Special Permissions (SUID,SGID and StickyBit ) In Linux :: SGID Bit: ...

Special Permissions (SUID,SGID and StickyBit ) In Linux :: SGID Bit: Part- 2/3

by -
0 1271

SGID BIT (Set-group identification )

SGID permission on executable file
SGID permission is similar to the SUID permission, only difference is, when the script or command with SGID on is run, it runs as if it were a member of the same group in which the file is a member

SGID on a directory

When SGID permission is set on a directory, files created in the directory belong to the group of which the directory is a member.
For example if a user having write permission in the directory creates a file there, that file is a member of the same group as the directory and not the user’s group.
This is very useful in creating shared directories.

How can I setup SGID  ?

Sticky Bit can be set in two ways

  1. Symbolic way (s,represents SGID bit)
  2. Numerical/octal way (2, SGID Bit bit as value 2)

 Use chmod command to set SGID bit to a file

Symbolic way:

chmod g+s  file1

 sgid bit   is applied on  file file1

Or we can use Numerical ways to implement SGID bit

Numerical way:

chmod 2757 file1

Here in 2757, 2 indicates SGID  Bit set, 7 for full permissions for owner, 5 for read and execute permissions for group, and full permissions for others.

Checking if a file is set with SGID  Bit or not?

Use ls -l to check if the x in others permissions field is replaced by s or S

For example:  file  file1 listing before and after SGID  Bit set

Before Sticky Bit set:

[[email protected] ~]# touch file1
[[email protected] ~]#
[[email protected] ~]# ls -l
total 0
-rw-r–r– 1 root root 0 Jul  3 17:19 file1    <——— before forcing  SGID bit
[[email protected] ~]#
[[email protected] ~]#
[[email protected] ~]# chmod 2757 file1
[[email protected] ~]#  ls -l
total 0
-rwxr-srwx 1 root root 0 Jul  3 17:19 file1    <- after  force SGID bit
-rwxr-srwx        <—here  s   stand for SGID bit here

 

Difference between s   and  S  here in SGID bit :

Here we created two files file2 nad file3 with different permission

[[email protected] ~]# touch file2
[[email protected] ~]# chmod 777 file2
[[email protected] ~]# touch file3
[[email protected] ~]# ls -l
-rw-r–r– 1 root root 0 Jul  3 17:24 file3
[[email protected] ~]# ls – l
total 0
-rwxrwxrwx 1 root root 0 Jul  3 17:23 file2
-rw-r–r– 1 root root 0 Jul  3 17:24 file3

now force SGID bit  on both

[[email protected] /]# chmod g+s  file2
[[email protected] /]# chmod g+s   file3

Now show list

[[email protected] ~]# ls -l

total 0

-rwxrwsrwx 1 root root 0 Jul  3 17:23 file2  <—     -rwxrwsrwx

-rwxr-Sr– 1 root root 0 Jul  3 17:24 file3      <– —-     -rwxr-Sr–

 

[[email protected] ~]#

here small s means permission executive share with SGID bit ( x+ sgid bit =s ) and capital S means  here no executive permission is available here ( – + sgid bit =S )

suppose you have permission 755 on file1 and 644 on directory  file2  you can force SUID bit by numerical way too

[[email protected] /]# chmod 4755 file1               <——— here 2 represent SGID bit

[[email protected] /]# chmod 1644 file2              <——— here 2 represent SGID  bit

 

Result will be like

[[email protected] ~]# ls -l

total 0

-rwxr-sr-x 1 root root 0 Jul  3 17:19 file1   <——————rwxr-sr-x
-rwxr-Sr– 1 root root 0 Jul  3 17:23 file2    <——————-rwxr-Sr–

 

Enjoy Linux ….it Works….!!

( Do Comment or share if you liked this post )

Download PDF

CEO, KV IT-Solutions Pvt. Ltd. | [email protected] | 9810028374|
Linux Professional and an Industrial Trainer | 20 + years Experience in IT Industry

” We are born free, No Gate and Windows can snatch our freedom “

SIMILAR ARTICLES

0 1574

0 1206

0 1101

NO COMMENTS

Leave a Reply