I’m looking for find
command arguments to find all files under the /
that have setuid and setgid privileges. I have find / ???
so far.
The simplest way to check if a file has the setuid bit set is to use ls -l </path/to/the/file>. If there is an "s" in the execute field for the user, the sticky bit is set. For example, we can see this with the passwd executable on most *nix systems.
SUID(Set-user Identification) and SGID(Set-group identification) are two special permissions that can be set on executable files, and These permissions allow the file being executed to be executed with the privileges of the owner or the group. SUID: It is special file permission for executable files.
The -perm parameter of the find command can be used to find the files with specific permissions. The 2 ways to specify the permissions with the -perm parameter are : -perm -mode --- All of the permission bits mode are set for the file. -perm /mode --- Any of the permission bits mode are set for the file.
Commonly noted as SUID, the special permission for the user access level has a single function: A file with SUID always executes as the user who owns the file, regardless of the user passing the command. If the file owner doesn't have execute permissions, then use an uppercase S here.
setuid or setgid (GNU findutils):
find / -perm /6000
setuid or setgid (POSIX):
find / -perm -4000 -o -perm -2000
setuid and setgid:
find / -perm -6000
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With