the find command: find / -type f -a -perm -4000 -o -print find / -type f -a -perm -2000 -o -print Please note: -4000 is suid, -2000 is the guid. Good luck, S. Nevet <<< Matthew.Bunter@renaultvi.com 1/14 3:29a >>> --- Reçu de RVIDOI.BUNTERMA 04 72 96 57 77 14/01/02 09.28 --------------------------------------------------------------------------------------------------------------------------------- find / -type f -perm +6000 -ls Matt ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Date: Mon, 14 Jan 2002 00:12:11 -0800 Subject: Setuid?and?setgid?files (2) (?) Hi. I thought there is another 'easier' way to get a list of setuid and setgid. I think I read somewhere in the Internet on how to find files with setuid and setgid. By using 'find' or 'ls'. Can anyone tell me how ? > -----Original Message----- > From: Patrick Duane Dunston [mailto:duane@sukkha.homeip.net] > Sent: Wednesday, January 09, 2002, 4:06 AM > To: security-discuss@linuxsecurity.com > Subject: Re: Setuid and setgid files > > Hey, > > Remove the suid bit (chmod u-s) the following is true: (NN--not needed on > servers, NW--not needed on workstations, YR -- your call. If no acronym > then it is required. > > /usr/sbin/sendmail -- sending mail > /usr/X11R6/bin/Xwrapper (NN) - you are using X and normal users will be > using it as well. > /usr/bin/crontab (NN)(NW)-- normal users can create cron entries > /usr/bin/chage (YR)-- normal users can change their password aging > feature. > /usr/bin/gpasswd (YR)-- group users can change passwords > /usr/bin/at (NN, NW) -- you are using this daemon to run scheduled tasks > /usr/bin/gpg (YR) -- normal users can use encryption > /usr/bin/suidperl(NN,NW) -- (I'm still not sure the purpose of this > program) > /usr/bin/sperl5.6.0 (NN,NW)-- (same as above) > /usr/bin/passwd -- Required so normal users can change their password. > /usr/bin/ssh -- required so normal users can initiate ssh connections > /usr/bin/chfn (NN,NW) -- users can change their finger information > /usr/bin/chsh (NN,NW) -- users can change their shell > /usr/bin/newgrp (NN,NW)-- users can change to a new group. > /usr/sbin/usernetctl (NN,NW)-- normal users change network interface > information > and bring them up or down > /usr/sbin/traceroute (YR) -- normal users can perform traceroutes > /usr/sbin/userhelper (YR depends on the above)-- gives users info on how > to use features like chfn > or chsh, etc. > /bin/ping (NN) -- normal users can ping > /bin/su (YR)-- normal users allowed to su in to root or other user > accounts > (provided the password is known) > /bin/mount (NN)-- users can mount filesystems. > /bin/umount (NN)-- users can unmount filesystems. > /sbin/pwdb_chkpwd -- used to determine if the password typed is a strong > password and not a dictionary word. > /sbin/unix_chkpwd > > Regardless the ones that are okay are: passwd, unix_chkpwd, > pwdb_chkpwd, sendmail, ssh, traceroute. This will depend on your setup > however. > > Crap I am about late for work. I'll email back about sgids later unless > someone else email first. Also, look up libsafe and install that. > > > On Wed, 9 Jan 2002, BUNTER MATTHEW wrote: > > > --- Reçu de RVIDOI.BUNTERMA 04 72 96 57 77 09/01/02 09.37 > > > > All, > > > > Just joined yesterday so apologies if I am asking something that > > has been covered recently. > > > > Trying to add a setuid/setgid section to a Linux security > > standard. I would like some opinions as to which files can be left > > with setuid and setgid and which should definitely NOT be left > > setuid or setgid. > > > > I have been having a good crawl around the net for a while and can > > find various links on how to identify and edit these types of > > files but not which ones should be altered or left alone. I > > already have the Solaris recommendations. > > > > This will have to cover both server and workstation > > implementations. > > > > Thanks in advance, > > > > Matt > > > > ---- 09/01/02 09.37 ---- Envoyé à --------------------------- > > -> SECURITY-DISCUSS(a)LINUXSECURITY.COM > > ------------------------------------------------------------------------ > > To unsubscribe email security-discuss-request@linuxsecurity.com > > with "unsubscribe" in the subject of the message. > > > > -- > duane > > > -- > > GnuPG Public Key: http://sukkha.homeip.net/pgp.html > > -- > > Fun reading: 8-) > http://linuxtoday.com/search.php3?author=Duane:Dunston > > > > ------------------------------------------------------------------------ > To unsubscribe email security-discuss-request@linuxsecurity.com > with "unsubscribe" in the subject of the message. > ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message. ---- 14/01/02 09.28 ---- Envoyé à ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- -> security-discuss(a)linuxsecurity.com ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.
