Should I remove the SUID and/or SGID bits on files in RHEL?
Issue
My system have a list of files which contain suid or guid. Please advise whether we should change any of the files permission. What is RedHat recommandation. Can you try to explain what are each of the files used for ?
|
1 |
/bin/traceroute |
21 |
/usr/sbin/suexec |
|
2 |
/bin/umount |
22 |
/usr/bin/lppasswd |
|
3 |
/bin/mount |
23 |
/usr/bin/kgrantpty |
|
4 |
/bin/traceroute6 |
24 |
/usr/binstaprun |
|
5 |
/bin/ping6 |
25 |
/usr/bin/sg |
|
6 |
/bin/ping |
26 |
/usr/bin/chage |
|
7 |
/usr/bin/chfn |
27 |
/usr/libexec/t_chown |
|
8 |
/usr/bin/rsh |
28 |
/sbin/pam_timestamp_check |
|
9 |
/usr/bin/crontab |
29 |
/usr/libexec/openssh/ssh-keysign |
|
10 |
/usr/bin/gpasswd |
30 |
/usr/lib/vte/gnome-pty-helper |
|
11 |
/usr/bin/sudo |
31 |
/usr/sbin/gnome-pty-helper |
|
12 |
/usr/bin/at |
32 |
/usr/sbin/sendmail.sendmail |
|
13 |
/usr/bin/rcp |
33 |
/usr/sbin/lockdev |
|
14 |
/usr/bin/rlogin |
34 |
/usr/sbin/utempter |
|
15 |
/usr/bin/chsh |
35 |
/usr/bin/slocate |
|
16 |
/usr/kerberos/bin/ksu |
36 |
/usr/bin/lockfile |
|
17 |
/usr/lib/vmware-tools/sbin32/vmware-hgfsmounter |
37 |
/usr/bin/write |
|
18 |
/usr/x11R6/bin/Xorg |
38 |
/usr/bin/wall |
|
19 |
/usr/sbin/userhelper |
39 |
/sbin/netreport |
|
20 |
/usr/sbin/usernetctl |
40 |
/usr/share/doc/diskdumputils-1.3.25/example_scripts |
According to our hardening guideline, files that are suid/sgid to root pose high security risks due the elevated privilege given to the user. There might be a need to remove such permission from any unidentified files or files that do not absolutely need the extra privilege to perform their function. Hence if we have offical reply from Redhat saying that editing or removing of such file/directory permissions is not recommanded, then we will treat those as legitimate suid/sgid files.
Environment
- Red Hat Enterprise Linux
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
