Click on each book below to review & buy on Amazon.
As an Amazon Associate, I earn from qualifying purchases.
RHCSA - Create & Configure File Systems: Create & Configure Set-GID Directories For Collaboration
Set Group ID (GID) Overview
In Linux file permissions, the "setgid" (set group ID) is a special attribute that can be applied to directories. When setgid is enabled on a directory, new files and subdirectories created within that directory inherit the group ownership of the parent directory, rather than the creating user's group. This facilitates shared group access to files and is particularly useful for collaborative projects, ensuring consistent group ownership for effective teamwork and file management.
Lesson Setup
To be able to follow along with this lesson you will need two users which we will call setgid_user1
& setgid_user2
. You will also create a group called setguid_group
that the users will be assigned.
A future lesson goes into detail on how to setup users and groups.
Setup setgid_user1
& setgid_user2
users and setgid_group
group:
Create users and groups:
sudo useradd setgid_user1
sudo useradd setgid_user2
sudo groupadd --users setgid_user1,setgid_user2 setgid_group
Assign password to users:
echo 'password123!' | sudo passwd --stdin setgid_user1
echo 'password123!' | sudo passwd --stdin setgid_user2
Setting Up a Directory for Group Collaboration
Create a Group Directory with Set-GID Set
When the setgid permission is set on a directory, it has a slightly different effect compared to regular file permissions. Normally, when a new file or directory is created within a directory, it inherits the group ownership of the parent directory. However, with the setgid permission enabled on a directory, new subdirectories and files created within it inherit the group ownership of the parent directory, rather than the group ownership of the user creating the subdirectory.
To assign set-GID to a directory you can use the chmod
command with option g+s
when using symbolic mode, or you can set it by adding a 2
to the front of the octal permissions.
Create a directory and assign set-GID permission:
Set up directory with correct permissions & ownership:
sudo mkdir -p /groups/setgid_group
sudo chmod 2770 /groups/setgid_group
sudo chgrp setgid_group /groups/setgid_group
Confirm permission and ownership:
ls -ld /groups/setgid_group
The output shows a lower s
in the group execute column indicating that the directory has both set-gid & execute permissions set. If it was an upper S
, this would indicate set-gid being set but no execute permission set:
drwxrws---. 2 root setgid_group 6 Aug 8 08:32 /groups/setgid_group
Set-GID Testing
Now the directory is setup for group collaboration, you will want to test that newly created files and directories do inherit the group ownership. To run this test you will first create a file & directory in each users home directory to confirm expect group ownership, before running the same test in the setgid_group
directory to observe the difference.
Create files and directories in setgid_user1
& setgid_user2
home directories:
Switch to user setgid_user1
( Password = password123! ):
su - setgid_user1
Create a directory and file:
mkdir setgid_user1.dir
touch setgid_user1.file
Confirm ownership of the directory and file:
ls -ld setgid_user1.dir setgid_user1.file
The output shows that the group ownership of the directory and file as being setgid_user1
:
drwxr-xr-x. 2 setgid_user1 setgid_user1 6 Aug 8 08:46 setgid_user1.dir
-rw-r--r--. 1 setgid_user1 setgid_user1 0 Aug 8 08:46 setgid_user1.file
Logout of from setgid_user1
:
exit
Switch to user setgid_user2
( Password = password123! ):
su - setgid_user2
Create a directory and file:
mkdir setgid_user2.dir
touch setgid_user2.file
Confirm ownership of the directory and file:
ls -ld setgid_user2.dir setgid_user2.file
The output shows that the group ownership of the directory and file as being setgid_user2
:
drwxr-xr-x. 2 setgid_user2 setgid_user2 6 Aug 8 08:49 setgid_user2.dir
-rw-r--r--. 1 setgid_user2 setgid_user2 0 Aug 8 08:49 setgid_user2.file
Logout of from setgid_user2
:
exit
Now we have seen how the group ownership display in a normal situation, it is now time to see how the ownership looks when set-GID is applied.
Create files and directories as setgid_user1
in /groups/setgid_group
for collaborating on:
Switch to user setgid_user1
( Password = password123! ):
su - setgid_user1
Change to /groups/setgid_group
directory and create a directory and file, with the file permission only set for user and group access:
cd /groups/setgid_group
mkdir setgid_user1.dir
echo 'Created by setgid_user1' > setgid_user1.file
chmod 660 setgid_user1.file
Confirm ownership of the directory and file:
ls -ld setgid_user1.dir setgid_user1.file
The output shows that the group ownership of the directory and file as being setgid_group
, meaning the set-GID has worked:
drwxr-sr-x. 2 setgid_user1 setgid_group 6 Aug 8 08:54 setgid_user1.dir
-rw-rw----. 1 setgid_user1 setgid_group 0 Aug 8 08:54 setgid_user1.file
Logout of from setgid_user1
:
exit
Ensure user setgid_user2
can access the file created by setgid_user1
:
Switch to user setgid_user1
( Password = password123! ):
su - setgid_user1
View contents of /groups/setgid_group/setgid_user1.file
:
cat /groups/setgid_group/setgid_user1.file
The contents of the file should be displayed:
Created by setgid_user1
Support DTV Linux
Click on each book below to review & buy on Amazon. As an Amazon Associate, I earn from qualifying purchases.
NordVPN ®: Elevate your online privacy and security. Grab our Special Offer to safeguard your data on public Wi-Fi and secure your devices. I may earn a commission on purchases made through this link.