Bash: .* Considered Harmful To Match Dot Files. Why?

last updated in Categories , , ,

How do I match dot files under Unix / Linux using bash shell? Why .* considered as harmful when matching dot files under bash shell?

Short answer.* matches the special “..” link in the directory and your command ends up getting applied to the parent directory. This may end up in unexpected results. Hence, .* considered harmful.


Long answer – Say, you want to run a chmomd/chown or find command on all of the dot files in a directory called /home/nixcraft/projects. You type the following command in $HOME/projects/ to match all dot files:

chmod -R 0444 .*


chown -R user:group .*

This will change the permission for both in the current and parent directory as .. will be matched by .*. This may result into unexpected security related issues and few other problems. Many Linux / Unix commands offers an option to work recursively on files. In this example, the -R option will match the current and all sub-dirs of parent directory. This can result into disaster if you have several thousand files. Restoring and cleaning from this kind of problems can be time consuming. Use the following syntax to match dot files:

chmod -R 0444 .[^.]*


chown -R user:group .[^.]*


ls -R .[^.]*


find . -iname ".[^.]*" -print


find . -iname ".[^.]*" -ls


Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

6 comment

  1. Hi,
    Good to say.

    By the way:

    1) [find] could be set to find files only with [-type] parameter set to [f].

    find . -type f -iname “.[^.]*” -print

    2) In this case, there is no need to use special search string, and you can use “.*”

    3) Finally, there is also no point in using case-insensitive search [-iname], normal search [-name] will make it.

    So, this is appropriate to use:

    find . -type f -name “.*” -print

    You may consider modifying your article accordingly.

    — Philippe

  2. Simpler while not so complete as above solutions:

    chmod -R +x .??*

    This will match anything beginning by dot but not a filename with only ONE char after dot (.a for example)

    1. Not totally bad, but as you said, this does not do the trick for all cases… ;-)
      so I won’t use your code and stick to :

      find . -type f -name “.*” -print | xargs # do here whatever you need

  3. Well, it depends on your shell.

    When I try ‘ls -d .*’, zsh does not return . and .. whereas bash returns both.
    So, with zsh, it’s not harmful, but, yes, be careful with that.

  4. Sometime we make a mistake (chown -R .*), for futher question if already done. How to detecting file/folder which’s already changed without compare with original other system? – Thank You

    Still, have a question? Get help on our forum!