Thursday, March 18, 2010

Linux: SETGID on directory


SETGID stands for SET Group ID. We can use the command chmod to set the group ID bit for a directory.

   chmod g+s mydir

or with numeric mode:

   chmod 2775 mydir

After the change, the permission of the directory "mydir" becomes "drwxrwsr-x".

   drwxrwsr-x 3 zen zen 4096 2010-03-18 19:57 mydir

But what is so special about setting the group ID for a directory? The trick is that when another user creates a file or directory under such a directory "mydir", the new file or directory will have its group set as the group of the owner of "mydir", instead of the group of the user who creates it.

For example, if user2 belongs to the groups "user2" (main group) and "zen", and he creates a file "newfile" under the diretory "mydir", "newfile" will be owned by the group of "zen" instead of user2's main group ID "user2".

   -rw-r--r-- 1 user2 zen   10 2010-03-18 20:01 newfile

Even if user2 does not belong to the group "zen", the files or directories he creates under "mydir" (if "mydir" grants the write permission to "others") will also get owned by group "zen".

You can use such feature to share files within the group. Create a directory which permits the group to write, and set the group ID bit. Every files or directories created under it will have the same group ownership. Therefore, the whole group can share them.

1 comment:

Anonymous said...

This posting is not correctly stated. New files created in SGID directories will have their group set to the group *of the SGID directory* not "the group of the owner of mydir" as stated by OP.

 
Get This <