SUID/GUID and Sticky Bit

Set User Identification (SUID)

• When a command or script is run, it's effective UID becomes that of the owner of the file rather than who is running it

chmod 4555 /path/to/file

Set Group Identification (SGID)

• similar to SUID just for the group
• When SGID is on a directory, files created in the directory belong to the group which the directory is a member

chmod 2555 /path/to/file

Sticky Bit

• Prevents users from removing files owned by other users
• Root can remove anything
• -T refers to when the execute permissions are off
• -t refers to when the execute permissions are on

chmod +t /path/to/file

chmod 1777 /path/to/file

Find SUID Binary

find / -perm -4000 -type f -exec ls -la {} 2>/dev/null \;

Find SGID Binary

find / -perm -2000 -type f -exec ls -la {} 2>/dev/null \;

Find SUID + SGID Binary

find / -perm -6000 -type f -exec ls -la {} 2>/dev/null \;

Find Sticky Bit

find / -type d -perm -1000 -exec ls -la {} \;

SUID Binary

print 'int main(void){\nsetresuid(0, 0, 0);\nsystem("/bin/sh");\n}' > /tmp/suid.c   
gcc -o /tmp/suid /tmp/suid.c  
sudo chmod +x /tmp/suid # execute right
sudo chmod +s /tmp/suid # setuid bit