Using SGID to Control Group Ownership of Directories

1. My login id is billy and my primary group is goats. I'm also a member of several other groups including staff. By default, any file (including a directory) I create will be marked with the group goats.

$mkdir dog

$ls -ld dog
drwxr-xr-x 2 billy goats 512 May 06 11:14 dog

2. If I want my colleagues in staff to write to this directory, I need to change the group on the directory to staff and set the permissions to write for the group.

$chgrp staff dog

$chmod 775 dog

$ls -ld dog
drwxrwxr-x 2 billy staff 512 May 06 11:14 dog

3. Now staff can write to the directory, but we still have a problem if staff is not everyone's primary group. Look what happens when billy, a member of staff who's primary group is goats, creates a file (beagle) in the directory (dog):

$touch dog/beagle

$ls -l dog
total 0
-rw-r--r-- 1 billy goats 0 May 06 11:20 beagle

At this point, I could issue the chgrp command and set the permissions manually.

There's another solution.

4. The owner of the directory can set the SGID bit and all files subsequently placed there will have the group id of the directory automatically.

  1. Make sure the group name is set first on the directory.
  2. Give the group write permission on the directory.
  3. Issue the command chmod g+s directory_name

$chmod g+s dog

$ls -ld dog
drwxrwsr-x 2 billy staff 512 May 06 11:20 dog

Notice the "s" next to the group permissions in the listing.

(You can reverse it with chmod g-s)

5. Now, when I create a file in the directory, it will be marked with staff as the group, even though my primary group is goats.

$touch dog/dalmation

$ls -l dog

total 0
-rw-r--r-- 1 billy goats 0 May 06 11:20 beagle
-rw-r--r-- 1 billy staff 0 May 06 11:30 dalmation

Notice that the pre-existing file "beagle" didn't change. I'd still have to issue chgrp on it.

Of course, I still need to set the group permissions to write if I want others to be able to edit these files.

What if you:

ftp a file into an SGID directory? -- It inherits the GID of the directory, as above.

mv a file into an SGID directory? -- It keeps its current GID.

cp a file into an SGID directory? -- It inherits the GID of the directory.

mkdir inside an SGID directory? -- It inherits the GID of the enclosing directory and is also marked SGID.


Yale University Library Workstation Support Group

Revised 6/19/98
john.coleman@yale.edu