List of setuid/setgid programs

Edit online

A list of trusted applications is created for BAS-enabled AIX® systems.

The suid/sgid bits are turned off for all non-trusted programs that are owned by root or a trusted group. The only programs on the system after a BAS install that are either suid and owned by root or sgid and owned by one of these trusted groups are system, sys, adm, uucp, mail, security, cron, printq, audit, and shutdown. Only add trusted users to these groups.

The list of trusted applications is created by considering all applications that fall into at least one of the following categories:
  • SUID root bit for the corresponding application is enabled
  • SGID bit to one of the trusted groups is enabled
  • Applications that access any of the trusted databases according to the administrator guidance document
Note: The setuid bit for the ipcs command should be removed by the system administrator. The system administrator should run the chmod u-s /usr/bin/ipcs and chmod u-s /usr/bin/ipcs64 commands.