How to check setuid and setgid on Linux with find command

Linux

Linux find command is a powerful tool to ease system administration and saves a lots of time while working on file filtering or finding a specific type of file from a large collections of files. This article describes about finding specific file type have setuid and setgid bit.

Topic

  • How to use find command to list files or binaries have setuid or setgid bit?
  • Linux find command to locate files having setuid or setgid bit?
  • setuid and setgid

apt

  • Linux

Solution


setuid and setgid are Unix access rights flags that allow users to run an executable C program or binary with the permissions of the executable binary file’s original owner or group respectively instead of the user/group actually executing the program.

  • Find setuid file types have root user ownership in /usr/bin and /usr/lib directories. In the following command, number 4000 represents setuid.
# find /usr/bin /usr/lib -perm /4000 -user root
/usr/bin/chfn
/usr/bin/passwd
/usr/bin/chage
/usr/bin/gpasswd
/usr/bin/newgrp
/usr/bin/su
/usr/bin/chsh
/usr/bin/sudo
/usr/bin/mount
/usr/bin/umount

[....]

  • Find all files have setuid permission in /usr/bin directory.
# find /usr/bin  -perm /4000 -ls
  5844   24 -rws--x--x   1 root     root        24048 Mar 22  2019 /usr/bin/chfn
  3585   28 -rwsr-xr-x   1 root     root        27936 Mar 23  2019 /usr/bin/passwd
  4564   76 -rwsr-xr-x   1 root     root        73896 May  3  2019 /usr/bin/chage
  4565   80 -rwsr-xr-x   1 root     root        78408 May  3  2019 /usr/bin/gpasswd
  4568   44 -rwsr-xr-x   1 root     root        41936 May  3  2019 /usr/bin/newgrp

  [...]

  • Find all files have setuid permission in the entire system.
# find /  -perm /4000 -ls

  • Find all files have setgid group ownership in /usr directory and the group name owned by root. In the following command, number 2000 represents setgid bit.
# find /usr -perm /2000 -group root -ls
33612455    8 -rwxr-sr-x   1 root     root         7216 Mar 29  2019 /usr/sbin/netreport
42249147   88 -rwsr-sr-x   1 root     root        88528 Jun 14 19:17 /usr/libexec/snapd/snap-confine

  • Find all files have setgid group ownership in the entire system.
# find /usr -perm /2000 

[...]

You May Also Like

avatar

About the Author: TekFik

TekFik is a technical blogging site helps techies and engineers to solve their day to day issues and also allows everyone to share knowledge and feedback. Please feel free to contact us at tekfik.rd@gmail.com if there is anything.

Leave a Reply

Your email address will not be published. Required fields are marked *