Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Unix File Permissions
Top Forums UNIX for Beginners Questions & Answers Answers to Frequently Asked Questions Tips and Tutorials Unix File Permissions Post 73755 by Perderabo on Friday 3rd of June 2005 07:20:56 PM
Old 06-03-2005
Set GID Bit on Directories
We briefly mentioned that files have a user and group associated with them. Originally, it was just the user and group of whoever created them. But originally, a user could be in only one group at a time. BSD introduced the concept that a user could be in multiple groups simutaneously. So in BSD, which group was used? BSD decided to use the group of the directory that contained the newly created file.

Many modern versions of unix try to have it both ways. A newly created file gets the group of the user unless the directory has the setgid bit. In that case, the newly created file gets the group of the directory.

And there is an exception to that! Changing the owner or group of a file has security concerns. For that reason, some versions of unix will, optionally, prohibit a user other than root from changing the owner of a file. Additionally, a user is prohibited from changing the group of a file unless he is a member of the new group. This restriction will override the setgid bit on a directory if needed.
These 3 Users Gave Thanks to Perderabo For This Post:
kingdream Neo shekhar_4_u
 

8 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Unix permissions

I am currently running jsp pages on unix server. At the top of my page is the import statement: <%@ page import="survey.*"%>. This imports the survey folder which i have placed in the same directory as my jsp page- jsp-servlet. However, when i try to run the page, its gives me an error saying that... (2 Replies)
Discussion started by: moukoko
2 Replies

2. UNIX for Advanced & Expert Users

UNIX File Permissions

Hello, What does the following mean in terms of file permissions. -rw-rwSrw- 1 owner group 999 May 25 2004 file_name What does the "S" stand for. Thanks in advance for your input. :) (3 Replies)
Discussion started by: jerardfjay
3 Replies

3. Solaris

Unix permissions

Is anyone aware of a tool that would produce a report or an extract file of all users, the files thry are allowed to access and their associated rights permitted (Read,Write etc.) (0 Replies)
Discussion started by: mobershaw
0 Replies

4. UNIX for Dummies Questions & Answers

Unix permissions for a newbie

Okay, this may turn out to be something quite simple, but I haven't found the answer so far: 1) Is it possible to retrieve a list of user(ID) file permissions? and then... 2) What is the most efficient way to create an alert/error message when/if those file permissions are denied? ... (2 Replies)
Discussion started by: hades1013
2 Replies

5. Shell Programming and Scripting

Unix File Permissions

I want to change one of my Dir permissions to drwx--S--- Can you tell me which number i have to use. Thanks in Advance (4 Replies)
Discussion started by: veeru
4 Replies

6. UNIX for Dummies Questions & Answers

Unix Permissions

We have a user group ‘norkgrp’ which is having 2 users ‘norkadm’ and ‘oracle’. Further we have a directory ‘fstf_blobs’ where ‘norkadm’ is the owner and ‘norkgrp’ is the group owner. The permission is set as 770. $ ls -lrt drwxrwx--- 2 norkadm norkgrp 1024 Jun 24 05:03 fstf_blobs We... (5 Replies)
Discussion started by: varunrbs
5 Replies

7. Solaris

Unix file, folder permissions, security auditing tools.

I want to periodically check if ASCII password/config files on Unix have 400 or 600 access. Folders and files are owned by designated group and user. Folders and Files do not have world write access. Are there any tools/scripts available for this kind of auditing that I can use on Solaris? (7 Replies)
Discussion started by: kchinnam
7 Replies

8. Shell Programming and Scripting

ksh; Change file permissions, update file, change permissions back?

Hi, I am creating a ksh script to search for a string of text inside files within a directory tree. Some of these file are going to be read/execute only. I know to use chmod to change the permissions of the file, but I want to preserve the original permissions after writing to the file. How can I... (3 Replies)
Discussion started by: right_coaster
3 Replies

LEARN ABOUT OSX

chown

CHOWN(8)						    BSD System Manager's Manual 						  CHOWN(8)

NAME

     chown -- change file owner and group

SYNOPSIS

     chown [-fhv] [-R [-H | -L | -P]] owner[:group] file ...
     chown [-fhv] [-R [-H | -L | -P]] :group file ...

DESCRIPTION

     The chown utility changes the user ID and/or the group ID of the specified files.	Symbolic links named by arguments are silently left
     unchanged unless -h is used.

     The options are as follows:

     -f      Don't report any failure to change file owner or group, nor modify the exit status to reflect such failures.

     -H      If the -R option is specified, symbolic links on the command line are followed.  (Symbolic links encountered in the tree traversal
	     are not followed.)

     -h      If the file is a symbolic link, change the user ID and/or the group ID of the link itself.

     -L      If the -R option is specified, all symbolic links are followed.

     -P      If the -R option is specified, no symbolic links are followed.  Instead, the user and/or group ID of the link itself are modified.
	     This is the default. Use -h to change the user ID and/or the group of symbolic links.

     -R      Change the user ID and/or the group ID for the file hierarchies rooted in the files instead of just the files themselves.

     -v      Cause chown to be verbose, showing files as the owner is modified.

     The -H, -L and -P options are ignored unless the -R option is specified.  In addition, these options override each other and the command's
     actions are determined by the last one specified.

     The owner and group operands are both optional; however, at least one must be specified.  If the group operand is specified, it must be pre-
     ceded by a colon (``:'') character.

     The owner may be either a numeric user ID or a user name.	If a user name is also a numeric user ID, the operand is used as a user name.  The
     group may be either a numeric group ID or a group name.  If a group name is also a numeric group ID, the operand is used as a group name.

     For obvious security reasons, the ownership of a file may only be altered by a super-user.  Similarly, only a member of a group can change a
     file's group ID to that group.

DIAGNOSTICS

     The chown utility exits 0 on success, and >0 if an error occurs.

COMPATIBILITY

     Previous versions of the chown utility used the dot (``.'') character to distinguish the group name.  This has been changed to be a colon
     (``:'') character, so that user and group names may contain the dot character.

     On previous versions of this system, symbolic links did not have owners.

     The -v option is non-standard and its use in scripts is not recommended.

LEGACY DESCRIPTION

     In legacy mode, the -R and -RP options do not change the user ID or the group ID of symbolic links.

SEE ALSO

     chgrp(1), find(1), chown(2), fts(3), compat(5), symlink(7)

STANDARDS

     The chown utility is expected to be IEEE Std 1003.2 (``POSIX.2'') compliant.

HISTORY

     A chown utility appeared in Version 1 AT&T UNIX.

BSD
								  March 31, 1994							       BSD
All times are GMT -4. The time now is 04:19 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy