$ Linux One Liners
Back to lessons

Hosting Operations

Find Runtime Directories Writable Outside the Owner

You need to review storage, cache, log, and upload directories that are writable by group or other users.

Command

find fixtures/perm-audit/releases/2026-06-25/storage fixtures/perm-audit/releases/2026-06-25/uploads -type d -perm /0022 -printf '%M %u:%g %p\n' | sort

What changed

Nothing changes. The command lists runtime directories writable outside the owning user.

Danger

safe

When to use it

Use when reviewing writable application paths before hardening or incident cleanup.

When not to use it

Do not treat every result as wrong; caches, uploads, and logs may intentionally allow service-group writes.

Undo or recovery

No undo needed because this command is read-only.

Expected output

Runtime directories with group-write or other-write permission bits.

demo script

Disposable terminal steps

  1. find fixtures/perm-audit/releases/2026-06-25/storage fixtures/perm-audit/releases/2026-06-25/uploads -type d -printf '%M %u:%g %p\n' | sort
  2. find fixtures/perm-audit/releases/2026-06-25/storage fixtures/perm-audit/releases/2026-06-25/uploads -type d -perm /0022 -printf '%M %u:%g %p\n' | sort
Terminal transcript Demo JSON

simulated output

What it looks like

disposable vessel 
::fixture-ready::
$ find fixtures/perm-audit/releases/2026-06-25/storage fixtures/perm-audit/releases/2026-06-25/uploads -type d -printf '%M %u:%g %p\n' | sort
drwxr-xr-x root:root fixtures/perm-audit/releases/2026-06-25/uploads
drwxrwxr-x root:root fixtures/perm-audit/releases/2026-06-25/storage
drwxrwxr-x root:root fixtures/perm-audit/releases/2026-06-25/storage/cache
drwxrwxrwx root:root fixtures/perm-audit/releases/2026-06-25/storage/logs
::exit-code::0
$ find fixtures/perm-audit/releases/2026-06-25/storage fixtures/perm-audit/releases/2026-06-25/uploads -type d -perm /0022 -printf '%M %u:%g %p\n' | sort
drwxrwxr-x root:root fixtures/perm-audit/releases/2026-06-25/storage
drwxrwxr-x root:root fixtures/perm-audit/releases/2026-06-25/storage/cache
drwxrwxrwx root:root fixtures/perm-audit/releases/2026-06-25/storage/logs
::exit-code::0

YouTube Short

Review writable runtime dirs.

Storage, cache, logs, and uploads may need writes. List the directories writable outside the owner so the boundary is explicit.

LinkedIn hook

Runtime directories often need writes, but the write boundary should be visible.

Question: Do you separate runtime write paths from static release files during permission audits?

experiments

A/B tests to run

Metric: save_rate

A: Runtime writes need intent.

B: Find broad writes in runtime paths.