What is SGID and how to set SGID in Linux?
2014-06-16 06:12
429 查看
http://www.linuxnix.com/2011/12/sgid-set-sgid-linuxunix.html
This is next to SUID in
our ongoing Linux file and folder permissions series. We already discussed about CHMOD, UMASK, CHOWN, CHGRP, SUID, StickyBit and
SUDO concepts in our previous posts. In this post we will see
What is SGID?
Why we require SGID?
Where we are going to implement SGID?
How to implement SGID in Linux?
SGID (Set Group ID up on execution) is a special type of file permissions given
to a file/folder. Normally in Linux/Unix when a program runs, it inherits access permissions from the logged in user. SGID is defined as giving temporary permissions to a user to run a program/file with the permissions of the file group permissions to become
member of that group to execute the file. In simple words users will get file Group’s permissions when executing a Folder/file/program/command.
SGID is similar to SUID. The difference between both is that SUID assumes owner of the file permissions and SGID assumes group’s permissions when executing a file instead of logged in user inherit permissions.
Example: Linux Group quota implementation
When implementing Linux Group quota for group of people SGID plays an important role in checking the quota timer. SGID bit set on folder is used to change their inherit permissions to group’s permissions to make it as single user who is dumping data. So that
group members whoever dumps the data the data will be written with group permissions and in turn quota will be reduced centrally for all the users. For clear understanding of this you have to implement group quota from the above link. Without implementation
of SGID the quota will not be effective.
SGID can be set in two ways
Use chmod command to
set SGID on file: file1.txt
Symbolic way:
Numerical way:
Here in 2750, 2 indicates SGID bitset, 7 for full permissions for owner, 5 for read and execute permissions for group, and no permissions for others.
How can I check if a file is set with SGID bit or not?
Use ls –l to check if the x in group permissions field is replaced by s or S
For example: file1.txt listing before and after SGID set
Before SGID set:
Where is SUID used?
1) When implementing Linux group disk quota.
I am seeing “S” ie Capital s in the file permissions, what’s that?
After setting SUID or SGID to a file/folder if you see ‘S’ in the file permission area that indicates that the file/folder does not have executable permissions for that user or group on that particular file/folder.
output:
This is next to SUID in
our ongoing Linux file and folder permissions series. We already discussed about CHMOD, UMASK, CHOWN, CHGRP, SUID, StickyBit and
SUDO concepts in our previous posts. In this post we will see
What is SGID?
Why we require SGID?
Where we are going to implement SGID?
How to implement SGID in Linux?
What is SGID?
SGID (Set Group ID up on execution) is a special type of file permissions givento a file/folder. Normally in Linux/Unix when a program runs, it inherits access permissions from the logged in user. SGID is defined as giving temporary permissions to a user to run a program/file with the permissions of the file group permissions to become
member of that group to execute the file. In simple words users will get file Group’s permissions when executing a Folder/file/program/command.
SGID is similar to SUID. The difference between both is that SUID assumes owner of the file permissions and SGID assumes group’s permissions when executing a file instead of logged in user inherit permissions.
Learn SGID with examples:
Example: Linux Group quota implementationWhen implementing Linux Group quota for group of people SGID plays an important role in checking the quota timer. SGID bit set on folder is used to change their inherit permissions to group’s permissions to make it as single user who is dumping data. So that
group members whoever dumps the data the data will be written with group permissions and in turn quota will be reduced centrally for all the users. For clear understanding of this you have to implement group quota from the above link. Without implementation
of SGID the quota will not be effective.
How can I setup SGID for a file?
SGID can be set in two ways1) Symbolic way (s) 2) Numerical/octal way (2, SGID bit as value 2)
Use chmod command to
set SGID on file: file1.txt
Symbolic way:
chmod g+s file1.txt
Let me explain above command we are setting SGID(+s) to group who owns this file.
Numerical way:
chmod 2750 file1.txt
Here in 2750, 2 indicates SGID bitset, 7 for full permissions for owner, 5 for read and execute permissions for group, and no permissions for others.
How can I check if a file is set with SGID bit or not?
Use ls –l to check if the x in group permissions field is replaced by s or S
For example: file1.txt listing before and after SGID set
Before SGID set:
ls -l total 8 -rwxr--r-- 1 xyz xyzgroup 148 Dec 22 03:46 file1.txt
After SGID set:
ls -l total 8 -rwxr-sr-- 1 xyz xyzgroup 148 Dec 22 03:46 file1.txt
Some FAQ’s related to SGID:
Where is SUID used?
1) When implementing Linux group disk quota.
I am seeing “S” ie Capital s in the file permissions, what’s that?
After setting SUID or SGID to a file/folder if you see ‘S’ in the file permission area that indicates that the file/folder does not have executable permissions for that user or group on that particular file/folder.
chmod g+s file1.txt
output:
-rwxrwSr-x 1 surendra surendra 0 Dec 27 11:24 file1.txt
相关文章推荐
- What is UMASK and how to set UMASK in Linux/Unix?
- What is EPOLL? EPOLL vs Select call? And How to implement UDP server in Linux using EPOLL?
- What is EPOLL? Epoll vs Poll vs Select call ? And How to implement UDP server in Linux using EPOLL?
- What is a "sosreport" and how do I create it in Red Hat Enterprise Linux 4.6 and later
- How to Set and Unset Local, User and System Wide Environment Variables in Linux
- [linux]How to set PATH in shell script, and keep it avaiable even after it exits
- What is reflection and how to use it in CSharp ?
- How to install LAMP (Apache, PHP and MySQL in Linux) using Yum
- What is global registry and how to know a repository is a global registry
- (Page 3 of 3 )A walking tour of JavaBeans What JavaBeans is, how it works, and why you want to use it
- What is xylitol and how does it help to prevent cavities?
- Introduction to COM - What It Is and How to Use It.
- (Page 1 of 3 )A walking tour of JavaBeans What JavaBeans is, how it works, and why you want to use it
- Sys.WebForms.PageRequestManagerParserErrorException - what it is and how to avoid it
- Linux: Where to set hostname and how to get IP info, as well as how to set DNS
- Sys.WebForms.PageRequestManagerParserErrorException - what it is and how to avoid it
- How to install multi OS(Windows/Linux) in one PC box and boot them easily
- How to set up usblan and telnet for A780 in 3 easy steps
- (Page 2 of 3 )A walking tour of JavaBeans 2 :What JavaBeans is, how it works, and why you want to use it
- How to find and fix faults in Linux applications.