1839264 Members
4260 Online
110137 Solutions
New Discussion

setgid command

 
SOLVED
Go to solution
Shivkumar
Super Advisor

setgid command

Hi,

Where do we use setgid for setting the permission ?

Are there any programs and files we use this permission ?

Thanks,
Shiv
17 REPLIES 17
RAC_1
Honored Contributor
Solution

Re: setgid command

setuid or setgid may be required when we want users to execute a certain file with owner perms or group perms.

Like passwd command. It has setuid set. Now owner of passwd file is root, but we all can execute it. It has setuid set, so anybody executing it will in turn cause it to run as root user(which is allowed to update passwd file)

In same way setgid would allow a group os users to execute a file as if they all are owner of that file.

find . -perm -02000 -exec ll -d {} \;
will find files with setgid set.
There is no substitute to HARDWORK
James R. Ferguson
Acclaimed Contributor

Re: setgid command

Hi SHiv:

Using the 'setgid' bit for *directories* has a useful side effect for files and directories created *within* the directory.

The effect is that new files are created with their group ID set to that of the directory. This applies for new directories, too. The new sub directories will also have their setgid bit set on (at least on some Unixes).

Regards!

...JRF...

Jaime Bolanos Rojas.
Honored Contributor

Re: setgid command

Shivkumar,

Also is you are planning to use setgid in binary files this small guide will help you out,

http://neworder.box.sk/newsread.php?newsid=2380

Regards,

Jaime.
Work hard when the need comes out.
A. Clay Stephenson
Acclaimed Contributor

Re: setgid command

Actually setgid() is used very, very often -- each time you login.
If it ain't broke, I can fix that.
spex
Honored Contributor

Re: setgid command

Shiv,

Here are some of the files on one of my 11.00 systems that are setguid:

/usr/bin/mail
/usr/bin/X11/hpterm
/usr/bin/X11/xfs
/usr/bin/elm
/usr/bin/iostat
/usr/bin/ipcs
/usr/bin/kermit
/usr/bin/rmail
/usr/bin/netstat
/usr/bin/uptime
/usr/bin/stmkfont
/usr/bin/top
/usr/bin/w
/usr/bin/vmstat
/usr/bin/pipcs


If you're interested exclusively in files that are setguid, you can find them with:

find / \( -perm -g+s -a ! -perm -u+s \) -print

PCS
inventsekar_1
Respected Contributor

Re: setgid command

setuid and setgid are mostly used to allow users on a computer system to execute binary executables with temporarily elevated privileges in order to perform a specific task.
Setuid and setgid are needed for tasks that require higher privileges than those which a common user has, such as changing his or her login password. Some of the tasks that require elevated privilege may not immediately be obvious, though -- such as the ping command, which must send and listen for control packets on a network interface.

Setuid and setgid flags on a directory have an entirely different meaning. Directories with the setuid/setgid permission will force all files and sub-directories created in them to be owned by the directory owner/group and not the user/group of the user creating the file.

further reference:
http://en.wikipedia.org/wiki/Setuid
Be Tomorrow, Today.
Steven E. Protter
Exalted Contributor

Re: setgid command

Shalom,

Example from a Red Hat study guide.

You want a directory to inherit its default ownership from someone other than the creating user.

mkdir oracledb
chmod 3775 oracledb/
chown oracle:dba oracledb/
su - sprotter
cd /home/oracledb
touch sprotterfile

Group ownership will show dba

Try it.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
James R. Ferguson
Acclaimed Contributor

Re: setgid command

Sekar:

When you *copy* text, verbatim, from another source, it is proper to indicate that you are quoting another work and in doing so, provide citation threeof! Open-source licensing aside, too, I'm old-school: copying without acknowledgement is plain old plagiarism.

...JRF...

James R. Ferguson
Acclaimed Contributor

Re: setgid command

Hi:

To set the 'setgid' bit one uses an octal number of the form:

# chmod 2nnn

...using:

# chmod 3nnn

...sets both the 'setgid' and the 'sticky' bit. See the manpages for 'chmod(1) and/or 'chmod(2)'

Regards!

...JRF...
inventsekar_1
Respected Contributor

Re: setgid command

...JRF...
when i copy from somewhere, i used to provide the link as well, the reason is same as u told. i thought that is enough. if not, how i can do that.
***when reading a text of two or more lines, the writers "english" will tell whether that is original or not.isnt***
Be Tomorrow, Today.
James R. Ferguson
Acclaimed Contributor

Re: setgid command

Sekar:

No, the English (style) used is not an acceptable excuse for a lack of a proper citation. To ask me to discern *your* words from those written by someone else, presumes that I know both your style and the writer's style and background. While I am sensitive to cadence and form, that's not fair.

I have witnessed many non-native English folks write and speak more properly than a large number of American English-raised individuals!

It proper to place double quotation marks around vertatim passages of text. Another technique that I believe works well (for instance, here) is to delineate the material thusly:

/* begin_quote */

In the beginning was the Word...

/* end_quote */

Now, for anyone who thinks that I am picking only on you, I am not. I have seen other instances of this, too. Your post just happened to be the most recent one, and I think that this is something that we all could do well to remember.

_end_rant_

Regards!

...JRF...

/* no points for this post, please */
inventsekar_1
Respected Contributor

Re: setgid command

got it JRF.

/* Now, for anyone who thinks that I am picking only on you, I am not. I have seen other instances of this, too. Your post just happened to be the most recent one, and I think that this is something that we all could do well to remember. */

the first "anyone" is me. but i like my "teacher" who always scolds me.
as one or two days back clay (i am sorry if its wrong) told, its difficult to work with olympian.
Be Tomorrow, Today.
A. Clay Stephenson
Acclaimed Contributor

Re: setgid command

Sekar,

-- and to add to Jim's rant, it is simply rude and your momma should whup you for it.

I have seen cases where some of my C code was cut-and-pasted and survived absolutely intact other than my authorship comments (which I'm sure were only inadvertently omitted). I only mention that because it would be difficult to discern one's English speaking ability (which I ain't known for nohow) in C but plagiarism is still plagiarism. The only sin in my view that is worse than plagiarism is falsifying data.

Be very glad you are not one of my former students because you would have just flunked the course.

Food for thought, Clay

No points, please.
If it ain't broke, I can fix that.
inventsekar_1
Respected Contributor

Re: setgid command

Clay,
most of the time, these olympians write very crisp. i am not able to understand that crisp.
"Be very glad you are not one of my former students because you would have just flunked the course."
means what?
Be Tomorrow, Today.
Jonathan Fife
Honored Contributor

Re: setgid command

"The only sin in my view that is worse than plagiarism is falsifying data."

And what about falsifying plagiarism -- when you not only have not done your own work, but no one else has either?
Decay is inherent in all compounded things. Strive on with diligence
A. Clay Stephenson
Acclaimed Contributor

Re: setgid command

In a former life, I taught on the college level. It means that had I discovered that you had "borrowed" someone else's work without giving them proper credit then you would have instantly received a failing grade for the course.

As for the 'sin" of plagiarizing falsified data, then I don't really consider that "original" sin -- that there is just amplifying noise.
If it ain't broke, I can fix that.
Jeff Gyurko
Frequent Advisor

Re: setgid command

In searching the forums, I ran across this thread and couldn't help posting a reply. How many of you have read the previous answer, which was the right answer and felt compelled to add your "own" answer anyway by changing some of the text around in the previous post.

Previous post: "do this: ps -ef | grep This"
Your post: "type this: ps -ef | grep -i this"

All you nitpickers are guilty of this. Frankly I don't care where the "text" answer comes from as long as it's the answer. If it's a different method of finding the answer, fine please post it, but the above example is not a new method. If it's code that someone wrote like Clay's caljd, then by all means give the proper credit.

Oh, and you didn't even answer the author's question with your actual answer.