Several applications that include the setuid flag are installed by default.

Default setuid Applications lists the default setuid applications and indicates whether the application is required or optional.

Default setuid Applications

Application

Purpose and Path

Required or Optional

crontab

Lets individual users add cron jobs.

Path: /usr/bin/crontab

Optional

pam_timestamp_check

Supports password authentication.

Path: /sbin/pam_timestamp_check

Required

passwd

Supports password authentication.

Path: /usr/bin/passwd

Required

ping

Sends and listens for control packets on the network interface. Useful for debugging networks.

Path: /bin/ping

Optional

pwdb_chkpwd

Supports password authentication.

Path: /sbin/pwdb_chkpwd

Required

ssh-keysign

Performs host-based authentication for SSH.

Path: /usr/libexec/openssh/ssh-keysign

Required if you use host-based authentication.

Otherwise optional.

su

Lets a general user become the root user by changing users.

Path: /bin/su

Required

sudo

Lets a general user act as the root user only for specific operations.

Path: /usr/bin/sudo

Optional

unix_chkpwd

Supports password authentication.

Path: /sbin/unix_chkpwd

Required

vmkload_app

Performs tasks required to run virtual machines. This application is installed in two locations: one for standard use and one for debugging.

Path for standard use: /usr/lib/vmware/bin/vmkload_app

Path for debugging: /usr/lib/vmware/bin-debug/vmkload_app

Required in both paths

vmware-authd

Authenticates users for use of services specific to VMware.

Path: /usr/sbin/vmware-authd

Required

vmware-vmx

Performs tasks required to run virtual machines. This application is installed in two locations: one for standard use and one for debugging.

Path for standard use: /usr/lib/vmware/bin/vmware-vmx

Path for debugging: /usr/lib/vmware/bin-debug/vmware-vmk

Required in both paths