What is SGID?
SGID (Set Group ID up on execution) is a special type of file permissions given to a file/folder. Normally in Linux/Unix when a program runs, it inherits access permissions from the logged in user. SGID is defined as giving temporary permissions to a user to run a program/file with the permissions of the file group permissions to become member of that group to execute the file. In simple words users will get file Group’s permissions when executing a Folder/file/program/command.
SGID is similar to SUID. The difference between both is that SUID assumes owner of the file permissions and SGID assumes group’s permissions when executing a file instead of logged in user inherit permissions.
How can I setup SGID for a file?
SGID can be set in two ways
1) Symbolic way (s)
2) Numerical/octal way (2, SGID bit as value 2)
2) Numerical/octal way (2, SGID bit as value 2)
Use chmod command to set SGID on file: file2.txt
Symbolic way:
chmod g+s file2.txt
Let me explain above command we are setting SGID(+s) to group who owns this file.
Numerical way:
chmod 2750 file2.txt
Here in 2750, 2 indicates SGID bitset, 7 for full permissions for owner, 5 for read and execute permissions for group, and no permissions for others.
How can I check if a file is set with SGID bit or not?
Use ls –l to check if the x in group permissions field is replaced by s or S
For example: file2.txt listing before and after SGID set
[root@rhel~]# ls -l
-rwxr-s---. 1 root root 0 Nov 24 14:54 file2.txt
How can I remove SGID bit on a file/folder?
[root@rhel ~]# chmod g-s file2.txt
[root@rhel ~]# ls -l
-rwxr-x---. 1 root root 0 Nov 24 14:54 file2.txt
No comments:
Post a Comment