Finding SUID/SGID files

From V.S.V., Inc.
Jump to: navigation, search

For added security a Linux box should have the SUID (Set User ID) SGID (Set Group ID) turned off on any executable where it is not absolutely essential. An easy way to check this is with the following find(1) command:

# find / -type f -perm -6000 -ls

or

# find / \( -perm -2000 -o -perm -4000 \) -exec ls -ld {} \;

Where -2000 is the octal value for SGID permissions, -4000 is the octal value of SUID permissions and -6000 is both together.

See also Finding orphan files