Sunday, May 5, 2019

Understanding Special Permission SGID in Linux

In my earlier posts I had explained about other Special Permission used in Linux i.e. SUID and STICKY BIT

So let me help you understand SGID and its usage with some practical examples.

SGID:

This is an abbreviation used for Set Group ID. This is a permission assigned to any file or directory to give normal group members additional authority of running that file with a privilege of group owner.
 
This is something very similar to which I explained here for SUID with a little difference that this time you are assigning permission to a complete group and its group members instead of assigning the permission to one particular user.
 
For example you have some executable file and you want all the group members of sysadmin to be able to execute it but that file can only be run as root so you assign a SGID over that file and now all the members of sysadmin team will be able to run the file with the permission of root.
 

Assigning SGID permission :

There are two ways to assign SGID
  1. Octal (2)
  2. Symbolic (g+s)
Octal (2) :
# chmod 2755 /myscript.sh

# ls -l
-rwxr-sr-x. 1 root root      0 Oct 16 11:33 /myscript.sh

Symbolic (g+s) :
# chmod g+s /myscript.sh

# ls -l
-rwxr-sr-x. 1 root root      0 Oct 16 11:33 /myscript.sh

Removing SGID permission

Octal (2) :
# chmod 0755 /myscript.sh

# ls -l
-rwxr-xr-x. 1 root root      0 Oct 16 11:33 /myscript.sh

Symbolic (g-s) :
# chmod g-s /myscript.sh

# ls -l
-rwxr-xr-x. 1 root root      0 Oct 16 11:33 /myscript.sh

Understanding difference between Capital (S) and small (s) in SGID

Now when you assign SGID permission you might sometimes see a Capital (S) instead of a small (s) in the group permission section. This does not makes much difference instead if gives you an additional information if that file is having group executable permission or not. If you get Capital S it means there is not executable permission and the same if you have small s it means the file is having group executable permission.
 
For example:
Before applying SGID without executable permission on user owner
# chmod 655 /myscript.sh
# ls -l
 -rwxrw-rw-. 1 root root 0 Oct 16 11:35 /myscript.sh

After applying SGID without executable permission on user owner
# chmod 2655 /myscript.sh
# ls -l
-rwxrwSrw-. 1 root root 0 Oct 16 11:35 /myscript.sh

Before applying SGID with executable permission on user owner
# chmod 755 /myscript.sh
# ls -l
-rwxrwxrw-. 1 root root 0 Oct 16 11:36 /myscript.sh

After applying SGID with executable permission on user owner
# chmod 2755 /myscript.sh
# ls -l
-rwxrwsrw-. 1 root root 0 Oct 16 11:36 /myscript.sh

So I hope you have got my point of view and must have understood the difference between capital (S) and small (s)

Finding all the executable files with SGID
# find / -perm +2000
where +2000 is the ID we use for assigning permission in octal method.
Share:

0 comments:

Post a Comment