[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Request for enhancements to find
|
From: |
Wayne Pollock |
|
Subject: |
Request for enhancements to find |
|
Date: |
Fri, 19 Oct 2007 21:08:04 -0400 |
|
User-agent: |
Thunderbird 2.0.0.6 (Windows/20070728) |
Recently wrote a script to find suspicious Unix files.
I found some parts difficult or impossible to do well,
and would like to ask for some additional functionality
to be added to find:
For -perm:
You can't easily find files with odd combinations of
permissions, such as files with more access for group
members than the owner/user, or more for others than
for group members.
I would like to see the syntax extended to allow something
like:
-perm -u-r,g=r -o -perm -g-r,o=r
Currently I don't believe find allows 'u-r". I think this
should be allowed, with the meaning of "-perm -u-r,g=r"
to be "user read is off, group read is on, other permission
bits can be anything".
For time comparisons:
To check for files with invalid, future dates, you must
currently create a file first, then use "-newer", then
delete the file.
This doesn't work well in this case, as you can only test
the mtime of the files. One possible fix would be to add
-anewer and -cnewer (and maybe -mnewer, for completeness).
However when searching a large filesystem for such files,
find many take several seconds or minutes. Thus this test
shows many false positives (all files modified since the
temp file was created).
I would like to have a way to compare a file with the current
time. I don't know the best way to allow this, perhaps a
special string "NOW" in place of the filename, or perhaps
a new test -future or -newernow or even -badtimestamp?
Thank you for listening!
-Wayne
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- Request for enhancements to find,
Wayne Pollock <=