Special Permissions – SUID/SGID
There are two special permissions that can be set on executable files: Set User ID (setuid) and Set Group ID (sgid). These permissions allow the file being executed to be executed with the privileges of the owner or the group. For example, if a file was owned by the root user and has the setuid bit set, no matter who executed the file it would always run with root user privileges.
Finding files with SUID/SGID bit set
We can find all the files with SUID SGID permissions using the find command.
1. To find all files with SUID permissions under root :
# find / -perm +4000
2. To find all files with SGID permissions under root :
# find / -perm +2000
3. we can also combine both find commands in a single find command:
# find / -type f \( -perm -4000 -o -perm -2000 \) -exec ls -l {} \; Removing SUID/SGID
If you want to remove the SGID and SUID permissions on the files, you can follow the steps below. Once you get the list of files, you remove the security bit using chmod command :
For SUID :
# chmod u-s file_name
For SGID :
# chmod g-s file_name
To recursively do it you can execute the following command :
# for i in `find / -perm +4000` do chmod u-s $i done
Similarly you can change for sgid files also.
# for i in `find / -perm +2000` do chmod g-s $i done