I need to hide all permission denied messages from:
find . > files_and_folders
I am experimenting when such message arises. I need to gather all folders and files, to which it does not arise.
Is it possible to direct the permission levels to the files_and_folders
file?
How can I hide the errors at the same time?
When find tries to search a directory or file that you do not have permission to read the message "Permission Denied" will be output to the screen. The 2>/dev/null option sends these messages to /dev/null so that the found files are easily viewed.
This error occurs when the user does not have the privileges to make edits to a file. Root has access to all files and folders and can make any edits. Other users, however, may not be allowed to make such edits. Remember that only root or users with Sudo privileges can change permissions for files and folders.
We can solve this error by Providing the right permissions to the file using chown or chmod commands and also ensuring Python is running in the elevated mode permission .
Prune usage:$ find . -prune . The find command works like this: It starts finding files from the path provided in the command which in this case is the current directory(.). From here, it traverses through all the files in the entire tree and prints those files matching the criteria specified.
Use:
find . 2>/dev/null > files_and_folders
This hides not just the Permission denied
errors, of course, but all error messages.
If you really want to keep other possible errors, such as too many hops on a symlink, but not the permission denied ones, then you'd probably have to take a flying guess that you don't have many files called 'permission denied' and try:
find . 2>&1 | grep -v 'Permission denied' > files_and_folders
If you strictly want to filter just standard error, you can use the more elaborate construction:
find . 2>&1 > files_and_folders | grep -v 'Permission denied' >&2
The I/O redirection on the find
command is: 2>&1 > files_and_folders |
. The pipe redirects standard output to the grep
command and is applied first. The 2>&1
sends standard error to the same place as standard output (the pipe). The > files_and_folders
sends standard output (but not standard error) to a file. The net result is that messages written to standard error are sent down the pipe and the regular output of find
is written to the file. The grep
filters the standard output (you can decide how selective you want it to be, and may have to change the spelling depending on locale and O/S) and the final >&2
means that the surviving error messages (written to standard output) go to standard error once more. The final redirection could be regarded as optional at the terminal, but would be a very good idea to use it in a script so that error messages appear on standard error.
There are endless variations on this theme, depending on what you want to do. This will work on any variant of Unix with any Bourne shell derivative (Bash, Korn, …) and any POSIX-compliant version of find
.
If you wish to adapt to the specific version of find
you have on your system, there may be alternative options available. GNU find
in particular has a myriad options not available in other versions — see the currently accepted answer for one such set of options.
Note:
find 2>/dev/null
may be good enough in many situations. It may still be of interest for a cross-platform perspective and for its discussion of some advanced shell techniques in the interest of finding a solution that is as robust as possible, even though the cases guarded against may be largely hypothetical.If your shell is bash
or zsh
, there's a solution that is robust while being reasonably simple, using only POSIX-compliant find
features; while bash
itself is not part of POSIX, most modern Unix platforms come with it, making this solution widely portable:
find . > files_and_folders 2> >(grep -v 'Permission denied' >&2)
Note:
If your system is configured to show localized error messages, prefix the find
calls below with LC_ALL=C
(LC_ALL=C find ...
) to ensure that English messages are reported, so that grep -v 'Permission denied'
works as intended. Invariably, however, any error messages that do get displayed will then be in English as well.
>(...)
is a (rarely used) output process substitution that allows redirecting output (in this case, stderr output (2>
) to the stdin of the command inside >(...)
.
In addition to bash
and zsh
, ksh
supports them as well in principle, but trying to combine them with redirection from stderr, as is done here (2> >(...)
), appears to be silently ignored (in ksh 93u+
).
grep -v 'Permission denied'
filters out (-v
) all lines (from the find
command's stderr stream) that contain the phrase Permission denied
and outputs the remaining lines to stderr (>&2
).
Note: There's a small chance that some of grep
's output may arrive after find
completes, because the overall command doesn't wait for the command inside >(...)
to finish. In bash
, you can prevent this by appending | cat
to the command.
This approach is:
robust: grep
is only applied to error messages (and not to a combination of file paths and error messages, potentially leading to false positives), and error messages other than permission-denied ones are passed through, to stderr.
side-effect free: find
's exit code is preserved: the inability to access at least one of the filesystem items encountered results in exit code 1
(although that won't tell you whether errors other than permission-denied ones occurred (too)).
Fully POSIX-compliant solutions either have limitations or require additional work.
If find
's output is to be captured in a file anyway (or suppressed altogether), then the pipeline-based solution from Jonathan Leffler's answer is simple, robust, and POSIX-compliant:
find . 2>&1 >files_and_folders | grep -v 'Permission denied' >&2
Note that the order of the redirections matters: 2>&1
must come first.
Capturing stdout output in a file up front allows 2>&1
to send only error messages through the pipeline, which grep
can then unambiguously operate on.
The only downside is that the overall exit code will be the grep
command's, not find
's, which in this case means: if there are no errors at all or only permission-denied errors, the exit code will be 1
(signaling failure), otherwise (errors other than permission-denied ones) 0
- which is the opposite of the intent.
That said, find
's exit code is rarely used anyway, as it often conveys little information beyond fundamental failure such as passing a non-existent path.
However, the specific case of even only some of the input paths being inaccessible due to lack of permissions is reflected in find
's exit code (in both GNU and BSD find
): if a permissions-denied error occurs for any of the files processed, the exit code is set to 1
.
The following variation addresses that:
find . 2>&1 >files_and_folders | { grep -v 'Permission denied' >&2; [ $? -eq 1 ]; }
Now, the exit code indicates whether any errors other than Permission denied
occurred: 1
if so, 0
otherwise.
In other words: the exit code now reflects the true intent of the command: success (0
) is reported, if no errors at all or only permission-denied errors occurred.
This is arguably even better than just passing find
's exit code through, as in the solution at the top.
gniourf_gniourf in the comments proposes a (still POSIX-compliant) generalization of this solution using sophisticated redirections, which works even with the default behavior of printing the file paths to stdout:
{ find . 3>&2 2>&1 1>&3 | grep -v 'Permission denied' >&3; } 3>&2 2>&1
In short: Custom file descriptor 3
is used to temporarily swap stdout (1
) and stderr (2
), so that error messages alone can be piped to grep
via stdout.
Without these redirections, both data (file paths) and error messages would be piped to grep
via stdout, and grep
would then not be able to distinguish between error message Permission denied
and a (hypothetical) file whose name happens to contain the phrase Permission denied
.
As in the first solution, however, the the exit code reported will be grep
's, not find
's, but the same fix as above can be applied.
There are several points to note about Michael Brux's answer, find . ! -readable -prune -o -print
:
It requires GNU find
; notably, it won't work on macOS. Of course, if you only ever need the command to work with GNU find
, this won't be a problem for you.
Some Permission denied
errors may still surface: find ! -readable -prune
reports such errors for the child items of directories for which the current user does have r
permission, but lacks x
(executable) permission. The reason is that because the directory itself is readable, -prune
is not executed, and the attempt to descend into that directory then triggers the error messages. That said, the typical case is for the r
permission to be missing.
Note: The following point is a matter of philosophy and/or specific use case, and you may decide it is not relevant to you and that the command fits your needs well, especially if simply printing the paths is all you do:
find
command, then the opposite approach of proactively preventing permission-denied errors requires introducing "noise" into the find
command, which also introduces complexity and logical pitfalls.-name
filter, as follows:find . ! -readable -prune -o -name '*.txt'
-print
action is required (an explanation can be found in this answer). Such subtleties can introduce bugs.The first solution in Jonathan Leffler's answer, find . 2>/dev/null > files_and_folders
, as he himself states, blindly silences all error messages (and the workaround is cumbersome and not fully robust, as he also explains). Pragmatically speaking, however, it is the simplest solution, as you may be content to assume that any and all errors would be permission-related.
mist's answer, sudo find . > files_and_folders
, is concise and pragmatic, but ill-advised for anything other than merely printing filenames, for security reasons: because you're running as the root user, "you risk having your whole system being messed up by a bug in find or a malicious version, or an incorrect invocation which writes something unexpectedly, which could not happen if you ran this with normal privileges" (from a comment on mist's answer by tripleee).
The 2nd solution in viraptor's answer, find . 2>&1 | grep -v 'Permission denied' > some_file
runs the risk of false positives (due to sending a mix of stdout and stderr through the pipeline), and, potentially, instead of reporting non-permission-denied errors via stderr, captures them alongside the output paths in the output file.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With