suid.chk uses find (1) to search system directories for all files with the 4000 or 2000 permission bits set. It then compares these files with the contents of a ``stop file'' (by default suid.stop) containing ``ls -lga'' output for known setuid or setgid programs. In addition, it flags any setuid or setgid programs that are either world-writable or shell scripts. Any additions or changes to this list represent potential security problems, so they are reported by mail to system administrators for further investigation.
-m user Mail the results to this user.
-n Do *not* follow NFS mounted partitions. This is probably not portable on most machines -- check the string in the source code that does the work; on a sun, it's:
-o Writes the results to a file, rather than mailing it.
-s secure_dir Sets the secure dir, good for running this in cron -- else it'll think it's "/", and you'll chmod that to 700 :-)
-S Set the search directory where the find starts. Warning -- does not work with the -x flag!
"-type d \\( -fstype nfs -prune \\)";
suid.stop (the ``stop file'')
find(1), chmod(1), cron(8)
Keeping the stop files up to date with changes to all the suid files on more than a couple of hosts is a royal pain!