linux - Difference between "chmod 775" and "chmod 2755" - Unix & Linux Stack Exchange
from man chmod
:
2000 (the setgid bit). Executable files with this bit set will
run with effective gid set to the gid of the file owner.
The 2 in front of 775 is the setgid
or "group id".
What is setgid
(set group ID) bit used for?
The setgid affects both files as well as directories.
When setgid permission is applied to a directory, files that were created in this directory belong to the group to which the directory belongs. Any user who has write and execute permissions in the directory can create a file there. However, the file belongs to the group that owns the directory, not to the user's group ownership. Files in that directory will have the same group as the group of the parent directory.
When used on a file, it executes with the privileges of the group of the user who owns it instead of executing with those of the group of the user who executed it.
Sources:
https://www.geeksforgeeks.org/setuid-setgid-and-sticky-bits-in-linux-file-permissions/ https://docs.oracle.com/cd/E19683-01/816-4883/secfile-69/index.html
More on group ids:
At login, the password file (/etc/passwd
) looks up your login user ID and determines your numeric user ID and one initial group user ID. The group file (/etc/group
) then assigns to you your other group IDs (if any). The system then starts up a shell that runs as your unique numeric user ID and also has the permissions of all your numeric group IDs (one or more).
How to set a group id to a directory:
chmod 2775 /var/www
The 2
in front of 775
causes the group who is the owner of /var/www to be copied to all new files/folders created in that directory.
There are also other options then 2:
0: setuid, setgid, sticky bits are unset
1: sticky bit is in place
2: setgid bit is in place
3: setgid and sticky bits are in place
4: setuid bit is in place
5: setuid and sticky bits are in place
6: setuid and setgid bits are on
7: setuid, setgid, sticky bits are activated
Source: http://www.dba-oracle.com/t_linux_setuid_setgid_skicky_bit.htm
Group ids can be checked for a group name in the /etc/group file:
group_name:password:GROUP_ID
More on group passwords: https://unix.stackexchange.com/a/46518/205850
Không có nhận xét nào:
Đăng nhận xét