setgid
If the effective user ID of the process is the root user, the process's real,
effective, and saved group IDs are set to the value of the GID parameter.
Otherwise, the process effective group ID is reset if the GID parameter is
equal to either the current real or saved group IDs, or one of its
supplementary group IDs. Supplementary group IDs of the calling process
are not changed.
setegid
The process effective group ID is reset if one of the following conditions is
met:
The EGID parameter is equal to either the current real or saved group
IDs.
The EGID parameter is equal to one of its supplementary group IDs.
The effective user ID of the process is the root user.
How Permissions Work
setuid
If the effective user ID of the process is the root user, the process's real,
effective, and saved user IDs are set to the value of the UID parameter.
Otherwise, the process effective user ID is reset if the UID
parameter specifies either the current real or saved user IDs.
Most programs execute with the user and group access rights of
the user who invoked them. Program owners can associate the
access rights of the user who invoked them by making the program
a setuid or setgid program; that is, a program with the setuid or
setgid bit set in its permissions field. When that program is executed
by a process, the process acquires the access rights of the owner of
the program. A setuid program executes with the access rights of
its owner, while a setgid program has the access
rights of its group and both bits can be set according
to the permission mechanism. Beginning with AIX
4.2, the SETUID and SETGID permission bits are no longer
supported for shell scripts. This change does NOT affect
compiled programs.
--------------------------------------------------
In order to add or remove permissions you can use the chmod command with the
number (i.e as in chmod 644) or
You can add permissions to user, group, or other with the
chmod g+{rwx} filename
For example chmod g+r myfile adds read privileges for the group to myfile
Subtract permisions to user, group, or other with the
chmod g-{rwx} filename
For example chmod o-x filename removes execute from others
In case you are interested, the following chart shows how we
get the numbers for permissions just by adding up the numbers.
4000 Sets user ID on execution.
2000 Sets group ID on execution.
1000 Sets the link permission to directories or sets the save-text attribute
0400 Allow read by owner
0200 Allow write by owner
0100 Allow execute (search in directory) by owner
0700 Allow read, write and execute search by owner
0040 Allow read by group
0020 Allow write by group
0010 Allow execute, search in directory by group
0070 Allow read, write, and execute by group
0004 Allow read by others
0002 Allow write by others
0001 Allow execute or search by others
0007 Allow read, write, and execute by others.
So chmod 664 is 0400 + 0200 + 0040+ 0020 + 0004
rw rw r (this is what it is)
One more interesting option is the Examples below:
r-s r-x --- would be 4550
r-s r-s r-x would be 6555
r-x r-s r-x would be 2555
rwx --s --- would be 2710
rwx rwx rwt would be 1777
==========================
Command Source Dir Source File Target Dir
cd x N/A N/A
ls r N/A N/A
ls -l r,x N/A N/A
mkdir x,w (parent) N/A N/A
rmdir x,w (parent) N/A N/A
cat,pg
,more x r N/A
mv x,w NONE x,w
cp x r x,w
touch x,w* N/A NONE
rm,del x,w NONE N/A
