[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Umask 002 policy

Once upon a time Clive Menzies said...
> 
> I've never really understood what the first digit does <shame-faced> but
> having reread the chmod manpage it falls into place ....almost.  Setting
> the group ID at 2, means any file or directory created by someone in 'group'
> will apply the same attributes? 

Not quite. I does not matter who creates the file/directory (as long as
they have permission to create a file in the directory). But the file
will be created with a group the same as the directory. It does not
affect the attributes any new files though - hence your need for a 002
umask. Directories created in a setgid parent directory will
automatically have the setgid bit set on them, so the group ID will
continue to propogate down the hierarchy.

Also, your terminology is a little off. "Setting the group ID at 2",
should really say "Setting the setgid bit". Setting the gid bit is done
by using the numeric prefix of 2, or the symbolic mode of "g+s". "Setting
the group ID at 2" means something different (setting the group ID is
done with chown/chgrp, not chmod).

For an executable, the setgid bit (2, or g+s in symbolic form) means
that when the program executes, its group id will be changed to the
group of the executable. On a directory, this makes no sense, and it has
been subverted to mean what I described above.
Reply to: