Revision as of 15:26, 16 June 2008 by Derek (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

The setgid bit works in two ways, one for files and one for directories.

SetGID Files

The setgid bit for files will force when a file is executed to set its group ID to the GID that of the binary instead of the user that is running it. This mode has no effect for files that are not executable. To a lesser extent than setuid this can lead to security issues when the group in question has some files that would be allowed to be read or written when otherwise not permitted. There are very limited uses for this feature these days and its use is discouraged.

SetGID Directories

SetGID directories have a much more beign behavior. When this bit is set on a directory all filesystem creations underneath that directory will inherit the group from the directory. This is the prefered way to setting a r