write from runtime files without checking how the service writes them.

Undo or recovery

No undo needed because this command is read-only.

Expected output

A sorted list of release files with group-write or other-write bits.

demo script

Disposable terminal steps

  1. find fixtures/perm-audit/releases/2026-06-25 -type f -printf '%M %u:%g %p\n' | sort
  2. find fixtures/perm-audit/releases/2026-06-25 -type f -perm /0022 -printf '%M %u:%g %p\n' | sort
Terminal transcript Demo JSON

simulated output

What it looks like

disposable vessel 
::fixture-ready::
$ find fixtures/perm-audit/releases/2026-06-25 -type f -printf '%M %u:%g %p\n' | sort
-rw-r----- root:root fixtures/perm-audit/releases/2026-06-25/config/app.env
-rw-r--r-- root:root fixtures/perm-audit/releases/2026-06-25/config/secret.key
-rw-r--r-- root:root fixtures/perm-audit/releases/2026-06-25/public/index.html
-rw-r--r-- root:root fixtures/perm-audit/releases/2026-06-25/uploads/orphaned-upload.txt
-rw-rw-r-- root:root fixtures/perm-audit/releases/2026-06-25/uploads/customer-export.csv
-rwsr-xr-x root:root fixtures/perm-audit/releases/2026-06-25/bin/escalate-helper
-rwxr-sr-x root:root fixtures/perm-audit/releases/2026-06-25/bin/report-sync
-rwxr-xr-x root:root fixtures/perm-audit/releases/2026-06-25/bin/healthcheck
-rwxr-xr-x root:root fixtures/perm-audit/releases/2026-06-25/config/worker.conf
::exit-code::0
$ find fixtures/perm-audit/releases/2026-06-25 -type f -perm /0022 -printf '%M %u:%g %p\n' | sort
-rw-rw-r-- root:root fixtures/perm-audit/releases/2026-06-25/uploads/customer-export.csv
::exit-code::0

YouTube Short

Find writable release files.

When reviewing a release tree, list files writable outside the owner before changing modes. The write bit tells you where to inspect first.

LinkedIn hook

A release file that someone besides the owner can modify deserves a second look.

Question: Do you check release files for group or world write bits before chmod cleanup?

experiments

A/B tests to run

Metric: short_click_through_rate

A: Find broad write bits in releases.

B: Writable release files deserve review.