find / \( -perm -0200 -o -perm -04000 \) -ls. How to remove the bit
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
find / \( -perm -0200 -o -perm -04000 \) -ls. How to remove the bit
Hi,
My security book says thats if you dont need this functionality, remove the bit. How to i remove the bit for some of these programs. Is it a good idea? Bunch of docs/etc/ came up. Does anyone know what dir's i can remove the bit from and actually how to remove it.
Thanks
Removing it on an 4750 executable that's got suid (set user id) 4000 would be chmod 0750 <executable>.
Suid bits (on some executables) are there for the same mechanism why sendmail needs 'em, for instance to bind to a privileged port. A reason to remove the suid bit is if you wouldn't want users to use it (like ping, dump, traceroute). For those executables you could let them have access tru adding them and the executables to a separate usergroup, or better, by using sudo.
There are some exes you don't want to remove suid or sgid from, but I can't come up with a list now.
Run the list by us and we'll see what we can recommend I guess.
List is huge. I cant believe how many there are. I just wasnt sure if its a standard security thing to go through them and weed em out. Looks like a lot of them are in /usr/share/docs. I couldnt imagine that Id need them.
Thanks
Weird. Can't imagine needing suid or sgid on /usr/*share* or even /usr/share/*docs*.
Well, scanning with utils like Cops, Tiger (tara), sara or the 'ol sbscanner will definately show suids and sgids.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.