Find all files that have set UID bit on

Question

I'm trying to find all files with the permission "SUID" and write it to a text file, but when I run the following command, the text file is empty:

sudo find / -perm 4000 > suid.txt

Is there a problem with my command?

Answer 1

The correct syntax is:

sudo find / -perm -4000 > suid.txt

or

sudo find / -perm -u+s > suid.txt

For example:

sudo find / -perm -4000 -exec ls -l {} +

Gives this output:

-rwsr-xr-x 1 root    root        30800 May 15  2015 /bin/fusermount
-rwsr-xr-x 1 root    root        94792 Sep  2  2015 /bin/mount
-rwsr-xr-x 1 root    root        44168 May  7  2014 /bin/ping
-rwsr-xr-x 1 root    root        44680 May  7  2014 /bin/ping6
-rwsr-xr-x 1 root    root        36936 Jan 27  2016 /bin/su
<truncated>

The issue with your command is that it is looking for mode bits where set uid bit is set and nothing else is set. Adding a - prefix would look for all modes where set uid is set, regardless of other bits.

From man find:

-perm mode

File's permission bits are exactly mode (octal or symbolic). Since an exact match is required, if you want to use this form for symbolic modes, you may have to specify a rather complex mode string. For example -perm g=w will only match files which have mode 0020 (that is, ones for which group write permission is the only permission set). It is more likely that you will want to use the /' or-' forms, for example -perm -g=w, which matches any file with group write permission.

-perm -mode

All of the permission bits mode are set for the file. Symbolic modes are accepted in this form, and this is usually the way in which would want to use them. You must specify u',g' or `o' if you use a symbolic mode.