Find all files that have the UID bit set
The correct syntax is:
sudo find / -perm -4000 > suid.txt
or
sudo find / -perm -u+s > suid.txt
For example:
sudo find / -perm -4000 -exec ls -l {} +
Gives this output:
-rwsr-xr-x 1 root root 30800 May 15 2015 /bin/fusermount
-rwsr-xr-x 1 root root 94792 Sep 2 2015 /bin/mount
-rwsr-xr-x 1 root root 44168 May 7 2014 /bin/ping
-rwsr-xr-x 1 root root 44680 May 7 2014 /bin/ping6
-rwsr-xr-x 1 root root 36936 Jan 27 2016 /bin/su
<truncated>
The problem with your command is that it looks for the mode bits that have the uid bit set and nothing else . Adding a prefix -
will search all modes in which uid is set, regardless of other bits.
From man find
:
-perm mode
The file resolution bits are exactly the mode (octal or symbolic). Since an exact match is required, if you want to use this form for symbolic modes, you may need to specify a rather complex mode string. For example, -perm g = w will match files that have mode 0020 (these are those for which the group write permission is the only permission set). You will most likely want to use the forms
/' or
- 'for example -perm -g = w, which matches any file with a group entry permission.-perm -mode
All permission bit modes are set for the file. symbolic modes are accepted in this form, and this is usually the way one would like to use them. You must specify
u',
g 'or `o' if you are using symbolic mode.
source to share