DISCLAIMER: Please note that blog owner takes no responsibility of any kind for any type of data loss or damage by trying any of the command/method mentioned in this blog. You may use the commands/method/scripts on your own responsibility.
If you find something useful, a comment would be appreciated to let other viewers also know that the solution/method work(ed) for you.


What is SGID and how to set SGID in Linux?

What is SGID?


SGID (Set Group ID up on execution) is a special type of file permissions given to a file/folder. Normally in Linux/Unix when a program runs, it inherits access permissions from the logged in user. SGID is defined as giving temporary permissions to a user to run a program/file with the permissions of the file group permissions to become member of that group to execute the file. In simple words users will get file Group’s permissions when executing a Folder/file/program/command.
SGID is similar to SUID. The difference between both is that SUID assumes owner of the file permissions and SGID assumes group’s permissions when executing a file instead of logged in user inherit permissions.

 

Learn SGID with examples:


Example: Linux Group quota implementation
 
When implementing Linux Group quota for group of people SGID plays an important role in checking the quota timer. SGID bit set on folder is used to change their inherit permissions to group’s permissions to make it as single user who is dumping data. So that group members whoever dumps the data the data will be written with group permissions and in turn quota will be reduced centrally for all the users. For clear understanding of this you have to implement group quota from the above link. Without implementation of SGID the quota will not be effective.

How can I setup SGID for a file?


SGID can be set in two ways

1) Symbolic way (s)

2) Numerical/octal way (2, SGID bit as value 2)
 
Use chmod command to set SGID on file: file1.txt

Symbolic way:
 
chmod g+s file1.txt
 
Let me explain above command we are setting SGID(+s) to group who owns this file.

Numerical way:
 
chmod 2750 file1.txt
 
Here in 2750, 2 indicates SGID bitset, 7 for full permissions for owner, 5 for read and execute permissions for group, and no permissions for others.
 
How can I check if a file is set with SGID bit or not?
 
Use ls –l to check if the x in group permissions field is replaced by s or S
For example: file1.txt listing before and after SGID set

Before SGID set:
ls -l

total 8

-rwxr--r-- 1 xyz xyzgroup 148 Dec 22 03:46 file1.txt
 
After SGID set:
ls -l

total 8

-rwxr-sr-- 1 xyz xyzgroup 148 Dec 22 03:46 file1.txt 
 
Some FAQ’s related to SGID:

 
Where is SUID used?
 
1) When implementing Linux group disk quota.
I am seeing “S” ie Capital s in the file permissions, what’s that?
After setting SUID or SGID to a file/folder if you see ‘S’ in the file permission area that indicates that the file/folder does not have executable permissions for that user or group on that particular file/folder.
chmod g+s file1.txt
output:
-rwxrwSr-x 1 surendra surendra 0 Dec 27 11:24 file1.txt



so if you want executable permissions too, apply executable permissions to the file.
chmod g+x file1.txt
output:
-rwxrwsr-x 1 surendra surendra 0 Dec 5 11:24 file1.txt




How can I find all the SGID set files in Linux/Unix.
 
find / -perm +2000
The above find command will check all the files which is set with SGID bit(2000).


Can I set SGID for folders?
Yes, you can if it’s required (you should remember one thing, that Linux treats everything as a file)
How can I remove SGID bit on a file/folder?

chmod g-s file1.txt

Do you like this story?

No comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...