Noel L Yap wrote:
> man chmod and look for the part about SGID on directories. Isn't this
> in the FAQ somewhere? It's asked often enough.
Here's some info explaining how special directory modes work under
Solaris 5.6. (I copied this from the chmod manpages and edited it a
little.) Much of this applies on other Un*x systems as well.
--Avi
# File modes under Solaris 5.6:
4000 Set user ID on execution.
20#0 Set group ID on execution if file is group-executable.
Enable mandatory locking if NOT group-executable.
For directories, files are created with BSD semantics
for propagation of the group ID. With this option,
files and subdirectories created in the directory
inherit the group ID of the directory, rather than
of the current process.
To clear this bit using chmod, you must specify the
symbolic mode (g+s or g-s); absolute mode won't work.
1000 Turn on sticky bit. See chmod(2).
Use symbolic "l" (el) for mandatory file locking
The letter s is only meaningful with u or g, and t only works with u.
Mandatory file and record locking (l) refers to a file's ability
to have its reading or writing permissions locked while a program
is accessing that file.
In a directory which has the set-group-ID bit set (reflected as
either -----s--- or -----l--- in the output of 'ls -ld'), files
and subdirectories are created with the group-ID of the parent
directory--not that of the current process.
It is not possible to permit group execution and enable a file
to be locked on execution at the same time. In addition, it is not
possible to turn on the set-group-ID bit and enable a file to be
locked on execution at the same time. The following examples,
therefore, are invalid and elicit error messages:
chmod g+x,+l file
chmod g+s,+l file
Making a directory "append-only":
If a directory is writable and has the sticky bit set, files within
that directory can be removed or renamed only if one or more of
the following is true:
o the user owns the file
o the user owns the directory
o the file is writable by the user
o the user is a privileged user
If a directory has the set group ID bit set, a file created within
that directory will have the same group ID as the directory, if
that group ID is part of the group ID set of the process that
created the file. Otherwise, the newly created file's group ID
will be set to the effective group ID of the creating process.
If the mode bit 02000 (set group ID on execution) is set and the
mode bit 00010 (execute or search by group) is not set, mandatory
file/record locking will exist on a regular file.
--
========= Avi Green :) (: www.sputnik7.com =========
======== Unix S/A & System Specialist ========
======== avi at sputnik7.com 212 217-1147 ========
