Help with find command to identify SUID file please?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
2
down vote

favorite












I am doing an online course and could do with some help please. Please see the image below. I am using find to locate a file with the SUID bit set. The question asks "What is the contents of the file named ‘immersive’, which is owned by user 'linux', with SUID and user execute permissions set? There are multiple files named 'immersive' find the correct one!" From the question I used the command



find . -perm /4100


I hope that is the correct octal permissions?
In the image you will see two directories returned but when i run ls -la I am not seeing any file with the SUID set.
Any ideas what I am doing wrong?



$ find . -perm /4100
.
./immersive
$ ls .
immersive
$ ls -la ./immersive
lrwxrwxrwx 1 root root 23 Aug 20 14:25 ./immersive -> /lib/firmware/immersive
linux@find-command:~$ find . -perm /4100 . ./immersive
linux@find-command:~$ ls -la
total 24
drwxr-xr-x 1 linux linux 4096 Oct 13 13:00 .
drwxr-xr-x 1 root root 4096 Oct 11 18:56 ..
-rw------- 1 linux linux 134 Oct 13 13:00 .bash_history
-rw-r--r-- 17 linux linux 220 Apr 4 2018 .bash_logout
-rw-r--r-- 17 linux linux 3771 Apr 4 2018 .bashrc
-rw-r--r-- 17 linux linux 807 Apr 4 2018 .profile
lrwxrwxrwx 1 root root 23 Aug 20 14:25 immersive -> /lib/firmware/immersive









share|improve this question























  • Hi George I dont have a sudo account available to me so I am just running find. The above command gives me a different answer showing me just a . or period. If i then run ls -la I still do not see the file with the SUID bit set. I see linux@find-command:~$ find -user linux -perm /4100 .
    – user278930
    2 hours ago











  • I think that you want -perm /4000 (iirc /4100 will also find any files with the owner's executable bit set)
    – steeldriver
    1 hour ago






  • 1




    @steeldriver The questions says "…, with SUID and user execute permissions set" so 4100 seems correct.
    – PerlDuck
    1 hour ago






  • 1




    Should the-user linux option not be included?
    – George Udosen
    1 hour ago






  • 1




    @PerlDuck but the /perm form matches any of the permission bits, no (i.e. logical OR of SUID and user-executable)?
    – steeldriver
    1 hour ago















up vote
2
down vote

favorite












I am doing an online course and could do with some help please. Please see the image below. I am using find to locate a file with the SUID bit set. The question asks "What is the contents of the file named ‘immersive’, which is owned by user 'linux', with SUID and user execute permissions set? There are multiple files named 'immersive' find the correct one!" From the question I used the command



find . -perm /4100


I hope that is the correct octal permissions?
In the image you will see two directories returned but when i run ls -la I am not seeing any file with the SUID set.
Any ideas what I am doing wrong?



$ find . -perm /4100
.
./immersive
$ ls .
immersive
$ ls -la ./immersive
lrwxrwxrwx 1 root root 23 Aug 20 14:25 ./immersive -> /lib/firmware/immersive
linux@find-command:~$ find . -perm /4100 . ./immersive
linux@find-command:~$ ls -la
total 24
drwxr-xr-x 1 linux linux 4096 Oct 13 13:00 .
drwxr-xr-x 1 root root 4096 Oct 11 18:56 ..
-rw------- 1 linux linux 134 Oct 13 13:00 .bash_history
-rw-r--r-- 17 linux linux 220 Apr 4 2018 .bash_logout
-rw-r--r-- 17 linux linux 3771 Apr 4 2018 .bashrc
-rw-r--r-- 17 linux linux 807 Apr 4 2018 .profile
lrwxrwxrwx 1 root root 23 Aug 20 14:25 immersive -> /lib/firmware/immersive









share|improve this question























  • Hi George I dont have a sudo account available to me so I am just running find. The above command gives me a different answer showing me just a . or period. If i then run ls -la I still do not see the file with the SUID bit set. I see linux@find-command:~$ find -user linux -perm /4100 .
    – user278930
    2 hours ago











  • I think that you want -perm /4000 (iirc /4100 will also find any files with the owner's executable bit set)
    – steeldriver
    1 hour ago






  • 1




    @steeldriver The questions says "…, with SUID and user execute permissions set" so 4100 seems correct.
    – PerlDuck
    1 hour ago






  • 1




    Should the-user linux option not be included?
    – George Udosen
    1 hour ago






  • 1




    @PerlDuck but the /perm form matches any of the permission bits, no (i.e. logical OR of SUID and user-executable)?
    – steeldriver
    1 hour ago













up vote
2
down vote

favorite









up vote
2
down vote

favorite











I am doing an online course and could do with some help please. Please see the image below. I am using find to locate a file with the SUID bit set. The question asks "What is the contents of the file named ‘immersive’, which is owned by user 'linux', with SUID and user execute permissions set? There are multiple files named 'immersive' find the correct one!" From the question I used the command



find . -perm /4100


I hope that is the correct octal permissions?
In the image you will see two directories returned but when i run ls -la I am not seeing any file with the SUID set.
Any ideas what I am doing wrong?



$ find . -perm /4100
.
./immersive
$ ls .
immersive
$ ls -la ./immersive
lrwxrwxrwx 1 root root 23 Aug 20 14:25 ./immersive -> /lib/firmware/immersive
linux@find-command:~$ find . -perm /4100 . ./immersive
linux@find-command:~$ ls -la
total 24
drwxr-xr-x 1 linux linux 4096 Oct 13 13:00 .
drwxr-xr-x 1 root root 4096 Oct 11 18:56 ..
-rw------- 1 linux linux 134 Oct 13 13:00 .bash_history
-rw-r--r-- 17 linux linux 220 Apr 4 2018 .bash_logout
-rw-r--r-- 17 linux linux 3771 Apr 4 2018 .bashrc
-rw-r--r-- 17 linux linux 807 Apr 4 2018 .profile
lrwxrwxrwx 1 root root 23 Aug 20 14:25 immersive -> /lib/firmware/immersive









share|improve this question















I am doing an online course and could do with some help please. Please see the image below. I am using find to locate a file with the SUID bit set. The question asks "What is the contents of the file named ‘immersive’, which is owned by user 'linux', with SUID and user execute permissions set? There are multiple files named 'immersive' find the correct one!" From the question I used the command



find . -perm /4100


I hope that is the correct octal permissions?
In the image you will see two directories returned but when i run ls -la I am not seeing any file with the SUID set.
Any ideas what I am doing wrong?



$ find . -perm /4100
.
./immersive
$ ls .
immersive
$ ls -la ./immersive
lrwxrwxrwx 1 root root 23 Aug 20 14:25 ./immersive -> /lib/firmware/immersive
linux@find-command:~$ find . -perm /4100 . ./immersive
linux@find-command:~$ ls -la
total 24
drwxr-xr-x 1 linux linux 4096 Oct 13 13:00 .
drwxr-xr-x 1 root root 4096 Oct 11 18:56 ..
-rw------- 1 linux linux 134 Oct 13 13:00 .bash_history
-rw-r--r-- 17 linux linux 220 Apr 4 2018 .bash_logout
-rw-r--r-- 17 linux linux 3771 Apr 4 2018 .bashrc
-rw-r--r-- 17 linux linux 807 Apr 4 2018 .profile
lrwxrwxrwx 1 root root 23 Aug 20 14:25 immersive -> /lib/firmware/immersive






command-line permissions find






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited 1 hour ago









terdon♦

62.5k12131208




62.5k12131208










asked 2 hours ago









user278930

214




214











  • Hi George I dont have a sudo account available to me so I am just running find. The above command gives me a different answer showing me just a . or period. If i then run ls -la I still do not see the file with the SUID bit set. I see linux@find-command:~$ find -user linux -perm /4100 .
    – user278930
    2 hours ago











  • I think that you want -perm /4000 (iirc /4100 will also find any files with the owner's executable bit set)
    – steeldriver
    1 hour ago






  • 1




    @steeldriver The questions says "…, with SUID and user execute permissions set" so 4100 seems correct.
    – PerlDuck
    1 hour ago






  • 1




    Should the-user linux option not be included?
    – George Udosen
    1 hour ago






  • 1




    @PerlDuck but the /perm form matches any of the permission bits, no (i.e. logical OR of SUID and user-executable)?
    – steeldriver
    1 hour ago

















  • Hi George I dont have a sudo account available to me so I am just running find. The above command gives me a different answer showing me just a . or period. If i then run ls -la I still do not see the file with the SUID bit set. I see linux@find-command:~$ find -user linux -perm /4100 .
    – user278930
    2 hours ago











  • I think that you want -perm /4000 (iirc /4100 will also find any files with the owner's executable bit set)
    – steeldriver
    1 hour ago






  • 1




    @steeldriver The questions says "…, with SUID and user execute permissions set" so 4100 seems correct.
    – PerlDuck
    1 hour ago






  • 1




    Should the-user linux option not be included?
    – George Udosen
    1 hour ago






  • 1




    @PerlDuck but the /perm form matches any of the permission bits, no (i.e. logical OR of SUID and user-executable)?
    – steeldriver
    1 hour ago
















Hi George I dont have a sudo account available to me so I am just running find. The above command gives me a different answer showing me just a . or period. If i then run ls -la I still do not see the file with the SUID bit set. I see linux@find-command:~$ find -user linux -perm /4100 .
– user278930
2 hours ago





Hi George I dont have a sudo account available to me so I am just running find. The above command gives me a different answer showing me just a . or period. If i then run ls -la I still do not see the file with the SUID bit set. I see linux@find-command:~$ find -user linux -perm /4100 .
– user278930
2 hours ago













I think that you want -perm /4000 (iirc /4100 will also find any files with the owner's executable bit set)
– steeldriver
1 hour ago




I think that you want -perm /4000 (iirc /4100 will also find any files with the owner's executable bit set)
– steeldriver
1 hour ago




1




1




@steeldriver The questions says "…, with SUID and user execute permissions set" so 4100 seems correct.
– PerlDuck
1 hour ago




@steeldriver The questions says "…, with SUID and user execute permissions set" so 4100 seems correct.
– PerlDuck
1 hour ago




1




1




Should the-user linux option not be included?
– George Udosen
1 hour ago




Should the-user linux option not be included?
– George Udosen
1 hour ago




1




1




@PerlDuck but the /perm form matches any of the permission bits, no (i.e. logical OR of SUID and user-executable)?
– steeldriver
1 hour ago





@PerlDuck but the /perm form matches any of the permission bits, no (i.e. logical OR of SUID and user-executable)?
– steeldriver
1 hour ago











1 Answer
1






active

oldest

votes

















up vote
2
down vote













See this question for an explanation of -perm /mode vs. -perm -mode. I admit, it's not very intuitive, but:



find . -type f -name immersive -user linux -perm -u=sx -ls
# or
find . -type f -name immersive -user linux -perm -4100 -ls


will do as you ask.



The -perm -4100 means: find any file that has 4 (=setuid) set AND 1 (=x) set for the user while ignoring the remaining bits (group and other).



The -perm /4100 on the other hand means: find any file that has EITHER 4 (=setuid) set OR 1 (=x) set for the user (or both) while ignoring the remaining bits.



So /mode will find more files than -mode.




In case it isn't obvious (because I focussed on the -perm flag): the others mean: find a file (-type f) with name immersive owned by user linux. All these conditions are ANDed.






share|improve this answer






















  • Thanks for the explanation of the difference between -perm and /perm. I have tried both of the above commands but still don't find the file I need. The one with -u=sx gives an error of "unknown predicate -u=sx"
    – user278930
    49 mins ago










  • @user278930 Then you forgot the -perm. It must read find … -perm -u=sx … where -u=sx is a parameter to the -perm switch. It looks weird, but is correct. When you drop the -perm then find thinks -u=sx is a switch for find and complains but it is actually the parameter for the -perm switch. Just like linux is the parameter for the -user switch.
    – PerlDuck
    45 mins ago











Your Answer







StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "89"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1083469%2fhelp-with-find-command-to-identify-suid-file-please%23new-answer', 'question_page');

);

Post as a guest






























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
2
down vote













See this question for an explanation of -perm /mode vs. -perm -mode. I admit, it's not very intuitive, but:



find . -type f -name immersive -user linux -perm -u=sx -ls
# or
find . -type f -name immersive -user linux -perm -4100 -ls


will do as you ask.



The -perm -4100 means: find any file that has 4 (=setuid) set AND 1 (=x) set for the user while ignoring the remaining bits (group and other).



The -perm /4100 on the other hand means: find any file that has EITHER 4 (=setuid) set OR 1 (=x) set for the user (or both) while ignoring the remaining bits.



So /mode will find more files than -mode.




In case it isn't obvious (because I focussed on the -perm flag): the others mean: find a file (-type f) with name immersive owned by user linux. All these conditions are ANDed.






share|improve this answer






















  • Thanks for the explanation of the difference between -perm and /perm. I have tried both of the above commands but still don't find the file I need. The one with -u=sx gives an error of "unknown predicate -u=sx"
    – user278930
    49 mins ago










  • @user278930 Then you forgot the -perm. It must read find … -perm -u=sx … where -u=sx is a parameter to the -perm switch. It looks weird, but is correct. When you drop the -perm then find thinks -u=sx is a switch for find and complains but it is actually the parameter for the -perm switch. Just like linux is the parameter for the -user switch.
    – PerlDuck
    45 mins ago















up vote
2
down vote













See this question for an explanation of -perm /mode vs. -perm -mode. I admit, it's not very intuitive, but:



find . -type f -name immersive -user linux -perm -u=sx -ls
# or
find . -type f -name immersive -user linux -perm -4100 -ls


will do as you ask.



The -perm -4100 means: find any file that has 4 (=setuid) set AND 1 (=x) set for the user while ignoring the remaining bits (group and other).



The -perm /4100 on the other hand means: find any file that has EITHER 4 (=setuid) set OR 1 (=x) set for the user (or both) while ignoring the remaining bits.



So /mode will find more files than -mode.




In case it isn't obvious (because I focussed on the -perm flag): the others mean: find a file (-type f) with name immersive owned by user linux. All these conditions are ANDed.






share|improve this answer






















  • Thanks for the explanation of the difference between -perm and /perm. I have tried both of the above commands but still don't find the file I need. The one with -u=sx gives an error of "unknown predicate -u=sx"
    – user278930
    49 mins ago










  • @user278930 Then you forgot the -perm. It must read find … -perm -u=sx … where -u=sx is a parameter to the -perm switch. It looks weird, but is correct. When you drop the -perm then find thinks -u=sx is a switch for find and complains but it is actually the parameter for the -perm switch. Just like linux is the parameter for the -user switch.
    – PerlDuck
    45 mins ago













up vote
2
down vote










up vote
2
down vote









See this question for an explanation of -perm /mode vs. -perm -mode. I admit, it's not very intuitive, but:



find . -type f -name immersive -user linux -perm -u=sx -ls
# or
find . -type f -name immersive -user linux -perm -4100 -ls


will do as you ask.



The -perm -4100 means: find any file that has 4 (=setuid) set AND 1 (=x) set for the user while ignoring the remaining bits (group and other).



The -perm /4100 on the other hand means: find any file that has EITHER 4 (=setuid) set OR 1 (=x) set for the user (or both) while ignoring the remaining bits.



So /mode will find more files than -mode.




In case it isn't obvious (because I focussed on the -perm flag): the others mean: find a file (-type f) with name immersive owned by user linux. All these conditions are ANDed.






share|improve this answer














See this question for an explanation of -perm /mode vs. -perm -mode. I admit, it's not very intuitive, but:



find . -type f -name immersive -user linux -perm -u=sx -ls
# or
find . -type f -name immersive -user linux -perm -4100 -ls


will do as you ask.



The -perm -4100 means: find any file that has 4 (=setuid) set AND 1 (=x) set for the user while ignoring the remaining bits (group and other).



The -perm /4100 on the other hand means: find any file that has EITHER 4 (=setuid) set OR 1 (=x) set for the user (or both) while ignoring the remaining bits.



So /mode will find more files than -mode.




In case it isn't obvious (because I focussed on the -perm flag): the others mean: find a file (-type f) with name immersive owned by user linux. All these conditions are ANDed.







share|improve this answer














share|improve this answer



share|improve this answer








edited 1 hour ago

























answered 1 hour ago









PerlDuck

4,20211030




4,20211030











  • Thanks for the explanation of the difference between -perm and /perm. I have tried both of the above commands but still don't find the file I need. The one with -u=sx gives an error of "unknown predicate -u=sx"
    – user278930
    49 mins ago










  • @user278930 Then you forgot the -perm. It must read find … -perm -u=sx … where -u=sx is a parameter to the -perm switch. It looks weird, but is correct. When you drop the -perm then find thinks -u=sx is a switch for find and complains but it is actually the parameter for the -perm switch. Just like linux is the parameter for the -user switch.
    – PerlDuck
    45 mins ago

















  • Thanks for the explanation of the difference between -perm and /perm. I have tried both of the above commands but still don't find the file I need. The one with -u=sx gives an error of "unknown predicate -u=sx"
    – user278930
    49 mins ago










  • @user278930 Then you forgot the -perm. It must read find … -perm -u=sx … where -u=sx is a parameter to the -perm switch. It looks weird, but is correct. When you drop the -perm then find thinks -u=sx is a switch for find and complains but it is actually the parameter for the -perm switch. Just like linux is the parameter for the -user switch.
    – PerlDuck
    45 mins ago
















Thanks for the explanation of the difference between -perm and /perm. I have tried both of the above commands but still don't find the file I need. The one with -u=sx gives an error of "unknown predicate -u=sx"
– user278930
49 mins ago




Thanks for the explanation of the difference between -perm and /perm. I have tried both of the above commands but still don't find the file I need. The one with -u=sx gives an error of "unknown predicate -u=sx"
– user278930
49 mins ago












@user278930 Then you forgot the -perm. It must read find … -perm -u=sx … where -u=sx is a parameter to the -perm switch. It looks weird, but is correct. When you drop the -perm then find thinks -u=sx is a switch for find and complains but it is actually the parameter for the -perm switch. Just like linux is the parameter for the -user switch.
– PerlDuck
45 mins ago





@user278930 Then you forgot the -perm. It must read find … -perm -u=sx … where -u=sx is a parameter to the -perm switch. It looks weird, but is correct. When you drop the -perm then find thinks -u=sx is a switch for find and complains but it is actually the parameter for the -perm switch. Just like linux is the parameter for the -user switch.
– PerlDuck
45 mins ago


















 

draft saved


draft discarded















































 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1083469%2fhelp-with-find-command-to-identify-suid-file-please%23new-answer', 'question_page');

);

Post as a guest













































































Comments

Popular posts from this blog

What does second last employer means? [closed]

Installing NextGIS Connect into QGIS 3?

One-line joke