49.5. Group Permissions in a Directory with the setgid BitIf you work on a Unix system with lots of users, you may be taking advantage of Unix group permissions to let users in one group write to files in a directory, but not let people in other groups write there. How does Unix determine what group should own the files you create? There are (at least!) two ways:
The system administrator decides which of the methods a filesystem will use for group ownership. There are other wrinkles, too. A good place to look for the gory details is your system's open manpage help, but it's probably easier to just create an empty new file and then check the group ownership with ls -l or -lg. You may be able to use the directory's set group ID (setgid) bit to control group ownership. In those cases, if the bit is set, the rule in point 2 applies. If the bit is not set, the rule in point 1 applies. To set and remove the setgid bit, use the commands chmod g+s and chmod g-s, respectively. > chmod g+s mt.pl > ls -l mt.pl -rwxr-sr-x 1 shelleyp shelleyp 1939 Apr 28 22:55 mt.pl You can use the chgrp command to change a file's group. > chgrp wheel mt.pl > ls -l mt.pl -rwxr-xr-x 1 shelleyp wheel 1939 Apr 28 22:55 mt.pl However, you must own the file, and you must also be a member of the file's new group. If you've reset directory mode bits, it's possible to wind up with ls -l permissions that have an uppercase S, like drwxr-S. What's that? (It's often a mistake.) The directory's setgid bit is set, but the execute bit isn't set. If you want the directory to be group-accessible, add execute permission with chmod g+x. Otherwise, you may want to clear the setgid bit with chmod g-s. --JP, SP Copyright © 2003 O'Reilly & Associates. All rights reserved. |
|