Objective: Find files with setuid permissions on Unix / Linux.
The setuid bit is normally set with the command chmod by setting the high order octal digit to 4. The following command will set setuid on a file called foo.
|
1 2 3 |
# chmod 4755 foo # ls -l foo -rwsr-xr-x 1 root root 176400 Mar 27 18:33 foo |
To find files with setuid permissions, use the following syntax.
|
1 2 3 |
# find / -perm -4000 -exec ls -ld {} \; -rwsr-sr-x 1 root root 9468 May 11 2015 /usr/bin/X -rwsr-xr-x 1 root root 176400 Mar 12 2015 /usr/bin/sudo |
To look for files that has both setuid and setgid set, use the following syntax.
|
1 2 |
# find / -perm -6000 -exec ls -ld {} \; -rwsr-sr-x 1 root root 9468 May 11 2015 /usr/bin/X |
The high order octal digit has a value of 2 when the setgid bit is set. Adding both values for setuid (4) and setgid (2) gives 6.
If you would like to find files that has setuid and/or setgid set, then you can use the following syntax. Note that this syntax is only supported on GNU find.
|
1 2 3 4 |
# find / -perm /6000 -exec ls -ld {} \; drwxr-sr-x 35 man root 4096 Mar 27 17:49 /var/cache/man -rwsr-sr-x 1 root root 9468 May 11 2015 /usr/bin/X -rwsr-xr-x 1 root root 176400 Mar 12 2015 /usr/bin/sudo |
Mohamed Ibrahim
ibrahim = { interested_in(unix, linux, android, open_source, reverse_engineering); coding(c, shell, php, python, java, javascript, nodejs, react); plays_on(xbox, ps4); linux_desktop_user(true); }
