This built-in function makes sure that no shell has “set-uid” capabilities.
A “setuid” shell means that whenever the shell is started, the process itself will have the privileges set to its permissions (a setuid “root” shell grants super-user privileges to anyone for instance).
Having a “setuid” shell defeats the purpose of having UIDs and GIDs and makes access control much more complex.
Remove the SUID bit of each shell that is “setuid”.
description: "This check reports user accounts with login shells that have setuid or setgid privileges."