Prohibiting the Shell Scripts with the SetUID or SetGID

Scripts with special permissions may be maliciously used, posing great threats to the system. You are advised not to use scripts with the set user ID (SUID) and set group ID (SGID) unless necessary.

Run the following command to search for the SUID/SGID file in the system and check if it is necessary: If it is not necessary, remove the s bit to cancel the SetUID or SetGID permission of the file, or delete the file.

1
2

find / -perm -2000 -exec ls -l {} \; -exec md5sum {} \;
find / -perm -4000 -exec ls -l {} \; -exec md5sum {} \;