Cybersecurity Triage
Read-only, can be slowFind SUID, SGID, and Sticky Bits in an App Tree
You need a compact inventory of files and directories with SUID, SGID, or sticky bits set.
Command
find fixtures/perm-audit -perm /7000 -printf '%M %m %u:%g %p\n' | sortBefore you run this
System impact: Read-only. Can create load on large logs, directories, filesystems, or process tables.
When not to use it: Do not remove special bits until you know whether the program depends on them.
Expected output
A sorted list of paths with any SUID, SGID, or sticky bit set.
System impact
Read-only, can be slow. Nothing changes. The command inventories special permission bits.
Scope this to the smallest useful path or service on busy systems.
Recovery / rollback: no state is changed.
When to use it
Use during hardening reviews, after vendor installs, or before approving a deployment image.
When not to use it
Do not remove special bits until you know whether the program depends on them.
Explanation-only example
Illustrated output, not a live lab run
This example is intentionally illustrative. It shows the command shape without killing real processes or changing your machine.
$ find sample-files/perm-audit -perm /7000 -printf '%M %m %u:%g %p\n' | sort
-rwsr-xr-x 4755 root:root sample-files/perm-audit/releases/2026-06-25/bin/escalate-helper
-rwxr-sr-x 2755 root:root sample-files/perm-audit/releases/2026-06-25/bin/report-sync$ stat -c '%A %a %U:%G %n' sample-files/perm-audit/releases/2026-06-25/bin/*
-rwsr-xr-x 4755 root:root sample-files/perm-audit/releases/2026-06-25/bin/escalate-helper
-rwxr-xr-x 755 root:root sample-files/perm-audit/releases/2026-06-25/bin/healthcheck
-rwxr-sr-x 2755 root:root sample-files/perm-audit/releases/2026-06-25/bin/report-syncView commands shown
These are the commands shown in the sanitized transcript.
Commands shown
find fixtures/perm-audit -perm /7000 -printf '%M %m %u:%g %p\n' | sortstat -c '%A %a %U:%G %n' fixtures/perm-audit/releases/2026-06-25/bin/*
next steps
Related commands
Find Writable Directories Missing the Sticky Bit
A writable log directory is not the same thing as a safe shared directory.
find fixtures/perm-audit -type d -perm -0002 ! -perm -1000 -printf '%m %u:%g %p\n' | sort
Find Config Files with Execute Bits
Config files do not usually need to be executable.
find fixtures/perm-audit -type f -perm /111 \( -path '*/config/*' -o -name '*.env' -o -name '*.conf' \) -printf '%M %u:%g %p\n' | sort
Find Upload Files Writable Outside the Owner
Uploads are supposed to be writable at the edge, not writable forever by everyone.
find fixtures/perm-audit/releases/2026-06-25/uploads -type f -perm /0022 -printf '%M %u:%g %p\n' | sort
Find World-Readable Secret-Looking Files
The fastest secret audit starts with readable files that look like secrets.
find fixtures/perm-audit -type f -perm -0004 \( -iname '*secret*' -o -iname '*.env' -o -iname '*token*' -o -iname '*key*' \) -printf '%M %u:%g %p\n' | sort
Count authorized_keys by User
authorized_keys is the practical SSH access list.
find fixtures/user-access-audit/home -path '*/.ssh/authorized_keys' -exec sh -c 'for f do user=$(basename "$(dirname "$(dirname "$f")")"); keys=$(grep -vc "^[[:space:]]*#" "$f"); printf "%s %s %s\n" "$user" "$keys" "$f"; done' sh {} + | sort
Study mapping
Use this as independent command practice: read the notes, predict the output, then compare it with the example before using a real shell.
Useful for
- LPIC-1 style command-line practice
- LFCS style performance tasks
- Linux+ style troubleshooting review
Independent study support only. No affiliation, endorsement, exam dumps, or real exam questions.