SGID

Energyfellow · 11-24-2013, 07:38 AM

Hello,

I'm struggling with the SGID command.

Given the following situation:

----rws--- 1 simon simon 233 nov 24 13:52 hosts

Why can't a user open/edit this file?

Thanks in advance,
Simon

bknapek · 11-25-2013, 05:35 AM

You mean why user simon can't access the file?
That is because you took away all user permissions for the poor guy.

If you changed the file to be owned by anybody else, but still the simon group, e.g.:

----rw---- 1 nobody simon 233 nov 25 12:29 hosts

then simon will be able to r/w the file.

The s-bit is intended for files that you execute, or directories.
It does not directly influence access permissions.

Energyfellow · 11-25-2013, 07:12 AM

Bknapek,

Thanks for the reply.
I intentionnaly thought that, SGID meant that, whenever someone tried to open the file, he/she automatically got the grouppermissions.
However, I now realize that SGID means that, for exemple: every file made in a directory automatically belongs to the specified group if there's a (recursive) SGID on the directory.

Thank you for your answer,
Simon

bknapek · 11-25-2013, 01:59 PM

If you want user simon to be able to access certain files, then you could use ACLs.

The following command:

setfacl -m u:simon:rw hosts

will create an exemption to the standard access rights and will allow user simon to rw the file.

You can check with:

getfacl hosts
# file: hosts
# owner: root
# group: root
user::rw-
user:simon:rw-
group::r--
mask::rw-
other::r--

You can apply ACL also to directories - use with care :-)

cheers!