Thursday, December 11, 2008

Find suid/sgid files

There are special permission that files in Unix-like systems can have called "set user id" (suid) and "set group id" (sgid). When set, these permissions alter how the programs are run. When suid is set, the program runs as the user who owns the file. When sgid is set, it runs as the group that owns the file. While these permissions are very useful, they can also be dangerous. You especially want to limit the number of programs that run as user root since they can write to any part of the system. This tip shows how to use the find program to locate all suid/sgid files. You need to run these commands as root in order to search the entire system.

Find all SUID root files:
find / -user root -perm -4000 -print

Find all SGID root files:
find / -group root -perm -2000 -print

Find all SUID and SGID files owned by anyone:
find / -perm -4000 -o -perm -2000 -print

Find all files that are not owned by any user:
find / -nouser -print

Find all files that are not owned by any group:
find / -nogroup -print

Find all symlinks and what they point to:
find / -type l -ls