Find files which has SUID/SGID and disable the security bit?

To find files with SUID/SGID set and disable their security bit, you can use the Linux Find command.

  • Under root, find all set user id files with the following command.

# find / -perm +4000

  • Find all group id files under /

# find / -perm +2000

You can combine both the above find commands in a single command as follows.

# find / -type f ( -perm -4000 -o -perm -2000 ) -exec ls -l {} ;

Now remove suid or sgid or both of them as follows.

# chmod u-s file_name
# chmod g-s file_name

You can use the following command to do the above operation recursively. This will remove all suid of the files. In the same way, you can also change for sgid files and disable their security bit.

# for i in `find / -perm +4000`; do chmod u-s $i; done

Leave a Reply