Operating System - Linux
1748142 Members
3755 Online
108758 Solutions
New Discussion юеВ

Re: Can SFTP clients change GIDs ?

 
SOLVED
Go to solution
Thomas Ritter
Respected Contributor

Can SFTP clients change GIDs ?

If a linux userid has a number of secondary gid, it it possible to change from the primary gid to a secondary gid within an sftp client ?
5 REPLIES 5
Ivan Ferreira
Honored Contributor

Re: Can SFTP clients change GIDs ?

You can set the SGID bit to the upload directory. For example:

USER: jdoe GROUPS: jdoe,admin

Directory: /data/upload
chown root:admin /data/upload
chmod 2770 /data/upload

If jdoe upload a file to /data/upload, the group of the file will be admin.

Cheers.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Thomas Ritter
Respected Contributor

Re: Can SFTP clients change GIDs ?

Ivan, what if joe wanted to read a file whereby the access is only provided by the gid ? Joe's primary gid is abc but the file's gid is def.

If joe has groups abc and def and his primary group is abc can he access the file by changing to his secondary group from within an sftp client ?
Ivan Ferreira
Honored Contributor
Solution

Re: Can SFTP clients change GIDs ?

>>> Ivan, what if joe wanted to read a file whereby the access is only provided by the gid ? Joe's primary gid is abc but the file's gid is def.

If the group permissions allows read, then he can read the file, as jdoe should be member of def.

>>> If joe has groups abc and def and his primary group is abc can he access the file by changing to his secondary group from within an sftp client ?

Group membership is cumulative, no actions needed.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Thomas Ritter
Respected Contributor

Re: Can SFTP clients change GIDs ?

>>>Group membership is cumulative, no actions needed.

Within the context of an sftp client, are you saying the the access algorithm will check primary gid and then all secondary gids to see if, say read, access should be given ?
Ivan Ferreira
Honored Contributor

Re: Can SFTP clients change GIDs ?

Yes.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?