Find all files that have the UID bit set

The correct syntax is:

sudo find / -perm -4000 > suid.txt

      

        
        
        
      

    

or

sudo find / -perm -u+s > suid.txt

      

        
        
        
      

    

For example:

sudo find / -perm -4000 -exec ls -l {} +

      

        
        
        
      

    

Gives this output:

-rwsr-xr-x 1 root    root        30800 May 15  2015 /bin/fusermount
-rwsr-xr-x 1 root    root        94792 Sep  2  2015 /bin/mount
-rwsr-xr-x 1 root    root        44168 May  7  2014 /bin/ping
-rwsr-xr-x 1 root    root        44680 May  7  2014 /bin/ping6
-rwsr-xr-x 1 root    root        36936 Jan 27  2016 /bin/su
<truncated>

      

        
        
        
      

    

The problem with your command is that it looks for the mode bits that have the uid bit set and nothing else . Adding a prefix -

will search all modes in which uid is set, regardless of other bits.

From man find

:

-perm mode

The file resolution bits are exactly the mode (octal or symbolic). Since an exact match is required, if you want to use this form for symbolic modes, you may need to specify a rather complex mode string. For example, -perm g = w will match files that have mode 0020 (these are those for which the group write permission is the only permission set). You will most likely want to use the forms /' or

- 'for example -perm -g = w, which matches any file with a group entry permission.

-perm -mode

All permission bit modes are set for the file. symbolic modes are accepted in this form, and this is usually the way one would like to use them. You must specify u',

g 'or `o' if you are using symbolic mode.