Linux find command is a powerful tool to ease system administration and saves a lots of time while working on file filtering or finding a specific type of file from a large collections of files. This article describes about finding specific file type have setuid and setgid bit.
- How to use find command to list files or binaries have setuid or setgid bit?
- Linux find command to locate files having setuid or setgid bit?
- setuid and setgid
setuid and setgid are Unix access rights flags that allow users to run an executable C program or binary with the permissions of the executable binary file’s original owner or group respectively instead of the user/group actually executing the program.
- Find setuid file types have root user ownership in /usr/bin and /usr/lib directories. In the following command, number 4000 represents setuid.
# find /usr/bin /usr/lib -perm /4000 -user root /usr/bin/chfn /usr/bin/passwd /usr/bin/chage /usr/bin/gpasswd /usr/bin/newgrp /usr/bin/su /usr/bin/chsh /usr/bin/sudo /usr/bin/mount /usr/bin/umount [....]
- Find all files have setuid permission in /usr/bin directory.
# find /usr/bin -perm /4000 -ls 5844 24 -rws--x--x 1 root root 24048 Mar 22 2019 /usr/bin/chfn 3585 28 -rwsr-xr-x 1 root root 27936 Mar 23 2019 /usr/bin/passwd 4564 76 -rwsr-xr-x 1 root root 73896 May 3 2019 /usr/bin/chage 4565 80 -rwsr-xr-x 1 root root 78408 May 3 2019 /usr/bin/gpasswd 4568 44 -rwsr-xr-x 1 root root 41936 May 3 2019 /usr/bin/newgrp [...]
- Find all files have setuid permission in the entire system.
# find / -perm /4000 -ls
- Find all files have setgid group ownership in /usr directory and the group name owned by root. In the following command, number 2000 represents setgid bit.
# find /usr -perm /2000 -group root -ls 33612455 8 -rwxr-sr-x 1 root root 7216 Mar 29 2019 /usr/sbin/netreport 42249147 88 -rwsr-sr-x 1 root root 88528 Jun 14 19:17 /usr/libexec/snapd/snap-confine
- Find all files have setgid group ownership in the entire system.
# find /usr -perm /2000 [...]