Re: Security & UID, GID?
On Wed, 29 Sep 1999, Art Lemasters wrote:
> has had its group permission changed to from x to s without my doing
> so, a couple of times. For example, in the /home directory, one user
This is fine. Depending on the user this may be helpful or even
necessary. Is it a real human or a program that owns that directory?
> I did not manually chmod the permissions that way. What
> might have caused this, and what are the implications, anyone?
Setting +s group on a directory means that new files created in that
directory will be group-owned by the owner of the directory instead of the
current group of the user. It does not grant g+s to those files
themselves, and of course the actual owner of the file can change the
group owner to anything he wants. It is merely a convenience - for
example, you have two users collaborating on something. They both belong
to group 'project' and agree to store their stuff in a particular
directory owned by group 'project'. Normally both users belong to group
'users' - that won't work for this though, because then everybody on the
system could tinker with their stuff. So they set g+s on the 'project'
directory. Now, all the files they create in there are group-owned by
project, so they can both modify them, but other users can't.
Of course, there are a variety of uses for this setgid ability of
directories - that's just an example.
Reply to: