Saturday, December 5, 2015

how to set SGID in linux

What is SGID?

SGID (Set Group ID up on execution) is a special type of file permissions given to a file/folder. Normally in Linux/Unix when a program runs, it inherits access permissions from the logged in user. SGID is defined as giving temporary permissions to a user to run a program/file with the permissions of the file group permissions to become member of that group to execute the file. In simple words users will get file Group’s permissions when executing a Folder/file/program/command.

SGID is similar to SUID. The difference between both is that SUID assumes owner of the file permissions and SGID assumes group’s permissions when executing a file instead of logged in user inherit permissions.

How can I setup SGID for a file?

SGID can be set in two ways

1) Symbolic way (s)

2) Numerical/octal way (2, SGID bit as value 2)

Use chmod command to set SGID on file: file2.txt

Symbolic way:

chmod g+s file2.txt

Let me explain above command we are setting SGID(+s) to group who owns this file.

Numerical way:

chmod 2750 file2.txt

Here in 2750, 2 indicates SGID bitset, 7 for full permissions for owner, 5 for read and execute permissions for group, and no permissions for others.

How can I check if a file is set with SGID bit or not?

Use ls –l to check if the x in group permissions field is replaced by s or S

For example: file2.txt listing before and after SGID set

[root@rhel~]# ls -l
-rwxr-s---. 1 root root 0 Nov 24 14:54 file2.txt

How can I remove SGID bit on a file/folder?

[root@rhel ~]# chmod g-s file2.txt
[root@rhel ~]# ls -l
-rwxr-x---. 1 root root 0 Nov 24 14:54 file2.txt

No comments:

Post a Comment