HPE Community
Operating System - HP-UX
1823062 Members
3113 Online
109645 Solutions
New Discussion юеВ

find all setuid files

 
SOLVED
Go to solution
dictum9
Super Advisor

тАО03-29-2006 03:43 AM

тАО03-29-2006 03:43 AM

find all setuid files

I am running the following but it's only getting files that have these permissions. How do I find files with setuid with any permissions, ie. 4755?

---S------
------S---


find / -perm -2000 -o -perm -4000 -exec ls -l {} \;
0 Kudos
Reply
14 REPLIES 14
Patrick Wallek
Honored Contributor

тАО03-29-2006 03:49 AM

тАО03-29-2006 03:49 AM

Re: find all setuid files

Your command looks good to me.

I ran the same thing and it returned all appropriate files.

Are you running the command as root?
0 Kudos
Reply
Rodney Hills
Honored Contributor

тАО03-29-2006 03:51 AM

тАО03-29-2006 03:51 AM

Re: find all setuid files

What do you get if you leave the "-" off the perm value, example-

find / -perm 2000 -o -perm 4000 exec ls -ld {} \;

Rod Hills
There be dragons...
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

тАО03-29-2006 04:00 AM

тАО03-29-2006 04:00 AM

Solution

Re: find all setuid files

Depending upon the version of find you may need to escape your or condition by enclosing it in parentheses. I would also restrict the search to regular files.

find / -type f \( -perm -2000 -o -perm -4000 \) -exec ls -l {} \;


You definitely want the -4000 as opposed to 4000 because 4000 would match only those files with mode 4000 as opposed to 4xxx (where x in this case means means "don't care" rather than execute.)
If it ain't broke, I can fix that.
Reply
dictum9
Super Advisor

тАО03-29-2006 04:03 AM

тАО03-29-2006 04:03 AM

Re: find all setuid files

The problem is, the command I am running does NOT match 4xxxx, it only matches 4000.

I need all permutations of 4xxx, e.q. 4700, 4500, and so on.
0 Kudos
Reply
Patrick Wallek
Honored Contributor

тАО03-29-2006 04:15 AM

тАО03-29-2006 04:15 AM

Re: find all setuid files

I just ran the following on HP-UX versions 10.20, 11.0, 11.11 and 11.23 and got all files with SUID or SGID bits turned on:

# find / -perm -2000 -o -perm -4000 -exec ll -d {} \;

Are you absolutely SURE you put the '-' in front of the 2000 and 4000 in your original find? If you don't have the '-' it will look for exact permissions.
Reply
James R. Ferguson
Acclaimed Contributor

тАО03-29-2006 04:31 AM

тАО03-29-2006 04:31 AM

Re: find all setuid files

Hi
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

тАО03-29-2006 04:36 AM

тАО03-29-2006 04:36 AM

Re: find all setuid files

Hi:

# find . -type f -perm -u+s

...will find files in the current working directory with the setuid bit on whether or not the owner's execute bit is on ("s") or off ("S").

# find . -type f -perm -g+s

...finds those files whose setgid bit is on regarless of group execution rights.

...and:

# find . -type f -perm -ug+s

...finds files where both bits are on.

Regards!

...JRF...
0 Kudos
Reply
dictum9
Super Advisor

тАО03-29-2006 05:33 AM

тАО03-29-2006 05:33 AM

Re: find all setuid files


Here are 2 files I am trying to match. The first command matches none of them, the second just one. How can I fix it to match both of them?

# ll ?
-rwsr-xr-x 1 root sys 5 Mar 29 11:03 a
-rw---Srw- 1 root sys 4 Mar 29 11:41 b

# find . -type f -perm -ug+s
#
# find /data -perm -2000 -o -perm -4000 -exec ls -l {} \;
-rwsr-xr-x 1 root sys 5 Mar 29 11:03 /data/a
#
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

тАО03-29-2006 05:41 AM

тАО03-29-2006 05:41 AM

Re: find all setuid files

Hi (again):

If you re-read my first post, then for:

-rwsr-xr-x 1 root sys 5 Mar 29 11:03 a
-rw---Srw- 1 root sys 4 Mar 29 11:41 b

For file "a" to match use:

# find . -type f -perm -u+s

For file "b" to match, use:

# find . -type f -perm -g+s

Regards!

...JRF...


0 Kudos
Reply
dictum9
Super Advisor

тАО03-29-2006 05:46 AM

тАО03-29-2006 05:46 AM

Re: find all setuid files

This worked, thank you.



find / -type f \( -perm -2000 -o -perm -4000 \) -exec ls -l {} \;
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

тАО03-29-2006 05:46 AM

тАО03-29-2006 05:46 AM

Re: find all setuid files

It's also time to confess. What OS are you running and if HP-UX XX.xx have you looked for and applied the latest find cumulative patch?
If it ain't broke, I can fix that.
0 Kudos
Reply
dictum9
Super Advisor

тАО03-29-2006 05:49 AM

тАО03-29-2006 05:49 AM

Re: find all setuid files

It's 11.0

What's the latest "find" patch?
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

тАО03-29-2006 05:50 AM

тАО03-29-2006 05:50 AM

Re: find all setuid files

I think you can search the patch database as easily as I. I absolutely, positively do not reward laziness.
If it ain't broke, I can fix that.
0 Kudos
Reply
dictum9
Super Advisor

тАО03-29-2006 06:21 AM

тАО03-29-2006 06:21 AM

Re: find all setuid files


PHCO_2564 for those who are interested.

I do not have it installed.

It doesn't seem to affect anything in the context of this discussion.


0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.