I have been trying to find setuid executables using a `one liner'.
The line I first tried was:
find / -perm /u+s -type f
Then I found a line which is similar but gives different results:
find / -perm /6000 -type f
These look identical as far as I can tell, but the first one doesn't show as many results as the second one (mostly ones with weird groups are missing). Why, what is different?
Best Answer
Most people aren't aware but the Unix permissions are actually not just User, Group, and Others (rwx). These 3 triads are the typical permissions that allow users, groups, and other users access to files & directories. However there is also a group of bits that precede the User bits. These bits are referred to as "Special Modes".
It's more of a shorthand notation that you don't have to explicitly set them when dealing with a tool such as
chmod
.Is actually equivalent to:
Here's the list of bits:
excerpt wikipedia article titled: chmod
Your Question
So in your first command you're looking for
u+s
, which would work out to be bit04000
. When you use the numeric notation you're asking for bits04000
AND02000
. This would give you files with user or group setuid bits set.Further Reading
I highly suggest anyone that wants to understand the permissions better in Unix, to read the Wikipedia page about
chmod
. It breaks it down very simply and is a excellent reference when you forget.References