Cybersecurity Triage

Find Config Files with Execute Bits

You need to find non-binary configuration files that accidentally have execute permissions.

Command

find fixtures/perm-audit -type f -perm /111 \( -path '*/config/*' -o -name '*.env' -o -name '*.conf' \) -printf '%M %u:%g %p\n' | sort

What changed

Nothing changes. The command lists config-like files with any execute bit set.

Danger

safe

When to use it

Use when auditing packaged releases, copied configs, or files created from templates.

When not to use it

Do not apply this to directories or legitimate executable scripts.

Undo or recovery

No undo needed because this command is read-only.

Expected output

Config-like files that have owner, group, or other execute bits.

demo script

Disposable terminal steps

find fixtures/perm-audit/releases/2026-06-25/config -type f -printf '%M %u:%g %p\n' | sort
find fixtures/perm-audit -type f -perm /111 \( -path '*/config/*' -o -name '*.env' -o -name '*.conf' \) -printf '%M %u:%g %p\n' | sort

Terminal transcript Demo JSON

simulated output

What it looks like

disposable vessel

::fixture-ready::
$ find fixtures/perm-audit/releases/2026-06-25/config -type f -printf '%M %u:%g %p\n' | sort
-rw-r----- root:root fixtures/perm-audit/releases/2026-06-25/config/app.env
-rw-r--r-- root:root fixtures/perm-audit/releases/2026-06-25/config/secret.key
-rwxr-xr-x root:root fixtures/perm-audit/releases/2026-06-25/config/worker.conf
::exit-code::0
$ find fixtures/perm-audit -type f -perm /111 \( -path '*/config/*' -o -name '*.env' -o -name '*.conf' \) -printf '%M %u:%g %p\n' | sort
-rwxr-xr-x root:root fixtures/perm-audit/releases/2026-06-25/config/worker.conf
::exit-code::0

YouTube Short

Find executable configs.

Execute bits on config files are usually drift. Find them quickly before you start changing modes.

experiments

A/B tests to run

Metric: save_rate

A: Config files rarely need execute bits.

B: Find execute-bit drift in config.