Ubuntu – Help with find command to identify SUID file please

command linefindpermissions

I am doing an online course and could do with some help please. Please see the image below. I am using find to locate a file with the SUID bit set. The question asks "What is the contents of the file named ‘immersive’, which is owned by user 'linux', with SUID and user execute permissions set? There are multiple files named 'immersive' find the correct one!" From the question I used the command 

find . -perm /4100

I hope that is the correct octal permissions?
In the image you will see two directories returned but when i run ls -la I am not seeing any file with the SUID set.
Any ideas what I am doing wrong?

$ find . -perm /4100
.
./immersive
$ ls .
immersive
$ ls -la ./immersive
lrwxrwxrwx  1   root    root   23 Aug 20 14:25 ./immersive -> /lib/firmware/immersive
linux@find-command:~$ find . -perm /4100 . ./immersive 
linux@find-command:~$ ls -la 
total 24 
drwxr-xr-x 1  linux linux   4096 Oct 13 13:00 . 
drwxr-xr-x 1  root  root    4096 Oct 11 18:56 .. 
-rw------- 1  linux linux   134  Oct 13 13:00 .bash_history 
-rw-r--r-- 17 linux linux   220  Apr  4 2018 .bash_logout 
-rw-r--r-- 17 linux linux   3771 Apr  4 2018 .bashrc
-rw-r--r-- 17 linux linux   807  Apr  4 2018 .profile
lrwxrwxrwx 1  root  root    23   Aug 20 14:25 immersive -> /lib/firmware/immersive

Best Answer

See this question for an explanation of -perm /mode vs. -perm -mode. I admit, it's not very intuitive, but:

find . -type f -name immersive -user linux -perm -u=sx -ls
# or
find . -type f -name immersive -user linux -perm -4100 -ls

will do as you ask.

The -perm -4100 means: find any file that has 4 (=setuid) set AND 1 (=x) set for the user while ignoring the remaining bits (group and other).

The -perm /4100 on the other hand means: find any file that has EITHER 4 (=setuid) set OR 1 (=x) set for the user (or both) while ignoring the remaining bits.

So /mode will find more files than -mode.

In case it isn't obvious (because I focussed on the -perm flag): the others mean: find a file (-type f) with name immersive owned by user linux. All these conditions are ANDed.

To view the contents of the found files you can either cat them one by one, i.e. issue

cat .../immersive

for each found file or let the find command do that for you:

find . -type f -name immersive -user linux -perm -4100 -exec cat {} \;

This will find the files according to the conditions above but instead of printing their names and attributes (-ls) will execute the cat command for each found file.

Related Question