How would I go about finding all files recursively that have ACLs different from what I'm searching for? For example I would like to find all files in a directory that have ACLs that are not identical to the following example:
# owner: bob # group: bobs-group user::rwx user:fred:rwx group::rw- mask::rwx other::r-- Using a separate search I'd like to be able to do the same for directories, but with slightly different permissions.
You may use find and a diff.
perref$cat perref # owner: bob # group: bobs-group user::rwx user:fred:rwx group::rw- mask::rwx other::r-- find-magic by simply comparing the output of getfacl with the reference and negating matches. As this needs to cut the first line of getfacl output (i.e. the filename), one needs process substitution here, this must go via a shell script and proper quoting.find -type f \ ! -exec bash -c 'diff -q <(getfacl "$1" | sed 1d ) perref >/dev/null' bash '{}' \; \ -print Or -print0 in the end, depending on the further plans. This works as diff has a 0 as exit status if files are identical.
Remove the ! for finding files with matching ACLs. Use -type d for doing the search on directories.
$(command) or `command` => command substitution ; <(command) or >(command) => process substitution. cmp -s instead of diff -q. That way, you can omit >/dev/null. I also suggest to change the <(…) process substitution by a pipe (getfacl … | cmp -s - perref), which will allow you to use sh -c instead of Bash. The result of the second line is ! -exec sh -c 'getfacl "$1" | sed 1d | cmp -s - perref' sh '{}' \; :-) getfacl -- "$1" to allow for filenames starting with dashes