Click on each book below to review & buy on Amazon.

As an Amazon Associate, I earn from qualifying purchases.

View on Amazon

View on Amazon

View on Amazon

View on Amazon

---

RHCSA - Create & Configure File Systems: Create & Configure Set-GID Directories For Collaboration

Set Group ID (GID) Overview

In Linux file permissions, the "setgid" (set group ID) is a special attribute that can be applied to directories. When setgid is enabled on a directory, new files and subdirectories created within that directory inherit the group ownership of the parent directory, rather than the creating user's group. This facilitates shared group access to files and is particularly useful for collaborative projects, ensuring consistent group ownership for effective teamwork and file management.

Lesson Setup

To be able to follow along with this lesson you will need two users which we will call setgid_user1 & setgid_user2. You will also create a group called setguid_group that the users will be assigned.

A future lesson goes into detail on how to setup users and groups.

Setup setgid_user1 & setgid_user2 users and setgid_group group:

Create users and groups:

sudo useradd setgid_user1

sudo useradd setgid_user2

sudo groupadd --users setgid_user1,setgid_user2 setgid_group

Assign password to users:

echo 'password123!' | sudo passwd --stdin setgid_user1

echo 'password123!' | sudo passwd --stdin setgid_user2

Setting Up a Directory for Group Collaboration

Create a Group Directory with Set-GID Set

When the setgid permission is set on a directory, it has a slightly different effect compared to regular file permissions. Normally, when a new file or directory is created within a directory, it inherits the group ownership of the parent directory. However, with the setgid permission enabled on a directory, new subdirectories and files created within it inherit the group ownership of the parent directory, rather than the group ownership of the user creating the subdirectory.

To assign set-GID to a directory you can use the chmod command with option g+s when using symbolic mode, or you can set it by adding a 2 to the front of the octal permissions.

Create a directory and assign set-GID permission:

Set up directory with correct permissions & ownership:

sudo mkdir -p /groups/setgid_group

sudo chmod 2770 /groups/setgid_group

sudo chgrp setgid_group /groups/setgid_group

Confirm permission and ownership:

ls -ld /groups/setgid_group

The output shows a lower s in the group execute column indicating that the directory has both set-gid & execute permissions set. If it was an upper S, this would indicate set-gid being set but no execute permission set:

drwxrws---. 2 root setgid_group 6 Aug  8 08:32 /groups/setgid_group

Set-GID Testing

Now the directory is setup for group collaboration, you will want to test that newly created files and directories do inherit the group ownership. To run this test you will first create a file & directory in each users home directory to confirm expect group ownership, before running the same test in the setgid_group directory to observe the difference.

Create files and directories in setgid_user1 & setgid_user2 home directories:

Switch to user setgid_user1 ( Password = password123! ):

su - setgid_user1

Create a directory and file:

mkdir setgid_user1.dir
touch setgid_user1.file

Confirm ownership of the directory and file:

ls -ld setgid_user1.dir setgid_user1.file

The output shows that the group ownership of the directory and file as being setgid_user1:

drwxr-xr-x. 2 setgid_user1 setgid_user1 6 Aug  8 08:46 setgid_user1.dir
-rw-r--r--. 1 setgid_user1 setgid_user1 0 Aug  8 08:46 setgid_user1.file

Logout of from setgid_user1:

exit

Switch to user setgid_user2 ( Password = password123! ):

su - setgid_user2

Create a directory and file:

mkdir setgid_user2.dir
touch setgid_user2.file

Confirm ownership of the directory and file:

ls -ld setgid_user2.dir setgid_user2.file

The output shows that the group ownership of the directory and file as being setgid_user2:

drwxr-xr-x. 2 setgid_user2 setgid_user2 6 Aug  8 08:49 setgid_user2.dir
-rw-r--r--. 1 setgid_user2 setgid_user2 0 Aug  8 08:49 setgid_user2.file

Logout of from setgid_user2:

exit

Now we have seen how the group ownership display in a normal situation, it is now time to see how the ownership looks when set-GID is applied.

Create files and directories as setgid_user1 in /groups/setgid_group for collaborating on:

Switch to user setgid_user1 ( Password = password123! ):

su - setgid_user1

Change to /groups/setgid_group directory and create a directory and file, with the file permission only set for user and group access:

cd /groups/setgid_group
mkdir setgid_user1.dir
echo 'Created by setgid_user1' > setgid_user1.file
chmod 660 setgid_user1.file

Confirm ownership of the directory and file:

ls -ld setgid_user1.dir setgid_user1.file

The output shows that the group ownership of the directory and file as being setgid_group, meaning the set-GID has worked:

drwxr-sr-x. 2 setgid_user1 setgid_group 6 Aug  8 08:54 setgid_user1.dir
-rw-rw----. 1 setgid_user1 setgid_group 0 Aug  8 08:54 setgid_user1.file

Logout of from setgid_user1:

exit

Ensure user setgid_user2 can access the file created by setgid_user1:

Switch to user setgid_user1 ( Password = password123! ):

su - setgid_user1

View contents of /groups/setgid_group/setgid_user1.file:

cat /groups/setgid_group/setgid_user1.file

The contents of the file should be displayed:

Created by setgid_user1

---

Support DTV Linux

Click on each book below to review & buy on Amazon. As an Amazon Associate, I earn from qualifying purchases.

View on Amazon

View on Amazon

View on Amazon

View on Amazon

NordVPN ®: Elevate your online privacy and security. Grab our Special Offer to safeguard your data on public Wi-Fi and secure your devices. I may earn a commission on purchases made through this link.