Situation : I need a group of developers and apache to have reads/writes permission on a folder in /var/www/html/foldername
- create users and a group
- Append “apache” and 2 users to “developergroup”
#usermod -a -G developergroup apache
#usermod -a -G developergroup develone
#usermod -a -G developergroup develtwo
- Set ownership and gid to “foldername”
#chown apache:developergroup foldername
#chmod 775 foldername
#chmod g+s foldername
done. tested on CentOS 6.5 machine with ~50 users/developers
setuid ( or setguid) permission on a file means that the file will run as the user (or group) of the file, not as the user who ran that file.
setguid -on directory means that files created in the directory will inherit the group affiliation from the directory, rather than inheriting it from the creating user. This is commonly used on group collaborative directories.
stickybit – mainly for directory as sets a special restriction on deletion of files: only owner of the file (and root) can delte files within the directory.
||Effect on Files
||Effect on Directories
||File executes as the user that owns the file, not the user that ran that file
||Files executes as the group that owns the file
||Files newly created in the dir have their group owner set to match the group owner of the dir.
||user with write permission on the dir can only remove files that they own, they cannot remove files owned by other users
number alias : suid (4) sgid (2) sticky(1)
When we implement these permissions ,we get the below symbols in permissions field :
||SUID is set, but user (owner) execute is not set.
||SUID and user execute are both set.
||SGID is set, but group execute is not set.
||SGID and group execute are both set.
||Sticky bit is set, bot other execute is not set.
||Sticky bit and other execute are both set.
Assign suid to a File : # chmod u+s testfile.txt OR # chmod 4750 testfile.txt
SGID Example : # chmod g+s OR # chmod 2750
StickyBit Example : # chmod o+t /opt/ftp-data or # chmod +t /opt/ftp-data OR # chmod 1757 /opt/ftp-data
reference : http://foralllinux.blogspot.com/2013/04/set-setuid-setgid-and-sticky-bit-in.html & Red Hat Sys Admin 1 (student workbook)