How to Find Files With SUID and SGID Permissions in Linux

In this tutorial, we will explain auxiliary file permissions, commonly referred to as “special permissions” in Linux, and also we will show you how to find files which have SUID (Setuid) and SGID (Setgid) set.

What is SUID and SGID?

SUID is a special file permission for executable files which enables other users to run the file with effective permissions of the file owner. Instead of the normal x which represents execute permissions, you will see an s (to indicate SUID) special permission for the user.

SGID is a special file permission that also applies to executable files and enables other users to inherit the effective GID of file group owner. Likewise, rather than the usual x which represents execute permissions, you will see an s (to indicate SGID) special permission for group user.

Suggested Read: Managing Users & Groups, File Permissions & Attributes in Linux

Let’s look at how to find files which have SUID and SGID set using the find command.

The syntax is as follows:

$ find directory -perm /permissions

Important: Certain directories (such as /etc, /bin, /sbin etc.) or files require root privileges in order to be accessed or listed, if you are managing your system as a normal user, use the sudo command to gain root privileges.

How to Find Files with SUID Set in Linux

This below example command will find all files with SUID set in the current directory using -perm (print files only with permissions set to 4000) option.

$ find . -perm /4000 
Find Files with SUID Permissions
Find Files with SUID Permissions

You can use the ls command with -l option (for long listing) to view the permissions on the listed files as shown in the image above.

How to Find Files with SGID Set in Linux

To find files which have SGID set, type the following command.

$ find . -perm /2000
Find Files with SGID Permissions
Find Files with SGID Permissions

To find files which have both SUID and SGID set, run the command below.

$ find . -perm /6000
Find Files with SUID and SGID
Find Files with SUID and SGID

You may also like to read these useful guides about file permissions in Linux:

  1. How to Set File Attributes and Finding Files in Linux
  2. Translate rwx Permissions into Octal Format in Linux
  3. Secure Files/Directories using ACLs (Access Control Lists) in Linux
  4. 5 ‘chattr’ Commands to Make Important Files IMMUTABLE (Unchangeable) in Linux

That’s it for now! In this guide, we showed you how to find files which have SUID (Setuid) and SGID (Setgid) set in Linux. If you have any questions, use the feedback form below to share any queries or additional thoughts about this topic.

Hey TecMint readers,

Exciting news! Every month, our top blog commenters will have the chance to win fantastic rewards, like free Linux eBooks such as RHCE, RHCSA, LFCS, Learn Linux, and Awk, each worth $20!

Learn more about the contest and stand a chance to win by sharing your thoughts below!

Aaron Kili
Aaron Kili is a Linux and F.O.S.S enthusiast, an upcoming Linux SysAdmin, web developer, and currently a content creator for TecMint who loves working with computers and strongly believes in sharing knowledge.

Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.

Join the TecMint Weekly Newsletter (More Than 156,129 Linux Enthusiasts Have Subscribed)
Was this article helpful? Please add a comment or buy me a coffee to show your appreciation.

4 Comments

Leave a Reply
  1. The command to find files that have both SUID and SGID set would be with minus sign like so:

    $ find . -perm -6000
    

    and not with a slash sign like you recommend.

    $ find . -perm /6000
    
    Reply
  2. Find files with SUID, SGID and StickyBit set in Linux.

    $ sudo find / -perm +7000 -type f
    

    Find directories with SUID, SGID and StickyBit set in Linux.

    $ sudo find / -perm +7000 -type d     
    
    Reply
    • This is incorrect too. From “man find”:

      -perm +mode
      

      This is no longer supported (and has been deprecated since 2005).

      Use -perm /mode instead.

      The correct answer is :

      To find files with SUID, SGID and StickyBit set in Linux.

      $ sudo find / -type f -perm -7000 
      

      To find directories with SUID, SGID and StickyBit set in Linux.

      $ sudo find / -type d -perm -7000
      
      Reply

Got Something to Say? Join the Discussion...

Thank you for taking the time to share your thoughts with us. We appreciate your decision to leave a comment and value your contribution to the discussion. It's important to note that we moderate all comments in accordance with our comment policy to ensure a respectful and constructive conversation.

Rest assured that your email address will remain private and will not be published or shared with anyone. We prioritize the privacy and security of our users.