Linux find command is a powerful tool to ease system administration and saves a lots of time while working on file filtering or finding a specific type of file from a large collections of files. This article describes about finding specific file type have setuid and setgid bit.
Topic
- How to use find command to list files or binaries have setuid or setgid bit?
- Linux find command to locate files having setuid or setgid bit?
- setuid and setgid
apt
- Linux
Solution
setuid and setgid are Unix access rights flags that allow users to run an executable C program or binary with the permissions of the executable binary file’s original owner or group respectively instead of the user/group actually executing the program.
- Find setuid file types have root user ownership in /usr/bin and /usr/lib directories. In the following command, number 4000 represents setuid.
# find /usr/bin /usr/lib -perm /4000 -user root
/usr/bin/chfn
/usr/bin/passwd
/usr/bin/chage
/usr/bin/gpasswd
/usr/bin/newgrp
/usr/bin/su
/usr/bin/chsh
/usr/bin/sudo
/usr/bin/mount
/usr/bin/umount
[....]- Find all files have setuid permission in /usr/bin directory.
# find /usr/bin -perm /4000 -ls
5844 24 -rws--x--x 1 root root 24048 Mar 22 2019 /usr/bin/chfn
3585 28 -rwsr-xr-x 1 root root 27936 Mar 23 2019 /usr/bin/passwd
4564 76 -rwsr-xr-x 1 root root 73896 May 3 2019 /usr/bin/chage
4565 80 -rwsr-xr-x 1 root root 78408 May 3 2019 /usr/bin/gpasswd
4568 44 -rwsr-xr-x 1 root root 41936 May 3 2019 /usr/bin/newgrp
[...]- Find all files have setuid permission in the entire system.
# find / -perm /4000 -ls- Find all files have setgid group ownership in /usr directory and the group name owned by root. In the following command, number 2000 represents setgid bit.
# find /usr -perm /2000 -group root -ls
33612455 8 -rwxr-sr-x 1 root root 7216 Mar 29 2019 /usr/sbin/netreport
42249147 88 -rwsr-sr-x 1 root root 88528 Jun 14 19:17 /usr/libexec/snapd/snap-confine- Find all files have setgid group ownership in the entire system.
# find /usr -perm /2000
[...]
