What is the difference between chmod 775 and chmod 2755?
Add a comment
|
2 Answers
The 2 in front of 775 is the setgid or "group id".
What is setgid (set group ID) bit used for?
The setgid affects both files as well as directories.
When setgid permission is applied to a directory, files that were created in this directory belong to the group to which the directory belongs. Any user who has write and execute permissions in the directory can create a file there. However, the file belongs to the group that owns the directory, not to the user's group ownership. Files in that directory will have the same group as the group of the parent directory.
When used on a file, it executes with the privileges of the group of the user who owns it instead of executing with those of the group of the user who executed it.
Sources:
https://www.geeksforgeeks.org/setuid-setgid-and-sticky-bits-in-linux-file-permissions/ https://docs.oracle.com/cd/E19683-01/816-4883/secfile-69/index.html
More on group ids:
At login, the password file (/etc/passwd) looks up your login user ID and determines your numeric user ID and one initial group user ID. The group file (/etc/group) then assigns to you your other group IDs (if any). The system then starts up a shell that runs as your unique numeric user ID and also has the permissions of all your numeric group IDs (one or more).
How to set a group id to a directory:
chmod 2775 /var/www
The 2 in front of 775 causes the group who is the owner of /var/www to be copied to all new files/folders created in that directory.
There are also other options then 2:
0: setuid, setgid, sticky bits are unset
1: sticky bit is in place
2: setgid bit is in place
3: setgid and sticky bits are in place
4: setuid bit is in place
5: setuid and sticky bits are in place
6: setuid and setgid bits are on
7: setuid, setgid, sticky bits are activated
Source: http://www.dba-oracle.com/t_linux_setuid_setgid_skicky_bit.htm
Group ids can be checked for a group name in the /etc/group file:
group_name:password:GROUP_ID
More on group passwords: https://unix.stackexchange.com/a/46518/205850
-
1
from man chmod:
2000 (the setgid bit). Executable files with this bit set will
run with effective gid set to the gid of the file owner.
-
1So, no effect on a non-executable file? What effect does it have on a directory?– user732Commented Oct 23, 2012 at 19:14
-
8On some operating systems, the setgid bit causes files created in the directory to have the file gid set to the same one as the directory, rather than that of the gid of the process. Also, 27 7 5 means it's writable to all members of a group, not just the owner of the directory. Commented Oct 23, 2012 at 19:36
