Difference between “chmod 775” and “chmod 2755”

 linux - Difference between "chmod 775" and "chmod 2755" - Unix & Linux Stack Exchange

from man chmod:

2000    (the setgid bit).  Executable files with this bit set will
        run with effective gid set to the gid of the file owner.

The 2 in front of 775 is the setgid or "group id".

What is setgid (set group ID) bit used for?

The setgid affects both files as well as directories.

  1. When setgid permission is applied to a directory, files that were created in this directory belong to the group to which the directory belongs. Any user who has write and execute permissions in the directory can create a file there. However, the file belongs to the group that owns the directory, not to the user's group ownership. Files in that directory will have the same group as the group of the parent directory.

  2. When used on a file, it executes with the privileges of the group of the user who owns it instead of executing with those of the group of the user who executed it.

Sources:

https://www.geeksforgeeks.org/setuid-setgid-and-sticky-bits-in-linux-file-permissions/ https://docs.oracle.com/cd/E19683-01/816-4883/secfile-69/index.html

More on group ids:

At login, the password file (/etc/passwd) looks up your login user ID and determines your numeric user ID and one initial group user ID. The group file (/etc/group) then assigns to you your other group IDs (if any). The system then starts up a shell that runs as your unique numeric user ID and also has the permissions of all your numeric group IDs (one or more).

Source: http://teaching.idallen.com/cst8207/13w/notes/500_permissions.html#users-one-user-id-and-multiple-group-ids

How to set a group id to a directory:

chmod 2775 /var/www

The 2 in front of 775 causes the group who is the owner of /var/www to be copied to all new files/folders created in that directory.

There are also other options then 2:

0: setuid, setgid, sticky bits are unset
1: sticky bit is in place
2: setgid bit is in place
3: setgid and sticky bits are in place
4: setuid bit is in place
5: setuid and sticky bits are in place
6: setuid and setgid bits are on
7: setuid, setgid, sticky bits are activated

Source: http://www.dba-oracle.com/t_linux_setuid_setgid_skicky_bit.htm

Group ids can be checked for a group name in the /etc/group file:

group_name:password:GROUP_ID

More on group passwords: https://unix.stackexchange.com/a/46518/205850

-
Nhãn: , , , ,

Không có nhận xét nào:

Đăng nhận xét

Đăng ký: Đăng Nhận xét (Atom)

Cold Turkey Blocker

 https://superuser.com/questions/1366153/how-to-get-rid-of-cold-turkey-website-blocker-get-around-the-block Very old question, but still wan...

  • poetry shell
      Basic usage | Documentation | Poetry - Python dependency management and packaging made easy (python-poetry.org) Activating the virtual env...
  • Python: poetry create poetry.lock from pyproject.toml
    Basic usage | Documentation | Poetry - Python dependency management and packaging made easy (python-poetry.org)   Python: poetry create poet...
  • What is a DNS A record?
     https://www.cloudflare.com/learning/dns/dns-records/dns-a-record/ The "A" stands for "address" and this is the most fun...