Should I remove the SUID and/or SGID bits on files in RHEL?

Solution In Progress - Updated -

Issue

My system have a list of files which contain suid or guid. Please advise whether we should change any of the files permission. What is RedHat recommandation. Can you try to explain what are each of the files used for ?

1

/bin/traceroute

21

/usr/sbin/suexec

2

/bin/umount

22

/usr/bin/lppasswd

3

/bin/mount

23

/usr/bin/kgrantpty

4

/bin/traceroute6

24

/usr/binstaprun

5

/bin/ping6

25

/usr/bin/sg

6

/bin/ping

26

/usr/bin/chage

7

/usr/bin/chfn

27

/usr/libexec/t_chown

8

/usr/bin/rsh

28

/sbin/pam_timestamp_check

9

/usr/bin/crontab

29

/usr/libexec/openssh/ssh-keysign

10

/usr/bin/gpasswd

30

/usr/lib/vte/gnome-pty-helper

11

/usr/bin/sudo

31

/usr/sbin/gnome-pty-helper

12

/usr/bin/at

32

/usr/sbin/sendmail.sendmail

13

/usr/bin/rcp

33

/usr/sbin/lockdev

14

/usr/bin/rlogin

34

/usr/sbin/utempter

15

/usr/bin/chsh

35

/usr/bin/slocate

16

/usr/kerberos/bin/ksu

36

/usr/bin/lockfile

17

/usr/lib/vmware-tools/sbin32/vmware-hgfsmounter

37

/usr/bin/write

18

/usr/x11R6/bin/Xorg

38

/usr/bin/wall

19

/usr/sbin/userhelper

39

/sbin/netreport

20

/usr/sbin/usernetctl

40

/usr/share/doc/diskdumputils-1.3.25/example_scripts

According to our hardening guideline, files that are suid/sgid to root pose high security risks due the elevated privilege given to the user. There might be a need to remove such permission from any unidentified files or files that do not absolutely need the extra privilege to perform their function. Hence if we have offical reply from Redhat saying that editing or removing of such file/directory permissions is not recommanded, then we will treat those as legitimate suid/sgid files.

Environment

  • Red Hat Enterprise Linux

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content