SGID is Set Group ID.
When SGID is used?
Eg:
You are manger of teamA and teamA has 2 engineers E1, E2.
You will be assigning a project to teamA so that all two engineers should work on this project. You will create a folder /project.
teamA group is created and E1,E2 users are assigned to the group.
You will set group permission of the folder as below.
ls -ld /project
drwxrwx---. 2 root teamA 6 Aug 31 08:39 /project
Now E1,E2 can create files inside the project folder as shown below.
-rw-rw-r--. 1 E1 E1 0 Aug 31 08:45 e1_file.txt -- > file created by E1 user
-rw-rw-r--. 1 E2 E2 0 Aug 31 08:46 e2_file.txt --> file created by E2 user.
Here the problem is E2 cannot edit or change E1 file and vice versa since the file permission for group is assigned of the user.
To fix this, the group permission of the files should be changed to teamA. In other words, when file gets created permission from the project folder should be automatically assigned to files inside the folder. For this SGID is used.
Command:
To set:
chmod g+s <dir>
To unset:
chmod g-s <dir>
eg:
# chmod g+s /project
# ls -ld /project/
drwxrws---. 2 root teamA 42 Aug 31 08:46 /project/
You will notice S in group permission for the folder.
Now any files created by user E1, E2 will have permission as below and E1, E2 user can edit/change each others file.
-rw-rw-r--. 1 E1 teamA 0 Aug 31 09:02 e1_newfile.txt --> file created with user E1
-rw-rw-r--. 1 E2 teamA 0 Aug 31 09:03 e2_newfile.txt --> file created with user E2
Note: Risk here is E1 can delete file of E2 and E2 can delete file of E1. To overcome this Stick bit is used.
N
When SGID is used?
Eg:
You are manger of teamA and teamA has 2 engineers E1, E2.
You will be assigning a project to teamA so that all two engineers should work on this project. You will create a folder /project.
teamA group is created and E1,E2 users are assigned to the group.
You will set group permission of the folder as below.
ls -ld /project
drwxrwx---. 2 root teamA 6 Aug 31 08:39 /project
Now E1,E2 can create files inside the project folder as shown below.
-rw-rw-r--. 1 E1 E1 0 Aug 31 08:45 e1_file.txt -- > file created by E1 user
-rw-rw-r--. 1 E2 E2 0 Aug 31 08:46 e2_file.txt --> file created by E2 user.
Here the problem is E2 cannot edit or change E1 file and vice versa since the file permission for group is assigned of the user.
To fix this, the group permission of the files should be changed to teamA. In other words, when file gets created permission from the project folder should be automatically assigned to files inside the folder. For this SGID is used.
Command:
To set:
chmod g+s <dir>
To unset:
chmod g-s <dir>
eg:
# chmod g+s /project
# ls -ld /project/
drwxrws---. 2 root teamA 42 Aug 31 08:46 /project/
You will notice S in group permission for the folder.
Now any files created by user E1, E2 will have permission as below and E1, E2 user can edit/change each others file.
-rw-rw-r--. 1 E1 teamA 0 Aug 31 09:02 e1_newfile.txt --> file created with user E1
-rw-rw-r--. 1 E2 teamA 0 Aug 31 09:03 e2_newfile.txt --> file created with user E2
Note: Risk here is E1 can delete file of E2 and E2 can delete file of E1. To overcome this Stick bit is used.
N
Comments
Post a Comment