LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 01-11-2008, 11:02 AM   #1
xp_newbie
Member
 
Registered: Nov 2006
Posts: 86

Rep: Reputation: 16
Question What does setgid do? (on a text file)


I know what setgid does for directories and binary executable files - there is a very nice article about it in Wikipedia:

http://en.wikipedia.org/wiki/Setgid

But what is the effect of setgid (i.e. chmod g+s) on a text file?

Is this defined at all?

Or this simply have no influence on the file?

Thanks!
Alex
 
Old 01-11-2008, 01:21 PM   #2
ramram29
Member
 
Registered: Jul 2003
Location: Miami, Florida, USA
Distribution: Debian
Posts: 848
Blog Entries: 1

Rep: Reputation: 47
You setgid on a directory so that any new files created by a user under that directory will be assigned the setgid group as the group owner. In other words, which group do you want to have rigths to the file, the default group that the creating user belongs to or the group that the directory belongs to? Do you want only the user to be able to modify this file or the user and another group? setgid is only relevant for directories, think about it.
 
Old 01-11-2008, 01:39 PM   #3
xp_newbie
Member
 
Registered: Nov 2006
Posts: 86

Original Poster
Rep: Reputation: 16
Lightbulb

ramram29, thank you for your quick reply.

I am afraid I don't understand your answer since in my understanding it is self-contradicting: On one hand you say:
Quote:
You setgid on a directory so that any new files created by a user under that directory will be assigned the setgid group as the group owner
On the other hand you say:
Quote:
setgid is only relevant for directories
On the third hand, the documentation clearly says that setgid is relevant not only for directories but also for binary executable files.

So there is a contradiction here and despite the excellent article in Wikipedia (and reading the 'man' page, of course), I haven't been able to figure out what setgid does for a text file.

Any idea?

Thanks,
Alex
 
Old 01-11-2008, 03:30 PM   #4
ramram29
Member
 
Registered: Jul 2003
Location: Miami, Florida, USA
Distribution: Debian
Posts: 848
Blog Entries: 1

Rep: Reputation: 47
This is what I know. Let's say you have a directory called /home/manuscripts owned by the group writers. The default group of the user-account 'johnw' (John Wayne) is actors.

When johnw saves any file it is usually saved with permissions johnw.actors unless there is a sticky bit set on the directory.

We want to setup /home/manuscripts with a stickybit so that johnw can create new files in there and the writers can then write to those files he created and so can he. However, he can only modify the files that he created and not all the other files in there - the writers want to be able to edit johnw files but they don't want him to edit their files. How do you do that?

chgrp writers /home/manuscripts
chmod 02775 /home/manuscripts

When he saves the file it will be owned by him and by the group writers. Now john can read all the files in /home/manuscripts but he can only edit his own files, while the writers group can edit all the files including his files too.
 
Old 01-11-2008, 04:17 PM   #5
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682
If you have a directory with the suid bit set, files copied into it will have the group ownership changed to the group ownership of the directory itself. If you move or create a file there, it will retain the original ownership.
Code:
jschiwal@hpamd64:/tmp> ls -ld testdir/
drwsrwsrwt 2 testuser testuser 4096 Jan 11 15:13 testdir/
jschiwal@hpamd64:/tmp> touch test6
jschiwal@hpamd64:/tmp> cp test6 testdir/
jschiwal@hpamd64:/tmp> ls -l testdir
total 0
-rw------- 1 jschiwal jschiwal 0 Jan 11 15:06 test1
-rw------- 1 jschiwal jschiwal 0 Jan 11 15:07 test2
-rw------- 1 jschiwal testuser 0 Jan 11 15:08 test3
-rw-r--r-- 1 testuser testuser 0 Jan 11 15:12 test4
-rw------- 1 jschiwal testuser 0 Jan 11 15:13 test5
-rw------- 1 jschiwal testuser 0 Jan 11 15:16 test6
Note how the suid bit set on the directory doesn't change the ownership. Also, suid isn't supported on scripts in Linux.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Steps needed to convert multiple text files into one master text file jamtech Programming 5 10-08-2007 12:24 AM
in Pascal: how to exec a program, discard text output or send to text file Valkyrie_of_valhalla Programming 6 05-02-2007 10:50 AM
how to change some text of a certain line of a text file with bash and *nix scripting alred Programming 6 07-10-2006 12:55 PM
Which light text editor can copy text from file and paste in browser? davidas Linux - Software 9 03-06-2006 12:28 PM
How to find and change a specific text in a text file by using shell script Bassam Programming 1 07-18-2005 08:15 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:42 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration