Shell script to find all programs and scripts with setgid bit set on

in Categories Monitoring last updated April 10, 2008

setuid and setgid (short for set user ID upon execution and set group ID upon execution, respectively) are Unix access rights flags that allow users to run an executable with the permissions of the executable’s owner or group. They are often used to allow users on a computer system to run programs with temporarily elevated privileges in order to perform a specific task. While the assumed user id or group id privileges provided are not always elevated, at a minimum they are specific.

setuid and setgid are needed for tasks that require higher privileges than those which a common user has, such as changing his or her login password. Some of the tasks that require elevated privileges may not immediately be obvious, though — such as the ping command, which must send and listen for control packets on a network interface.

Sample Shell Script

# Shell script to find all programs and scripts with setgid bit set on.
# If your system ever cracked (aka hacked) then system has this kind of binary 
# installed; besides the normal setuuid scripts/programs
# Copyright (c) 2005 nixCraft project
# This script is licensed under GNU GPL version 2.0 or above
# For more info, please visit: 
# -------------------------------------------------------------------------
# This script is part of nixCraft shell script collection (NSSC)
# Visit for more information.
# -------------------------------------------------------------------------
#[ ! -f $INITBMS ] && exit 1 || . $INITBMS
[ $# -eq 1 ] && : || die "Usage: $($BASENAME $0) directory" 1
$FIND $DIRNAME -xdev -type f -perm +g=s -print