Using find -perm to find setuid files

by

I want to find list of all suid binaries. I use the command

find / -perm 4000

However this does not give me any output. I understand that the SUID file may be in 4xxx permission mode. But if I issue the command

find / -perm -4000 (which all websites tell)

or the command

find / -perm +4000

both give me the same result. As far I understand it should always be +4000 (because if it is user suid binary then the first byte should be 4, if group suid binary then the first byte should be 2 and if a sticky bit turned on directory then the first byte should be 1). Then how come -4000 also give results?

Contents hide
Answers:
Method 1

Answers:

Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

The use of -perm +mode seems to be deprecated. Maybe the help from man find can help to resolve your doubt:

-permmode

    File’s permission bits are exactly mode (octal or symbolic).
    Since an exact match is required, if you want to use this form
    for symbolic modes, you may have to specify a rather complex mode string.
    For example -perm g=w will match only files which have mode 0020
    (that is, ones for which group write permission is the only permission set).
    It is more likely that you will want to use the ‘/’ or ‘’ forms,
    for example -perm -g=w, which matches any file with group write permission.
    See the EXAMPLES section for some illustrative examples.

-perm–mode

    All of the permission bits mode are set for the file. Symbolic modes are accepted in this form, and this is usually the way in which would want to use them. You must specify ‘u’, ‘g’ or ‘o’ if you use a symbolic mode. See the EXAMPLES section for some illustrative examples.

-perm/mode

    Any of the permission bits mode are set for the file. Symbolic modes are accepted in this form. You must specify ‘u’, ‘g’ or ‘o’ if you use a symbolic mode. See the EXAMPLES section for some illustrative examples.
    If no permission bits in mode are set, this test matches any file
    (the idea here is to be consistent with the behaviour of -perm -000).

-perm+mode

    Deprecated, old way of searching for files with any of the permission bits in mode set. You should use -perm /mode instead. Trying to use the ‘+’ syntax with symbolic modes will yield surprising results.
    For example, ‘+u+x’ is a valid symbolic mode (equivalent to +u,+x, i.e., 0111) and will therefore not be evaluated as -perm +mode but instead as the exact mode specifier -perm mode and so it matches files with exact permissions 0111 instead of files with any execute bit set. If you found this paragraph confusing, you’re not alone – just use -perm /mode. This form of the -perm test is deprecated because the POSIX specification requires the interpretation of a leading ‘+’ as being part of a symbolic mode, and so we switched to using ‘/’ instead.

Reference:

  • find (GNU findutils) 4.4.2


All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x