6

I want to find all files with acl set. I know this dirty solution: for find all files with acl set in dir. /etc

 sudo ls -lhR /etc|grep +

Someone know a more elegant solution?

elbarna
  • 12,695

2 Answers2

7

Easy and elegant is quite a high bar to reach and your dirty solution fails if you have filenames with + in it (say c++).

The alternative is using getfacl recursively, skipping files that don't have ACL

getfacl -Rs /your/dir | grep "# file:"

That will list them and the grep keeps just the filenames.

Eduardo Trápani
  • 12,834
2

With sfind or the find builtin of the bosh shell, it's just:

sfind . -acl

bosh -c 'find . -acl'

-acl The primary evaluates as true if  the  file  has  addi-
     tional  ACLs defined.  On platforms that do not support
     ACLs or where sfind does not yet support ACLs, the pri-
     mary   always   evaluates  as  false.   Currently  only
     Solaris, Linux and FreeBSD is supported.

Both sfind and bosh are shipped as part of Schily-Tools.

To get something similar with the getfacl command typically found on GNU systems, building up on Eduardo's answer, we'd need to decode the file field (where getfacl encodes some byte values with \ooo representations and \ as \\) with something like:

getfacl -Rs  . | perl -nle '
  if (/^# file: (.*)/) {
    print $1 =~ s{\\(\\|[0-7]{3})}{
      $1 eq "\\" ? "\\" : chr oct $1}ger
  }'

To do something with that list of files, as we can't use find's -exec here, you'd want to print the list NUL delimited:

getfacl -Rs  . | perl -nl0e '
  if (/^# file: (.*)/) {
    print $1 =~ s{\\(\\|[0-7]{3})}{
      $1 eq "\\" ? "\\" : chr oct $1}ger
  }'

So you can for instance pipe it to xargs -r0 some-command or store in an array with array=( ${(0)"$(cmd)"} ) (zsh) or readarray -td '' < <(cmd) (bash 4.4+).

Stéphane Chazelas
  • 544,893
  • 1
    Schily-Tools asks for root permissions to install and then modify (as it chooses) root owned files in several directories. Not something I would allow in my systems. But YMMV and you have a lower security bar. –  Jun 18 '21 at 22:56
  • If you assume linux + perl, you can probably combine File::Find and syscall(SYS_[l]getxattr, "system.posix_acl_{access,default}"). –  Jun 19 '21 at 08:39
  • @Isaac, how to build schily-tools, perl or acl or any of the software involved in this Q&A from source is beyond the scope of this Q&A, but if you want to build it yourself and use smake install to install it outside system locations, you can have a look at the README.compile in the source tarball. If you have concerns about the security of that software, I'd suggest you bring it up to the maintainer, but here it sounds more like a packaging concern. – Stéphane Chazelas Jun 19 '21 at 12:50