Help with find command to identify SUID file please?
Clash Royale CLAN TAG#URR8PPP
up vote
2
down vote
favorite
I am doing an online course and could do with some help please. Please see the image below. I am using find to locate a file with the SUID bit set. The question asks "What is the contents of the file named âÂÂimmersiveâÂÂ, which is owned by user 'linux', with SUID and user execute permissions set? There are multiple files named 'immersive' find the correct one!" From the question I used the command
find . -perm /4100
I hope that is the correct octal permissions?
In the image you will see two directories returned but when i run ls -la I am not seeing any file with the SUID set.
Any ideas what I am doing wrong?
$ find . -perm /4100
.
./immersive
$ ls .
immersive
$ ls -la ./immersive
lrwxrwxrwx 1 root root 23 Aug 20 14:25 ./immersive -> /lib/firmware/immersive
linux@find-command:~$ find . -perm /4100 . ./immersive
linux@find-command:~$ ls -la
total 24
drwxr-xr-x 1 linux linux 4096 Oct 13 13:00 .
drwxr-xr-x 1 root root 4096 Oct 11 18:56 ..
-rw------- 1 linux linux 134 Oct 13 13:00 .bash_history
-rw-r--r-- 17 linux linux 220 Apr 4 2018 .bash_logout
-rw-r--r-- 17 linux linux 3771 Apr 4 2018 .bashrc
-rw-r--r-- 17 linux linux 807 Apr 4 2018 .profile
lrwxrwxrwx 1 root root 23 Aug 20 14:25 immersive -> /lib/firmware/immersive
command-line permissions find
 |Â
show 1 more comment
up vote
2
down vote
favorite
I am doing an online course and could do with some help please. Please see the image below. I am using find to locate a file with the SUID bit set. The question asks "What is the contents of the file named âÂÂimmersiveâÂÂ, which is owned by user 'linux', with SUID and user execute permissions set? There are multiple files named 'immersive' find the correct one!" From the question I used the command
find . -perm /4100
I hope that is the correct octal permissions?
In the image you will see two directories returned but when i run ls -la I am not seeing any file with the SUID set.
Any ideas what I am doing wrong?
$ find . -perm /4100
.
./immersive
$ ls .
immersive
$ ls -la ./immersive
lrwxrwxrwx 1 root root 23 Aug 20 14:25 ./immersive -> /lib/firmware/immersive
linux@find-command:~$ find . -perm /4100 . ./immersive
linux@find-command:~$ ls -la
total 24
drwxr-xr-x 1 linux linux 4096 Oct 13 13:00 .
drwxr-xr-x 1 root root 4096 Oct 11 18:56 ..
-rw------- 1 linux linux 134 Oct 13 13:00 .bash_history
-rw-r--r-- 17 linux linux 220 Apr 4 2018 .bash_logout
-rw-r--r-- 17 linux linux 3771 Apr 4 2018 .bashrc
-rw-r--r-- 17 linux linux 807 Apr 4 2018 .profile
lrwxrwxrwx 1 root root 23 Aug 20 14:25 immersive -> /lib/firmware/immersive
command-line permissions find
Hi George I dont have a sudo account available to me so I am just running find. The above command gives me a different answer showing me just a . or period. If i then run ls -la I still do not see the file with the SUID bit set. I see linux@find-command:~$ find -user linux -perm /4100 .
â user278930
2 hours ago
I think that you want-perm /4000
(iirc/4100
will also find any files with the owner's executable bit set)
â steeldriver
1 hour ago
1
@steeldriver The questions says "â¦, with SUID and user execute permissions set" so 4100 seems correct.
â PerlDuck
1 hour ago
1
Should the-user linux
option not be included?
â George Udosen
1 hour ago
1
@PerlDuck but the/perm
form matches any of the permission bits, no (i.e. logical OR of SUID and user-executable)?
â steeldriver
1 hour ago
 |Â
show 1 more comment
up vote
2
down vote
favorite
up vote
2
down vote
favorite
I am doing an online course and could do with some help please. Please see the image below. I am using find to locate a file with the SUID bit set. The question asks "What is the contents of the file named âÂÂimmersiveâÂÂ, which is owned by user 'linux', with SUID and user execute permissions set? There are multiple files named 'immersive' find the correct one!" From the question I used the command
find . -perm /4100
I hope that is the correct octal permissions?
In the image you will see two directories returned but when i run ls -la I am not seeing any file with the SUID set.
Any ideas what I am doing wrong?
$ find . -perm /4100
.
./immersive
$ ls .
immersive
$ ls -la ./immersive
lrwxrwxrwx 1 root root 23 Aug 20 14:25 ./immersive -> /lib/firmware/immersive
linux@find-command:~$ find . -perm /4100 . ./immersive
linux@find-command:~$ ls -la
total 24
drwxr-xr-x 1 linux linux 4096 Oct 13 13:00 .
drwxr-xr-x 1 root root 4096 Oct 11 18:56 ..
-rw------- 1 linux linux 134 Oct 13 13:00 .bash_history
-rw-r--r-- 17 linux linux 220 Apr 4 2018 .bash_logout
-rw-r--r-- 17 linux linux 3771 Apr 4 2018 .bashrc
-rw-r--r-- 17 linux linux 807 Apr 4 2018 .profile
lrwxrwxrwx 1 root root 23 Aug 20 14:25 immersive -> /lib/firmware/immersive
command-line permissions find
I am doing an online course and could do with some help please. Please see the image below. I am using find to locate a file with the SUID bit set. The question asks "What is the contents of the file named âÂÂimmersiveâÂÂ, which is owned by user 'linux', with SUID and user execute permissions set? There are multiple files named 'immersive' find the correct one!" From the question I used the command
find . -perm /4100
I hope that is the correct octal permissions?
In the image you will see two directories returned but when i run ls -la I am not seeing any file with the SUID set.
Any ideas what I am doing wrong?
$ find . -perm /4100
.
./immersive
$ ls .
immersive
$ ls -la ./immersive
lrwxrwxrwx 1 root root 23 Aug 20 14:25 ./immersive -> /lib/firmware/immersive
linux@find-command:~$ find . -perm /4100 . ./immersive
linux@find-command:~$ ls -la
total 24
drwxr-xr-x 1 linux linux 4096 Oct 13 13:00 .
drwxr-xr-x 1 root root 4096 Oct 11 18:56 ..
-rw------- 1 linux linux 134 Oct 13 13:00 .bash_history
-rw-r--r-- 17 linux linux 220 Apr 4 2018 .bash_logout
-rw-r--r-- 17 linux linux 3771 Apr 4 2018 .bashrc
-rw-r--r-- 17 linux linux 807 Apr 4 2018 .profile
lrwxrwxrwx 1 root root 23 Aug 20 14:25 immersive -> /lib/firmware/immersive
command-line permissions find
command-line permissions find
edited 1 hour ago
terdonâ¦
62.5k12131208
62.5k12131208
asked 2 hours ago
user278930
214
214
Hi George I dont have a sudo account available to me so I am just running find. The above command gives me a different answer showing me just a . or period. If i then run ls -la I still do not see the file with the SUID bit set. I see linux@find-command:~$ find -user linux -perm /4100 .
â user278930
2 hours ago
I think that you want-perm /4000
(iirc/4100
will also find any files with the owner's executable bit set)
â steeldriver
1 hour ago
1
@steeldriver The questions says "â¦, with SUID and user execute permissions set" so 4100 seems correct.
â PerlDuck
1 hour ago
1
Should the-user linux
option not be included?
â George Udosen
1 hour ago
1
@PerlDuck but the/perm
form matches any of the permission bits, no (i.e. logical OR of SUID and user-executable)?
â steeldriver
1 hour ago
 |Â
show 1 more comment
Hi George I dont have a sudo account available to me so I am just running find. The above command gives me a different answer showing me just a . or period. If i then run ls -la I still do not see the file with the SUID bit set. I see linux@find-command:~$ find -user linux -perm /4100 .
â user278930
2 hours ago
I think that you want-perm /4000
(iirc/4100
will also find any files with the owner's executable bit set)
â steeldriver
1 hour ago
1
@steeldriver The questions says "â¦, with SUID and user execute permissions set" so 4100 seems correct.
â PerlDuck
1 hour ago
1
Should the-user linux
option not be included?
â George Udosen
1 hour ago
1
@PerlDuck but the/perm
form matches any of the permission bits, no (i.e. logical OR of SUID and user-executable)?
â steeldriver
1 hour ago
Hi George I dont have a sudo account available to me so I am just running find. The above command gives me a different answer showing me just a . or period. If i then run ls -la I still do not see the file with the SUID bit set. I see linux@find-command:~$ find -user linux -perm /4100 .
â user278930
2 hours ago
Hi George I dont have a sudo account available to me so I am just running find. The above command gives me a different answer showing me just a . or period. If i then run ls -la I still do not see the file with the SUID bit set. I see linux@find-command:~$ find -user linux -perm /4100 .
â user278930
2 hours ago
I think that you want
-perm /4000
(iirc /4100
will also find any files with the owner's executable bit set)â steeldriver
1 hour ago
I think that you want
-perm /4000
(iirc /4100
will also find any files with the owner's executable bit set)â steeldriver
1 hour ago
1
1
@steeldriver The questions says "â¦, with SUID and user execute permissions set" so 4100 seems correct.
â PerlDuck
1 hour ago
@steeldriver The questions says "â¦, with SUID and user execute permissions set" so 4100 seems correct.
â PerlDuck
1 hour ago
1
1
Should the
-user linux
option not be included?â George Udosen
1 hour ago
Should the
-user linux
option not be included?â George Udosen
1 hour ago
1
1
@PerlDuck but the
/perm
form matches any of the permission bits, no (i.e. logical OR of SUID and user-executable)?â steeldriver
1 hour ago
@PerlDuck but the
/perm
form matches any of the permission bits, no (i.e. logical OR of SUID and user-executable)?â steeldriver
1 hour ago
 |Â
show 1 more comment
1 Answer
1
active
oldest
votes
up vote
2
down vote
See this question for an explanation of -perm /mode
vs. -perm -mode
. I admit, it's not very intuitive, but:
find . -type f -name immersive -user linux -perm -u=sx -ls
# or
find . -type f -name immersive -user linux -perm -4100 -ls
will do as you ask.
The -perm -4100
means: find any file that has 4
(=setuid) set AND 1
(=x) set for the user while ignoring the remaining bits (group and other).
The -perm /4100
on the other hand means: find any file that has EITHER 4
(=setuid) set OR 1
(=x) set for the user (or both) while ignoring the remaining bits.
So /mode
will find more files than -mode
.
In case it isn't obvious (because I focussed on the -perm
flag): the others mean: find a file (-type f
) with name immersive
owned by user linux
. All these conditions are ANDed.
Thanks for the explanation of the difference between -perm and /perm. I have tried both of the above commands but still don't find the file I need. The one with -u=sx gives an error of "unknown predicate -u=sx"
â user278930
49 mins ago
@user278930 Then you forgot the-perm
. It must readfind ⦠-perm -u=sx â¦
where-u=sx
is a parameter to the-perm
switch. It looks weird, but is correct. When you drop the-perm
thenfind
thinks-u=sx
is a switch forfind
and complains but it is actually the parameter for the-perm
switch. Just likelinux
is the parameter for the-user
switch.
â PerlDuck
45 mins ago
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
2
down vote
See this question for an explanation of -perm /mode
vs. -perm -mode
. I admit, it's not very intuitive, but:
find . -type f -name immersive -user linux -perm -u=sx -ls
# or
find . -type f -name immersive -user linux -perm -4100 -ls
will do as you ask.
The -perm -4100
means: find any file that has 4
(=setuid) set AND 1
(=x) set for the user while ignoring the remaining bits (group and other).
The -perm /4100
on the other hand means: find any file that has EITHER 4
(=setuid) set OR 1
(=x) set for the user (or both) while ignoring the remaining bits.
So /mode
will find more files than -mode
.
In case it isn't obvious (because I focussed on the -perm
flag): the others mean: find a file (-type f
) with name immersive
owned by user linux
. All these conditions are ANDed.
Thanks for the explanation of the difference between -perm and /perm. I have tried both of the above commands but still don't find the file I need. The one with -u=sx gives an error of "unknown predicate -u=sx"
â user278930
49 mins ago
@user278930 Then you forgot the-perm
. It must readfind ⦠-perm -u=sx â¦
where-u=sx
is a parameter to the-perm
switch. It looks weird, but is correct. When you drop the-perm
thenfind
thinks-u=sx
is a switch forfind
and complains but it is actually the parameter for the-perm
switch. Just likelinux
is the parameter for the-user
switch.
â PerlDuck
45 mins ago
add a comment |Â
up vote
2
down vote
See this question for an explanation of -perm /mode
vs. -perm -mode
. I admit, it's not very intuitive, but:
find . -type f -name immersive -user linux -perm -u=sx -ls
# or
find . -type f -name immersive -user linux -perm -4100 -ls
will do as you ask.
The -perm -4100
means: find any file that has 4
(=setuid) set AND 1
(=x) set for the user while ignoring the remaining bits (group and other).
The -perm /4100
on the other hand means: find any file that has EITHER 4
(=setuid) set OR 1
(=x) set for the user (or both) while ignoring the remaining bits.
So /mode
will find more files than -mode
.
In case it isn't obvious (because I focussed on the -perm
flag): the others mean: find a file (-type f
) with name immersive
owned by user linux
. All these conditions are ANDed.
Thanks for the explanation of the difference between -perm and /perm. I have tried both of the above commands but still don't find the file I need. The one with -u=sx gives an error of "unknown predicate -u=sx"
â user278930
49 mins ago
@user278930 Then you forgot the-perm
. It must readfind ⦠-perm -u=sx â¦
where-u=sx
is a parameter to the-perm
switch. It looks weird, but is correct. When you drop the-perm
thenfind
thinks-u=sx
is a switch forfind
and complains but it is actually the parameter for the-perm
switch. Just likelinux
is the parameter for the-user
switch.
â PerlDuck
45 mins ago
add a comment |Â
up vote
2
down vote
up vote
2
down vote
See this question for an explanation of -perm /mode
vs. -perm -mode
. I admit, it's not very intuitive, but:
find . -type f -name immersive -user linux -perm -u=sx -ls
# or
find . -type f -name immersive -user linux -perm -4100 -ls
will do as you ask.
The -perm -4100
means: find any file that has 4
(=setuid) set AND 1
(=x) set for the user while ignoring the remaining bits (group and other).
The -perm /4100
on the other hand means: find any file that has EITHER 4
(=setuid) set OR 1
(=x) set for the user (or both) while ignoring the remaining bits.
So /mode
will find more files than -mode
.
In case it isn't obvious (because I focussed on the -perm
flag): the others mean: find a file (-type f
) with name immersive
owned by user linux
. All these conditions are ANDed.
See this question for an explanation of -perm /mode
vs. -perm -mode
. I admit, it's not very intuitive, but:
find . -type f -name immersive -user linux -perm -u=sx -ls
# or
find . -type f -name immersive -user linux -perm -4100 -ls
will do as you ask.
The -perm -4100
means: find any file that has 4
(=setuid) set AND 1
(=x) set for the user while ignoring the remaining bits (group and other).
The -perm /4100
on the other hand means: find any file that has EITHER 4
(=setuid) set OR 1
(=x) set for the user (or both) while ignoring the remaining bits.
So /mode
will find more files than -mode
.
In case it isn't obvious (because I focussed on the -perm
flag): the others mean: find a file (-type f
) with name immersive
owned by user linux
. All these conditions are ANDed.
edited 1 hour ago
answered 1 hour ago
PerlDuck
4,20211030
4,20211030
Thanks for the explanation of the difference between -perm and /perm. I have tried both of the above commands but still don't find the file I need. The one with -u=sx gives an error of "unknown predicate -u=sx"
â user278930
49 mins ago
@user278930 Then you forgot the-perm
. It must readfind ⦠-perm -u=sx â¦
where-u=sx
is a parameter to the-perm
switch. It looks weird, but is correct. When you drop the-perm
thenfind
thinks-u=sx
is a switch forfind
and complains but it is actually the parameter for the-perm
switch. Just likelinux
is the parameter for the-user
switch.
â PerlDuck
45 mins ago
add a comment |Â
Thanks for the explanation of the difference between -perm and /perm. I have tried both of the above commands but still don't find the file I need. The one with -u=sx gives an error of "unknown predicate -u=sx"
â user278930
49 mins ago
@user278930 Then you forgot the-perm
. It must readfind ⦠-perm -u=sx â¦
where-u=sx
is a parameter to the-perm
switch. It looks weird, but is correct. When you drop the-perm
thenfind
thinks-u=sx
is a switch forfind
and complains but it is actually the parameter for the-perm
switch. Just likelinux
is the parameter for the-user
switch.
â PerlDuck
45 mins ago
Thanks for the explanation of the difference between -perm and /perm. I have tried both of the above commands but still don't find the file I need. The one with -u=sx gives an error of "unknown predicate -u=sx"
â user278930
49 mins ago
Thanks for the explanation of the difference between -perm and /perm. I have tried both of the above commands but still don't find the file I need. The one with -u=sx gives an error of "unknown predicate -u=sx"
â user278930
49 mins ago
@user278930 Then you forgot the
-perm
. It must read find ⦠-perm -u=sx â¦
where -u=sx
is a parameter to the -perm
switch. It looks weird, but is correct. When you drop the -perm
then find
thinks -u=sx
is a switch for find
and complains but it is actually the parameter for the -perm
switch. Just like linux
is the parameter for the -user
switch.â PerlDuck
45 mins ago
@user278930 Then you forgot the
-perm
. It must read find ⦠-perm -u=sx â¦
where -u=sx
is a parameter to the -perm
switch. It looks weird, but is correct. When you drop the -perm
then find
thinks -u=sx
is a switch for find
and complains but it is actually the parameter for the -perm
switch. Just like linux
is the parameter for the -user
switch.â PerlDuck
45 mins ago
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1083469%2fhelp-with-find-command-to-identify-suid-file-please%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Hi George I dont have a sudo account available to me so I am just running find. The above command gives me a different answer showing me just a . or period. If i then run ls -la I still do not see the file with the SUID bit set. I see linux@find-command:~$ find -user linux -perm /4100 .
â user278930
2 hours ago
I think that you want
-perm /4000
(iirc/4100
will also find any files with the owner's executable bit set)â steeldriver
1 hour ago
1
@steeldriver The questions says "â¦, with SUID and user execute permissions set" so 4100 seems correct.
â PerlDuck
1 hour ago
1
Should the
-user linux
option not be included?â George Udosen
1 hour ago
1
@PerlDuck but the
/perm
form matches any of the permission bits, no (i.e. logical OR of SUID and user-executable)?â steeldriver
1 hour ago