Hi,
My security book says thats if you dont need this functionality, remove the bit. How to i remove the bit for some of these programs. Is it a good idea? Bunch of docs/etc/ came up. Does anyone know what dir's i can remove the bit from and actually how to remove it.
Thanks

Removing it on an 4750 executable that's got suid (set user id) 4000 would be chmod 0750 <executable>.
Suid bits (on some executables) are there for the same mechanism why sendmail needs 'em, for instance to bind to a privileged port. A reason to remove the suid bit is if you wouldn't want users to use it (like ping, dump, traceroute). For those executables you could let them have access tru adding them and the executables to a separate usergroup, or better, by using sudo.

There are some exes you don't want to remove suid or sgid from, but I can't come up with a list now.
Run the list by us and we'll see what we can recommend I guess.

List is huge. I cant believe how many there are. I just wasnt sure if its a standard security thing to go through them and weed em out. Looks like a lot of them are in /usr/share/docs. I couldnt imagine that Id need them.
Thanks

Weird. Can't imagine needing suid or sgid on /usr/*share* or even /usr/share/*docs*.
Well, scanning with utils like Cops, Tiger (tara), sara or the 'ol sbscanner will definately show suids and sgids.