170
17
How can I find only the executable files under a certain directory in Linux?
170
17
How can I find only the executable files under a certain directory in Linux?
170
Checking for executable files can be done with -perm
(not recommended) or -executable
(recommended, as it takes ACL into account). To use the -executable
option:
find <dir> -executable
if you want to find only executable files and not searchable directories, combine with -type f
:
find <dir> -executable -type f
7If you have an old version of find (probably before 4.3.8) which lacks -executable use find . -perm /u=x,g=x,o=x. – Ludwig Weinzierl – 2010-05-14T19:06:21.537
How about not executable? Seems like a good thing to add here... – Dan Bolser – 2019-05-02T14:54:03.033
1@DanBolser that's as simple as find -not -executable
(optionally with -type f
, depending on whether you want to only include files in the result) – knittl – 2019-05-02T15:08:57.387
Thanks @knittl, worth editing the answer? – Dan Bolser – 2019-05-03T16:13:45.703
@DanBolser the discussion probably takes longer than actually updating the answer, but I think the answer is complete as it stands now. The OP was specfically about finding files which are executable, not about excluding them. I expect people to read the find man page to some extent and they will find the basic -not
operator there.
I can't edit it. I've been using find for years, but -executeable and -not are both new to me (just saying ;-) – Dan Bolser – 2019-05-04T19:08:28.427
This will return files with the execute turned on only. A more thorough analysis would check for a shebang line or whether the file is binary – None – 2009-09-10T12:04:25.407
24a shebang doesn’t mean they’re executable. it tells us only which interpreter to use. and by linux definition “executable files” are files with the executable (x) bit set – knittl – 2009-09-10T12:09:18.953
2What version of find supports that type for -type? man find lists b, c, d, p, f, l, s and D on my system. – innaM – 2009-09-10T15:51:23.067
2Same here, my find doesn't have a -type x
either. – davr – 2009-09-10T17:17:39.507
For some reason I always think that "-type x" will work too. I can only imagine it was available on some flavour of Unix I used once. – Dave Webb – 2009-09-21T10:39:28.183
@dave: glad to hear i’m not the only one :) – knittl – 2009-09-23T09:23:30.880
4-executable isn't at all portable and should be avoided – Good Person – 2012-10-26T15:54:09.330
9find: invalid predicate -executable'
on RHEL – SSH This – 2013-05-17T20:57:26.310
35
Use the find's -perm
option. This will find files in the current directory that are either executable by their owner, by group members or by others:
find . -perm /u=x,g=x,o=x
Edit:
I just found another option that is present at least in GNU find 4.4.0:
find . -executable
This should work even better because ACLs are also considered.
Seems like -perm /111
may be the most portable version. – Scott – 2016-04-24T04:01:31.467
2This only works on a newer version of find. The one that comes by default with CentOS gives the error find: invalid mode
/u=x,g=x,o=x'` – davr – 2009-09-10T17:18:56.090
12Then you should try the "-perm +" version which is now deprecated in GNU find: find . -perm +111" – innaM – 2009-09-10T19:32:39.703
16
I know the question specifically mentions Linux, but since it's the first result on Google, I just wanted to add the answer I was looking for (for example if you are - like me at the moment - forced by your employer to use a non GNU/Linux system).
Tested on macOS 10.12.5
find . -perm +111 -type f
1Works in RHEL 5 too. – José Tomás Tocino – 2018-05-23T06:30:43.577
This is the only variant I could get working on OS X 10.14, thx – Justin – 2019-01-16T19:17:01.387
Needed this while using a busybox build of find. -executable did not work. -perm +111
is perfect. – jmcarter9t – 2019-12-17T17:31:33.193
3
I have another approach, in case what you really want is just to do something with executable files--and not necessarily to actually force find to filter itself:
for i in `find -type f`; do [ -x $i ] && echo "$i is executable"; done
I prefer this because it doesn't rely on -executable
which is platform specific; and it doesn't rely on -perm
which is a bit arcane, a bit platform specific, and as written above requires the file to be executable for everyone (not just you).
The -type f
is important because in *nix directories have to be executable to be traversable, and the more of the query is in the find
command, the more memory efficient your command will be.
Anyhow, just offering another approach, since *nix is the land of a billion approaches.
(0) Which do you prefer, arcane and correct or intuitive and flawed? I prefer correct. (1) innaM’s answer, featuring find -perm
, finds files that have any execute permission bit set. (2) By contrast, this answer finds only files for which the current user has execute permission. Granted, that might be what the OP wants, but it’s unclear. … (Cont’d)
(Cont’d) … (3) For clarity, you might want to change \
…`` to $(…)
— see this, this, and this. (4) But don’t do for i in $(find …); do …
; it fails on filenames that contain space(s). Instead, do find … -exec …
. (5) And, when you do work with shell variables, always quote them (in double quotes) unless you have a good reason not to, and you’re sure you know what you’re doing.
@scott OK, I stand corrected :) I read the -perm
argument as requiring all three, not one of them. Also, thank you for the input on protecting shell arguments, that's all stuff I wasn't aware of. – Mark McKenna – 2016-04-25T13:50:54.257
@MarkMcKenna you have a typo in there: for i in
find . -type f; do [ -x $i ] && echo "$i is executable"; done
; you are missing the <dir> part, which I use a dot(.) – Devy – 2016-08-31T20:07:13.390
2
A file marked executable need not be a executable or loadable file or object.
Here is what I use:
find ./ -type f -name "*" -not -name "*.o" -exec sh -c '
case "$(head -n 1 "$1")" in
?ELF*) exit 0;;
MZ*) exit 0;;
#!*/ocamlrun*)exit0;;
esac
exit 1
' sh {} \; -print
2What does this do? – DerMike – 2015-01-14T08:04:11.643
@DerMike, It is one of the ways to find executable in current directory, including .so files, even if a file is not marked executable it can discover. – AjayKumarBasuthkar – 2015-01-14T21:59:23.500
Well, I mean, how does it do that? – DerMike – 2015-01-15T10:05:21.443
It reads from the header of the file to discover, every binary file or script file has header. – AjayKumarBasuthkar – 2015-01-15T13:44:36.123
As far as I know, -name "*"
has no effect on find
— it normally finds all files that are not eliminated by tests. – G-Man Says 'Reinstate Monica' – 2016-02-20T03:11:53.447
@AjayKumarBasuthkar you are aware this is NOT an answer to the question? the question was how to find executable files (=those that can be executed, = those w/ +x). not how to find all ELF, EXE and whatever-ocamlrun-is files. – nonchip – 2016-08-19T12:40:19.583
1
As a fan of the one liner...
find /usr/bin -executable -type f -print0 | xargs file | grep ASCII
Using 'xargs' to take the output from the find command (using print0 to ensure filenames with spaces are handled correctly). We now have a list of files that are executable and we provide them, one by one, as the parameter for the 'file' command. Then grep for the term ASCII to ignore binaries. Please substitute -executable in find command with what style you prefer (see earlier answers) or what works on your 'NIX OS
I required the above to find files with eval in scripts owned by root, so created the following to help find priv escalation weaknesses where root user runs scripts with unsafe parameters...
echo -n "+ Identifying script files owned by root that execute and have an eval in them..."
find / -not \( -path /proc -prune \) -type f -executable -user root -exec grep -l eval {} \; -exec file {} \; | grep ASCII| cut -d ':' -f1 > $outputDir"/root_owned_scripts_with_eval.out" 2>/dev/null &
That won't work if the script contains non-ASCII characters. file
reports the encoding, so a python script can be reported as a /usr/bin/python script, UTF-8 Unicode text executable
. find ... | xargs file -b | grep -v '^ELF'
could work better to spot the non-binaries. – xenoid – 2017-07-12T19:34:49.353
0
I created a function in ~/.bashrc
tonight to find executable files not in the system path and not directories:
# Quickly locate executables not in the path
xlocate () {
locate -0r "$1" | xargs -0 -I{} bash -c '[[ -x "$1" ]] && [[ ! -d "$1" ]] \
&& echo "executable: $1"' _ {}
} # xlocate ()
The advantage is it will search three Linux distros and a Windows installation in under a second where the find
command takes 15 minutes.
For example:
$ time xlocate llocate
executable: /bin/ntfsfallocate
executable: /home/rick/restore/mnt/e/bin/llocate
executable: /mnt/clone/bin/ntfsfallocate
executable: /mnt/clone/home/rick/restore/mnt/e/bin/llocate
executable: /mnt/clone/usr/bin/fallocate
executable: /mnt/e/bin/llocate
executable: /mnt/old/bin/ntfsfallocate
executable: /mnt/old/usr/bin/fallocate
executable: /usr/bin/fallocate
real 0m0.504s
user 0m0.487s
sys 0m0.018s
Or for a whole directory and all it's subs:
$ time xlocate /mnt/e/usr/local/bin/ | wc -l
65
real 0m0.741s
user 0m0.705s
sys 0m0.032s
What about using the standard
– Breakthrough – 2014-12-08T14:22:17.610file
command?5For anyone wanting to do this on a Mac (tested on OS X 10.9.5):
The above will list all executables (for all/user and group) in the current directory.
Note: The
-executable
option does not work on a Mac hence the above workaround. – techfoobar – 2014-12-08T14:28:02.357Also relevant: Unix find: search for executable files
– Slothworks – 2015-08-14T06:10:22.9001@techfoobar: The question is ambiguous: Does it mean files that contain executable code, or does it mean files that have executable permission? But even if we assume that executable permission is what is wanted (as the majority of the responses seem to), the question doesn't say world-executable. Your solution will find files (and also fifos, sockets, symlinks, etc.) that have world execute permission, but not 750 (
-rwxr-x---
), which is still executable to some users. – G-Man Says 'Reinstate Monica' – 2016-02-20T03:06:25.387Here is a kind of BASH script, it is not-bad is what I can say :)
– AjayKumarBasuthkar – 2014-03-26T07:49:08.087http://stackoverflow.com/a/20209457/2067125