Provided by: sxid_4.2-1ubuntu1_i386 bug


       sxid - check for changes in s[ug]id files and directories


       sxid [ --config <file> ] [ --nomail ] [ --spotcheck ] [ --listall ]


       Sxid checks for changes in suid and sgid files and directories based on
       its last check. Logs are stored by default in  /var/log/sxid.log.   The
       changes  are then emailed to the address specified in the configuration
       file. The default location for the config file  is  /etc/sxid.conf  but
       this  can  be  overridden  with  the  --config option and specifying an
       alternate location.


       The program outputs several different  checks  concerning  the  current
       status  of  the  suid  and  sgid files and directories on the system on
       which it was run. This is a basic overview of the format.

       In the add remove section, new files are preceded by a  ’+’,  old  ones
       are  preceded  by  a ’-’ NOTE: that removed does not mean gone from the
       filesystem, just that it is no longer sgid or suid.

       Most of it is pretty easy to understand.  On  the  sections  that  show
       changes in the file’s info (uid, gid, modes...) the format is old->new.
       So if the old owner was ’mail’ and it is now ’root’ then it shows it as

       The list of files in the checks is in the following format:

               /full/path              *    MODE

       (MODE is the 4 digit mode, as in 4755)

       In  the  changes  section,  if the line is preceded by an ’i’ then that
       item has changed inodes since the last check (regardless of any s[ug]id
       change), if there is an ’m’ then the md5sum has changed.

       If  a  user or group entry is preceded by a ’*’ then it’s execution bit
       is set (ie. *root.wheel is suid, root.*wheel is sgid,  *root.*wheel  is

       On the forbidden directories, if ENFORCE is enabled an ’r’ will precede
       forbidden items that were succesfully -s’d, and an ’!’ will  show  that
       it was unsuccesfully -s’d (for what ever reason).


       -c, --config <file>
              specifies an alternate configuration file

       -n, --nomail
              sends  output  to  stdout  instead  of emailing, useful for spot

       -k, --spotcheck
              Checks for changes by recursing the current  working  directory.
              Log files will not be rotated and no email sent. All output will
              go to stdout.

       -l, --listall
              Useful when doing --spotcheck or --nomail to list all files that
              are logged, regardless of changes.


       Ben Collins <>


       Report bugs to current maintainer Timur Birsh <>.