Special Permissions (SUID,SGID and StickyBit ) In Linux :: SGID Bit: ...

Special Permissions (SUID,SGID and StickyBit ) In Linux :: SGID Bit: Part- 2/3

by -
0 740

SGID BIT (Set-group identification )

SGID permission on executable file
SGID permission is similar to the SUID permission, only difference is, when the script or command with SGID on is run, it runs as if it were a member of the same group in which the file is a member

SGID on a directory

When SGID permission is set on a directory, files created in the directory belong to the group of which the directory is a member.
For example if a user having write permission in the directory creates a file there, that file is a member of the same group as the directory and not the user’s group.
This is very useful in creating shared directories.

How can I setup SGID  ?

Sticky Bit can be set in two ways

  1. Symbolic way (s,represents SGID bit)
  2. Numerical/octal way (2, SGID Bit bit as value 2)

 Use chmod command to set SGID bit to a file

Symbolic way:

chmod g+s  file1

 sgid bit   is applied on  file file1

Or we can use Numerical ways to implement SGID bit

Numerical way:

chmod 2757 file1

Here in 2757, 2 indicates SGID  Bit set, 7 for full permissions for owner, 5 for read and execute permissions for group, and full permissions for others.

Checking if a file is set with SGID  Bit or not?

Use ls -l to check if the x in others permissions field is replaced by s or S

For example:  file  file1 listing before and after SGID  Bit set

Before Sticky Bit set:

[root@gateway1 ~]# touch file1
[root@gateway1 ~]#
[root@gateway1 ~]# ls -l
total 0
-rw-r–r– 1 root root 0 Jul  3 17:19 file1    <——— before forcing  SGID bit
[root@gateway1 ~]#
[root@gateway1 ~]#
[root@gateway1 ~]# chmod 2757 file1
[root@gateway1 ~]#  ls -l
total 0
-rwxr-srwx 1 root root 0 Jul  3 17:19 file1    <- after  force SGID bit
-rwxr-srwx        <—here  s   stand for SGID bit here

 

Difference between s   and  S  here in SGID bit :

Here we created two files file2 nad file3 with different permission

[root@gateway1 ~]# touch file2
[root@gateway1 ~]# chmod 777 file2
[root@gateway1 ~]# touch file3
[root@gateway1 ~]# ls -l
-rw-r–r– 1 root root 0 Jul  3 17:24 file3
[root@gateway1 ~]# ls – l
total 0
-rwxrwxrwx 1 root root 0 Jul  3 17:23 file2
-rw-r–r– 1 root root 0 Jul  3 17:24 file3

now force SGID bit  on both

[root@pc2 /]# chmod g+s  file2
[root@pc2 /]# chmod g+s   file3

Now show list

[root@gateway1 ~]# ls -l

total 0

-rwxrwsrwx 1 root root 0 Jul  3 17:23 file2  <—     -rwxrwsrwx

-rwxr-Sr– 1 root root 0 Jul  3 17:24 file3      <– —-     -rwxr-Sr–

 

[root@gateway1 ~]#

here small s means permission executive share with SGID bit ( x+ sgid bit =s ) and capital S means  here no executive permission is available here ( – + sgid bit =S )

suppose you have permission 755 on file1 and 644 on directory  file2  you can force SUID bit by numerical way too

[root@pc2 /]# chmod 4755 file1               <——— here 2 represent SGID bit

[root@pc2 /]# chmod 1644 file2              <——— here 2 represent SGID  bit

 

Result will be like

[root@gateway1 ~]# ls -l

total 0

-rwxr-sr-x 1 root root 0 Jul  3 17:19 file1   <——————rwxr-sr-x
-rwxr-Sr– 1 root root 0 Jul  3 17:23 file2    <——————-rwxr-Sr–

 

Enjoy Linux ….it Works….!!

( Do Comment or share if you liked this post )

CEO, KV IT-Solutions Pvt. Ltd. | vikas@kvit.in | 9810028374|
Linux Professional and an Industrial Trainer | 20 + years Experience in IT Industry

” We are born free, No Gate and Windows can snatch our freedom “

Download PDF

SIMILAR ARTICLES

0 1037

0 697

NO COMMENTS

Leave a Reply

Required Captcha *