• VMware

    Learn about VMware virtualization for its products like vsphere ESX and ESXi, vCenter Server, VMware View, VMware P2V and many more

  • Linux

    Step by step configuration tutorials for many of the Linux services like DNS, DHCP, FTP, Samba4 etc including many tips and tricks in Red Hat Linux.

  • Database

    Learn installation and configuration of databases like Oracle, My SQL, Postgresql, etc including many other related tutorials in Linux.

  • Life always offers you a second chance ... Its called tomorrow !!!

    Thursday, March 07, 2013

    Understanding Special Permission SGID in Linux

    In my earlier posts I had explained about other Special Permission used in Linux i.e. SUID and STICKY BIT

    So let me help you understand SGID and its usage with some practical examples.

    SGID:

    This is an abbreviation used for Set Group ID. This is a permission assigned to any file or directory to give normal group members additional authority of running that file with a privilege of group owner.

    This is something very similar to which I explained here for SUID with a little difference that this time you are assigning permission to a complete group and its group members instead of assigning the permission to one particular user.

    For example you have some executable file and you want all the group members of sysadmin to be able to execute it but that file can only be run as root so you assign a SGID over that file and now all the members of sysadmin team will be able to run the file with the permission of root.

    Assigning SGID permission :

    There are two ways to assign SGID
    1. Octal (2)
    2. Symbolic (g+s)
    Octal (2) :
    # chmod 2755 /myscript.sh

    # ls -l
    -rwxr-sr-x. 1 root root      0 Oct 16 11:33 /myscript.sh

    Symbolic (g+s) :
    # chmod g+s /myscript.sh

    # ls -l
    -rwxr-sr-x. 1 root root      0 Oct 16 11:33 /myscript.sh

    Removing SGID permission

    Octal (2) :
    # chmod 0755 /myscript.sh

    # ls -l
    -rwxr-xr-x. 1 root root      0 Oct 16 11:33 /myscript.sh

    Symbolic (g-s) :
    # chmod g-s /myscript.sh

    # ls -l
    -rwxr-xr-x. 1 root root      0 Oct 16 11:33 /myscript.sh

    Understanding difference between Capital (S) and small (s) in SGID

    Now when you assign SGID permission you might sometimes see a Capital (S) instead of a small (s) in the group permission section. This does not makes much difference instead if gives you an additional information if that file is having group executable permission or not. If you get Capital S it means there is not executable permission and the same if you have small s it means the file is having group executable permission.

    For example:
    Before applying SGID without executable permission on user owner
    # chmod 655 /myscript.sh
    # ls -l
     -rwxr
    w-rw-. 1 root root 0 Oct 16 11:35 /myscript.sh

    After applying SGID without executable permission on user owner
    # chmod 2655 /myscript.sh
    # ls -l
    -rwxrwSrw-. 1 root root 0 Oct 16 11:35 /myscript.sh

    Before applying SGID with executable permission on user owner
    # chmod 755 /myscript.sh
    # ls -l
    -rwxrwxrw-. 1 root root 0 Oct 16 11:36 /myscript.sh

    After applying SGID with executable permission on user owner
    # chmod 2755 /myscript.sh
    # ls -l
    -rwxrwsrw-. 1 root root 0 Oct 16 11:36 /myscript.sh

    So I hope you have got my point of view and must have understood the difference between capital (S) and small (s)

    Finding all the executable files with SGID
    # find / -perm +2000
    where +2000 is the ID we use for assigning permission in octal method.

    Follow the below links for more tutorials
    What is a Kernel in Linux?
    How does a DNS query works when you type a URL on your browser?
    How to create password less ssh connection for multiple non-root users
    How to create user without useradd command in Linux
    How to unlink/delete a symbolic in Linux
    How to give normal user root privileges using sudo in Linux/Unix
    How to do Ethernet/NIC bonding/teaming in Red Hat Linux
    How to install/uninstall/upgrade rpm package with/without dependencies
    How to extract files to different directory using tar in Unix/Linux
    How to preserve Symbolic links with tar command in Unix/Linux
    How to give permission to user to run some commands in Linux
    How to set environment (PATH) variable permanently in Linux
    How to mount windows share on linux


    0 comments:

    Post a Comment