SETUID or SETGID (UNIX)

Module: User Files

This check identifies user files that have the set user ID (setuid) or the set group ID (setgid) bit set. Specify full path names in the file list to exclude files from this check.

The following table lists the error messages for the check.

Table: Error messages for SETUID or SETGID

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: STKU_SUIDOWNER

Category: System Error

UNIX (5432)

Title: setuid to owner

Description:The file is setuid for the owner of the directory tree where they reside. Setuid means that anyone who executes one of these files will, during execution, have an effective user ID that matches the file owner. This is a security problem because it allows unauthorized access to other files or programs owned by this user. Normally, there is no need for setuid files in user accounts. You should remove the setuid property from the file (chmod 750 filename).

Severity: red-4

Correctable: true

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_SGIDOWNER

Category: System Error

UNIX (5433)

Title: setgid to owner

Description:The file is setgid for anyone in the group with the owner of the directory tree where they reside. Setgid means that anyone who executes the file will, during execution, have an effective group ID that matches the group ownership of the file. This is a security problem because it allows unauthorized access to other files or programs owned by the group. Normally, there is no need for setgid files in user accounts. You should remove the setgid property from the file (chmod 750 filename).

Severity: red-4

Correctable: true

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_SUIDOTHER

Category: System Error

UNIX (5434)

Title: Other setuid file

Description:The file is setuid to a user other than the owner of the directory tree where they reside. Setuid means that anyone who executes the file will, during execution, have an effective user ID that matches the file owner. This is a security problem because it allows unauthorized access to other files or programs owned by this user. If the file is owned by root, anyone executing the file will temporarily have superuser privileges. Normally, there is no need for setuid files in user accounts. You should remove the setuid property from the file (chmod 750 filename).

Severity: red-4

Correctable: true

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_SGIDOTHER

Category: System Error

UNIX (5435)

Title: Other setgid file

Description:The file is setgid to a group other than the group that owns the directory tree in which they reside. Setgid means that anyone who executes the file will, during execution, have an effective group ID that matches the group ownership of the file. This is a security problem because it allows unauthorized access to other files or programs owned by the group. If the file is owned by root, anyone executing the file will temporarily have superuser privileges. Normally, there is no need for setgid files in user accounts. You should remove the setgid property from the file (chmod 750 filename).

Severity: red-4

Correctable: true

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]