Information Technology Reference
In-Depth Information
The
setgid
permission has an absolute mode of 2000 and a symbolic mode
of
s
when used with the
chmod
command.
The group execution permission must be set in order for the
setgid
to be effective.
The setgid permission is shown as
s
in the group account execution permission field
of the output of an
ls
command. Normally, group execution permission is shown as
an
x
in the
ls
output. If
setgid
is added to a file without group execution permission,
this enables mandatory locking on the file. This is shown as
l
in the group execution
permission field of an
ls
command.
The following listing shows the
chmod
command being used to add and
remove the
setgid
permission from a file. Note in the third
chmod
example,
that if
setgid
is added (
g+s
) to a file that does not have group execution per-
mission, mandatory locking permission is enabled instead of
setgid
.
# ls -l file1
-rwxr-xr-- 1 ambro other 636 Jul 24 12:42 file1
# chmod g+s file1
# ls -l list
-rwxr-sr-- 1 ambro other 636 Jul 24 12:42 file1
# chmod 764 file1
# ls -l
-rwxrw-r-- 1 ambro other 636 Jul 24 12:42 file1
# chmod g+s file1
# ls -l
-rwxrwlr-- 1 ambro other 636 Jul 24 12:42 file1
#
Another special file permission is the
sticky bit.
When the sticky bit is set on
a directory that allows write permission for everyone, only the user account
that created files and subdirectories under the directory can remove those
files and subdirectories. This is especially useful with the
/tmp
directory,
which is available from any user account.
The sticky bit permission has an absolute mode of 1000 and a symbolic mode
of
t
when used with the
chmod
command. This permission is shown as
t
in
the other account execution permission field in the output of an
ls
com-
mand, but it is considered a user account (owner) permission. The following
listing shows the
chmod
command being used to remove and then add the
sticky bit permission to a directory:
# ls -ld /tmp
drwxrwxrwt 7 sys sys 410 Jul 28 03:30 /tmp
# chmod u-t /tmp
# ls -ld /tmp
drwxrwxrwx 7 sys sys 410 Jul 28 03:30 /tmp
# chmod 1777 /tmp
# ls -ld /tmp
drwxrwxrwt 7 sys sys 410 Jul 28 03:30 /tmp
#
