Error getting authority: Error initializing authority: Could not connect: No such file or directory (g-io-error-quark, 1)

When trying to disaster recover a VM from backup files you need all the disk, partitions, LVM info to match up the new system with the old. When you get this error message:

Error getting authority: Error initializing authority: Could not connect: No such file or directory (g-io-error-quark, 1)

It usually mean that it is referencing a disk, partition or LVM volume that it can't fine. Check out the /etc/fstab and remove those entries. For example, the original VM had this fstab configuration:

#
# /etc/fstab
# Created by anaconda on Tue Jun  9 09:18:57 2015
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos-root /                       ext4    defaults        1 1
UUID=f3371e3a-e4f9-4423-9bf3-dd7242ce4de9 /boot                   ext4    defaults        1 2
UUID=F7BA-C6DF          /boot/efi               vfat    umask=0077,shortname=winnt 0 0
/dev/mapper/centos-home /home                   ext4    defaults        1 2
/dev/mapper/centos-opt  /opt                    ext4    defaults        1 2
/dev/mapper/centos-tmp  /tmp                    ext4    defaults        1 2
/dev/mapper/centos-var  /var                    ext4    defaults        1 2
/dev/mapper/centos-swap swap                    swap    defaults        0 0

The restored files went on to a system that had no /dev/mapper/centos-tmp LVM volume. This caused the error at boot asking for root password for maintenance!

Mounting LVM with same PV, LV, VG names as system

What happens when we try to use a disk that has the same LVM names as our system?

[root@st ~]# pvs
  WARNING: Not using lvmetad because duplicate PVs were found.
  WARNING: Use multipath or vgimportclone to resolve duplicate PVs?
  WARNING: After duplicates are resolved, run "pvscan --cache" to enable lvmetad.
  WARNING: PV aP2MDZ-3scA-JYFj-cX1A-22JX-tj1p-iaNIZl on /dev/sdb3 was already found on /dev/sda3.
  WARNING: PV aP2MDZ-3scA-JYFj-cX1A-22JX-tj1p-iaNIZl prefers device /dev/sda3 because device is used by LV.
  PV         VG     Fmt  Attr PSize  PFree
  /dev/sda3  centos lvm2 a--  99.00g 4.00m

[root@st ~]# lvs
  WARNING: Not using lvmetad because duplicate PVs were found.
  WARNING: Use multipath or vgimportclone to resolve duplicate PVs?
  WARNING: After duplicates are resolved, run "pvscan --cache" to enable lvmetad.
  WARNING: PV aP2MDZ-3scA-JYFj-cX1A-22JX-tj1p-iaNIZl on /dev/sdb3 was already found on /dev/sda3.
  WARNING: PV aP2MDZ-3scA-JYFj-cX1A-22JX-tj1p-iaNIZl prefers device /dev/sda3 because device is used by LV.
  LV   VG     Attr       LSize  Pool Origin Data%  Meta%  Move Log Cpy%Sync Convert
  home centos -wi-ao----  6.99g
  opt  centos -wi-ao---- 20.00g
  root centos -wi-ao---- 32.00g
  swap centos -wi-ao----  4.00g
  tmp  centos -wi-ao----  4.00g
  var  centos -wi-ao---- 32.00g

[root@st ~]# vgdisplay
  WARNING: Not using lvmetad because duplicate PVs were found.
  WARNING: Use multipath or vgimportclone to resolve duplicate PVs?
  WARNING: After duplicates are resolved, run "pvscan --cache" to enable lvmetad.
  WARNING: PV aP2MDZ-3scA-JYFj-cX1A-22JX-tj1p-iaNIZl on /dev/sdb3 was already found on /dev/sda3.
  WARNING: PV aP2MDZ-3scA-JYFj-cX1A-22JX-tj1p-iaNIZl prefers device /dev/sda3 because device is used by LV.
  --- Volume group ---
  VG Name               centos
  System ID
  Format                lvm2
  Metadata Areas        1
  Metadata Sequence No  8
  VG Access             read/write
  VG Status             resizable
  MAX LV                0
  Cur LV                6
  Open LV               6
  Max PV                0
  Cur PV                1
  Act PV                1
  VG Size               99.00 GiB
  PE Size               4.00 MiB
  Total PE              25343
  Alloc PE / Size       25342 / 98.99 GiB
  Free  PE / Size       1 / 4.00 MiB
  VG UUID               u5BLZG-ds9z-6dRh-0AI7-kAxD-n6lh-cvkKEw

[root@st ~]# vgrename aP2MDZ-3scA-JYFj-cX1A-22JX-tj1p-iaNIZl recover
  WARNING: Not using lvmetad because duplicate PVs were found.
  WARNING: Use multipath or vgimportclone to resolve duplicate PVs?
  WARNING: After duplicates are resolved, run "pvscan --cache" to enable lvmetad.
  WARNING: PV aP2MDZ-3scA-JYFj-cX1A-22JX-tj1p-iaNIZl on /dev/sdb3 was already found on /dev/sda3.
  WARNING: PV aP2MDZ-3scA-JYFj-cX1A-22JX-tj1p-iaNIZl prefers device /dev/sda3 because device is used by LV.
  WARNING: PV aP2MDZ-3scA-JYFj-cX1A-22JX-tj1p-iaNIZl on /dev/sdb3 was already found on /dev/sda3.
  WARNING: PV aP2MDZ-3scA-JYFj-cX1A-22JX-tj1p-iaNIZl prefers device /dev/sda3 because of previous preference.
  Volume group "aP2MDZ-3scA-JYFj-cX1A-22JX-tj1p-iaNIZl" not found
  Cannot process volume group aP2MDZ-3scA-JYFj-cX1A-22JX-tj1p-iaNIZl

We can use vgimportclone to rename the extra volume names and then use. However if we do this the volume group will be permanently renamed. To mount on a target system with the original name, we need to boot from CDROM and rename the volume back.

[root@pe-test-st ~]# vgimportclone --basevgname recover /dev/sdb3
  WARNING: PV aP2MDZ-3scA-JYFj-cX1A-22JX-tj1p-iaNIZl on /dev/sdb3 was already found on /dev/sda3.
  WARNING: PV aP2MDZ-3scA-JYFj-cX1A-22JX-tj1p-iaNIZl prefers device /dev/sda3 because device is used by LV.

[root@pe-test-st ~]# lvs
  LV   VG      Attr       LSize  Pool Origin Data%  Meta%  Move Log Cpy%Sync Convert
  home centos  -wi-ao----  6.99g
  opt  centos  -wi-ao---- 20.00g
  root centos  -wi-ao---- 32.00g
  swap centos  -wi-ao----  4.00g
  tmp  centos  -wi-ao----  4.00g
  var  centos  -wi-ao---- 32.00g
  home recover -wi-------  6.99g
  opt  recover -wi------- 20.00g
  root recover -wi------- 32.00g
  swap recover -wi-------  4.00g
  tmp  recover -wi-------  4.00g
  var  recover -wi------- 32.00g

[root@pe-test-st ~]# vgchange -a y  recover
  6 logical volume(s) in volume group "recover" now active

[root@pe-test-st ~]# ls /dev/recover/
home  opt  root  swap  tmp  var

[root@pe-test-st ~]# mount /dev/recover/root /mnt

[root@pe-test-st ~]# ls /mnt
1    boot   dev  home  lib64       media  nsr  proc  run   srv  tmp  var
bin  cdrom  etc  lib   lost+found  mnt    opt  root  sbin  sys  usr

How to delete files with strange characters

If you have files that you can not delete due to strange characters, find the inode and delete them via that.

root@server puppetlabs # ls
activemq      code          enterprise                        installer    license.key.2016  orchestration-services  puppetserver  r10k
client-tools  code-staging  --exclude-dirs=code,code-staging  license.key  mcollective       puppet                  pxp-agent
[2017-08-17 16:03:42]
root@server puppetlabs # rm --exclude-dirs\=code\,code-staging
rm: unrecognized option '--exclude-dirs=code,code-staging'
Try 'rm ./'--exclude-dirs=code,code-staging'' to remove the file ‘--exclude-dirs=code,code-staging’.
Try 'rm --help' for more information.
[2017-08-17 16:02:30]

No chance with the above, so use:

root@server puppetlabs # ls -i
918314 activemq      918427 code-staging                      917739 installer         918184 mcollective             918048 puppetserver
918293 client-tools  918390 enterprise                        945600 license.key       918298 orchestration-services  918212 pxp-agent
918146 code          927457 --exclude-dirs=code,code-staging  934089 license.key.2016  918195 puppet                  918294 r10k
[2017-08-17 16:04:36]
root@server puppetlabs # find . -inum 927457 -delete
[2017-08-17 16:04:59]
root@picard puppetlabs # ls
activemq      code          enterprise  license.key       mcollective             puppet        pxp-agent
client-tools  code-staging  installer   license.key.2016  orchestration-services  puppetserver  r10k
[2017-08-17 16:04:59]

iSCSI on Oracle Linux

Install the iSCSI utils:

# yum install iscsi-initiator-utils

Check out the initiator file to get the IQN:

# cat /etc/iscsi/initiatorname.iscsi
InitiatorName=iqn.1988-12.com.oracle:acbd8bf16757

Can not write to web app directory - selinux issue

Is the content directory of some web app living somewhere that selinux is enforcing it policy? Perform the following to make directory writeable:

root@icinga2-p0 etc # semanage fcontext -a -t httpd_sys_rw_content_t "/etc/icingaweb2(/.*)?"


root@icinga2 etc # restorecon -Rv /etc/icingaweb2
restorecon reset /etc/icingaweb2 context system_u:object_r:etc_t:s0->system_u:object_r:httpd_sys_rw_content_t:s0
restorecon reset /etc/icingaweb2/setup.token context unconfined_u:object_r:etc_t:s0->unconfined_u:object_r:httpd_sys_rw_content_t:s0
restorecon reset /etc/icingaweb2/modules context system_u:object_r:etc_t:s0->system_u:object_r:httpd_sys_rw_content_t:s0
restorecon reset /etc/icingaweb2/modules/translation context system_u:object_r:etc_t:s0->system_u:object_r:httpd_sys_rw_content_t:s0
restorecon reset /etc/icingaweb2/modules/translation/config.ini context system_u:object_r:etc_t:s0->system_u:object_r:httpd_sys_rw_content_t:s0
restorecon reset /etc/icingaweb2/modules/setup context system_u:object_r:etc_t:s0->system_u:object_r:httpd_sys_rw_content_t:s0
restorecon reset /etc/icingaweb2/modules/setup/config.ini context system_u:object_r:etc_t:s0->system_u:object_r:httpd_sys_rw_content_t:s0

Update, compare kernel versions - reboot within 6hours period - CentOS

#!/bin/sh
host=`hostname -f`
date=`date`

# run updates to get latest software and kernel
yum -y update
maxdelay=$((6*60))
rdelay=$(($RANDOM%maxdelay))
sdelay=$(($rdelay*60))
kernel=`uname -r`
latest=`rpm -q kernel --queryformat '%{installtime} %{version}-%{release}.%{arch}\n' | sort -n -k1 | tail -1 | cut -d ' ' -f 2`
sdate=`date`

if [ "$kernel" = "$latest" ];
then
        echo "No need to reboot..."
        echo "You are running the latest kernel: $kernel"
else
        echo "There is a new kernel. You need a reboot..."
        echo "Current kernel: $kernel"
        echo "The latest kernel: $latest"
        echo "$sdate\nCurrent kernel: $kernel\nLatest kernel: $latest"
        echo "Sleeping for $sdelay seconds..."
        sleep $sdelay
        echo "Waking up and rebooting..."
        /sbin/reboot
fi

Install GRUB loader when Debian fails to boot

mount /dev/sdXY /mnt

mount --bind /dev /mnt/dev &&
mount --bind /dev/pts /mnt/dev/pts &&
mount --bind /proc /mnt/proc &&
mount --bind /sys /mnt/sys

chroot /mnt

grub-install /dev/sdX
grub-install --recheck /dev/sdX

Disable service start up at re/boot - Debian 6

The following is the chkconfig equivalents on Debian 6:

update-rc.d  <service> defaults
update-rc.d  <service> start 20 3 4 5
update-rc.d -f <service>  remove

Part of the man page:

UPDATE-RC.D(8)                                   sysv-rc                                   UPDATE-RC.D(8)

NAME
       update-rc.d - install and remove System-V style init script links

SYNOPSIS
       update-rc.d [-n] [-f] name remove

       update-rc.d [-n] name defaults [NN | SS KK]

       update-rc.d  [-n]  name  start|stop  NN  runlevel  [runlevel]...   .  start|stop NN runlevel [run‐
              level]...  . ...

       update-rc.d [-n] name disable|enable [ S|2|3|4|5 ]

DESCRIPTION
       update-rc.d updates the System V style init script links /etc/rcrunlevel.d/NNname whose target  is
       the script /etc/init.d/name.  These links are run by init when it changes runlevels; they are gen‐
       erally used to start and stop system services such as daemons.  runlevel is one of  the  runlevels
       supported  by  init,  namely, 0123456789S, and NN is the two-digit sequence number that determines
       where in the sequence init will run the scripts.

       This manpage documents only the usage and behaviour of update-rc.d.  For a discussion of the  Sys‐
       tem V style init script arrangements please see init(8) and the Debian Policy Manual.

CentOS 5 EOL - Yum repo issue

Now that CentOS 5 has gone end of life, there's no update repos left to use:

-bash-3.2# cat /etc/redhat-release
CentOS release 5.11 (Final)
-bash-3.2# yum update
Loaded plugins: downloadonly, fastestmirror
Determining fastest mirrors
YumRepo Error: All mirror URLs are not using ftp, http[s] or file.
 Eg. Invalid release/
removing mirrorlist with no valid mirrors: /var/cache/yum/base/mirrorlist.txt
Error: Cannot find a valid baseurl for repo: base

All repo contents have been moved to http://vault.centos.org so to fix the problem, the other repos must be removed:

-bash-3.2# ls /etc/yum.repos.d/CentOS-
CentOS-Base.repo       CentOS-Media.repo      CentOS-Vault.repo
CentOS-Debuginfo.repo  CentOS-Sources.repo    CentOS-fasttrack.repo
-bash-3.2# ls /etc/yum.repos.d/CentOS-

Leaving only CentOS-Vault.repo:

-bash-3.2# yum update
Loaded plugins: downloadonly, fastestmirror
Determining fastest mirrors
Setting up Update Process
No Packages marked for Update
-bash-3.2#

Boot Linux OS into shell to change root password

Get access to the console. At the grub boot options edit boot line which has "kernel" string and append:

init=/bin/sh

Boot this and the Linux OS will boot to a shell. Mount / as rewrite:

mount -o remount,rw /

Change the root password:

passwd

Reboot Linux OS:

reboot

Fix Expired Certificate Issue on Ganeti cluster

When the certificate expires on a ganeti cluster you will get these error messages when starting the ganeti service:

(0) root@server ~
# gnt-instance list
Cannot communicate with the master daemon.
Is it running and listening for connections?
(1) root@server ~
# gnt-cluster getmaster
sever.gnt6.fog.priv
(0) root@server ~
# ls /var/lib/ganeti/ssconf_master_node
/var/lib/ganeti/ssconf_master_node
(0) root@server ~
# cat /var/lib/ganeti/ssconf_master_node
sever.gnt6.fog.priv
(0) root@server ~
# /etc/init.d/ganeti start
Starting Ganeti cluster:ganeti-noded...done.
ganeti-masterd...ERROR:root:RPC error in master_info from node X: Error 60: server certificate verification failed. CAfile: /var/lib/ganeti/server.pem CRLfile: none
ERROR:root:RPC error in master_info from node X: Error 60: server certificate verification failed. CAfile: /var/lib/ganeti/server.pem CRLfile: none
ERROR:root:RPC error in master_info from node Y: Error 60: server certificate verification failed. CAfile: /var/lib/ganeti/server.pem CRLfile: none
ERROR:root:RPC error in master_info from node Z: Error 60: server certificate verification failed. CAfile: /var/lib/ganeti/server.pem CRLfile: none
CRITICAL:root:Cluster inconsistent, most of the nodes didn't answer after multiple retries. Aborting startup
CRITICAL:root:Use the --no-voting option if you understand what effects it has on the cluster state
failed (exit code 1).
ganeti-rapi...done.
ganeti-confd...done.
(0) root@sever ~
# gnt-instance list
Cannot communicate with the master daemon.
Is it running and listening for connections?
(1) root@server ~

Checking the certificate, you see that it has expired. To solve this issue, on the current (but broken) master, create a new certificate:

# cp /var/lib/ganeti/server.pem ~/expired.server.pem
# openssl req -new -newkey rsa:1024 -days 1825 -nodes -x509 -keyout /var/lib/ganeti/server.pem -out /var/lib/ganeti/server.pem -batch &&
# chmod 0400 /var/lib/ganeti/server.pem
Then run this script to copy this new certificate to all nodes in the cluster:
#!/bin/sh
for i in X Y Z
do
       ssh $i "cp /var/lib/ganeti/server.pem ~/"
       scp newserver.pem $i:/var/lib/ganeti/server.pem
       ssh $i "chmod 0400 /var/lib/ganeti/server.pem"
       ssh $i "/etc/init.d/ganeti restart"
done
/etc/init.d/ganeti restart

Note it will restart the ganeti service on all the non-master nodes before restarting the service on the master node.

Examine Certificate for expiration date

(0) root@server /var/log/ganeti
# openssl x509 -in /var/lib/ganeti/server.pem -text -noout
Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number: 1 (0x1)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: CN=ganeti.example.com
        Validity
            Not Before: Mar 15 19:33:15 2012 GMT
            Not After : Mar 14 19:33:15 2017 GMT
        Subject: CN=ganeti.example.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:ca:0a:cc:87:15:e5:00:7f:b0:00:21:31:3e:52:
                    09:b6:35:d3:7b:b5:60:c0:4a:e9:9c:ad:0f:cc:d8:
                    f8:2e:02:d3:fb:11:c1:77:b4:cf:1a:5a:6d:7f:7c:
                    a8:49:20:fe:df:bc:fa:94:55:a6:26:a6:9e:54:b8:
                    96:f7:aa:8d:20:a9:6f:25:64:f6:1c:89:27:c3:5c:
                    94:48:83:94:4f:2f:1b:b2:a3:ae:7f:79:d7:dc:e9:
                    29:c6:d9:88:63:8a:20:4d:03:48:7f:1e:1e:94:9c:
                    01:76:96:33:c4:46:f3:74:62:b5:af:fc:4a:99:e5:
                    b5:6f:b7:52:d5:6b:f8:a4:b0:40:7b:11:3f:6c:8d:
                    c5:ef:9e:83:02:58:10:8e:fd:03:75:4f:3e:df:95:
                    71:59:80:e8:b3:01:73:e1:a3:af:20:2c:3d:71:9b:
                    13:92:72:9c:98:ac:d4:f5:3a:f7:27:49:0c:e1:8d:
                    ed:65:18:6f:52:08:ec:11:e8:e6:c9:e6:a0:a2:3d:
                    d4:2a:3b:09:ab:09:8f:21:43:d6:95:17:55:1d:3b:
                    06:c9:e2:76:56:8f:61:bd:1f:52:96:b3:70:93:61:
                    62:ba:52:74:ef:78:51:1f:20:64:a8:5d:d1:fa:d7:
                    a6:87:9d:d0:0b:eb:19:39:ca:ed:c5:65:a1:c3:b7:
                    ac:3d
                Exponent: 65537 (0x10001)
    Signature Algorithm: sha1WithRSAEncryption
        01:3c:b6:0f:a6:90:92:5c:4b:07:c0:16:85:a7:11:e1:fd:22:
        42:df:69:d1:be:e8:19:68:f7:40:85:af:e1:c3:30:ee:ea:7b:
        c0:ea:bc:2c:23:a2:c5:2f:65:11:d1:62:8f:da:d8:d2:01:9f:
        f8:e6:47:32:cf:e5:d1:7e:73:0d:42:20:43:19:e0:9c:3a:d7:
        a2:f9:43:b8:ca:f0:cb:2d:ae:20:d3:e7:36:c4:e5:b8:ba:c5:
        4b:96:3d:67:6a:9b:69:32:50:ba:d4:23:54:f9:ec:a5:02:25:
        29:1d:4f:b5:3f:46:e1:5f:55:0e:a5:ef:5f:dd:ca:eb:c6:8e:
        63:44:18:5c:40:a8:8d:4e:28:b2:f8:52:09:39:bd:c0:bb:80:
        c9:58:43:3d:85:2c:35:7f:da:1e:cf:ce:8f:d2:43:fd:09:fe:
        ef:0f:09:d8:a9:f9:64:d5:2d:a2:15:25:fe:e7:30:a9:18:ab:
        68:83:d0:df:1e:41:1c:3e:a6:10:f0:26:59:7b:d0:16:02:74:
        e8:f7:69:e6:64:be:50:a8:92:de:82:4a:22:f7:f2:c3:d8:4b:
        ad:2a:12:13:bb:0a:ff:fa:0c:1d:eb:f6:f3:e2:63:26:1e:01:
        a6:3b:55:65:5c:ec:11:aa:99:67:7e:95:a8:5f:73:c6:fa:7b:
        5c:4e:2f:21
(0) root@server /var/log/ganeti
#

Mount ISO image - CentOS

/opt/tmp
[root@centos tmp]# ls
V834394-01.iso
[root@centos tmp]# mkdir oraclelinux
[root@centos tmp]# mount -t iso9660 -o loop /opt/tmp/V834394-01.iso /opt/tmp/oraclelinux/
[root@centos tmp]# ls /opt/tmp/oraclelinux/
addons  EULA  images    LiveOS    RELEASE-NOTES-U3-en       repodata     RPM-GPG-KEY-oracle
EFI     GPL   isolinux  Packages  RELEASE-NOTES-U3-en.html  RPM-GPG-KEY  TRANS.TBL
[root@centos tmp]#

Flush DNS cache on CentOS

To flush the DNS on CentOS:

# service nscd restart

or 

# nscd -i hosts

Permissions on /var/tmp CentOS 7

So you've screwed up the permissions on the /var/tmp folder. Here's how to fix it:

chmod 777 /var/tmp
chmod +t /var/tmp
chown root:root /var/tmp

How to encrypt the bind password in sssd.conf

You need to install sssd-tools:

# yum -y install sssd-tools

And use sss_obfuscate to encrypt the password. First make sure your /etc/sssd/sssd.conf is configured properly with the DOMAIN section filled. Then use the following command:

sss_obfuscate -d <domain_name>

You will then be prompted for the password that needs encrypting. The output will change the sssd.conf file with these two entries:

ldap_default_authtok_type = obfuscated_password
ldap_default_authtok = AAAQAGFQamU1Lg8qjuVPrtqVhOA652D3Sn43PYAH7T4W6CFatVtQSdB5687toLRWlgPVx7Uql96ZEfvpyVeW4T1a51gAAQID

Processing a JSON output

On most flavours of Linux you have a tool called jq:

#yum -y install jq
#man jq

JQ(1)                                                                                                                   JQ(1)

NAME
       jq - Command-line JSON processor

SYNOPSIS
       jq [options...] filter [files...]

       jq  can  transform  JSON in various ways, by selecting, iterating, reducing and otherwise mangling JSON documents. For
       instance, running the command jq ´map(.price) | add´ will take an array of JSON objects as input and return the sum of
       their "price" fields.

       jq can accept text input as well, but by default, jq reads a stream of JSON entities (including numbers and other lit‐
       erals) from stdin. Whitespace is only needed to separate entities such as 1 and 2, and true and  false.  One  or  more
       files may be specified, in which case jq will read input from those instead.

       The  options  are described in the INVOKING JQ section; they mostly concern input and output formatting. The filter is
       written in the jq language and specifies how to transform the input file or document.

For example:

jq '.resources[] | select(.type == "Class" and .title == "Userprefs").parameters' yourname .puppetlabs.vm.json

Otherwise, you can use Python:

cat somefile.json | python -m json.tool

How to set sticky bit in octal mode

This should help

$ find / -type f -perm /6000 -exec stat -c "%A %a %n" {} \;

-rwxr-sr-x 2755 /usr/bin/wall
-rwxr-sr-x 2755 /usr/bin/mlocate
-rwxr-sr-x 2755 /usr/bin/dotlockfile
-rwxr-sr-x 2755 /usr/bin/crontab
-rwsr-sr-x 6755 /usr/bin/at
-rwxr-sr-x 2755 /usr/bin/bsd-write
-rwxr-sr-x 2755 /usr/bin/ssh-agent
-rwsr-xr-x 4755 /usr/bin/mtr
-rwsr-xr-x 4755 /usr/bin/traceroute6.iputils
-rwsr-xr-x 4755 /usr/bin/passwd
-rwsr-xr-x 4755 /usr/bin/pkexec
-rwsr-sr-x 6755 /usr/bin/X

[...]