setgid bit on directories

[florian]

I've noticed that when creating directories in my home directory, permissions are set with setgid.

Code: [Select]

$ cd
$ mkdir newdir
$ touch newfile
$ ls -ldF new*
drwxr-sr-x    2 tc       staff           0 Jan 21 23:26 newdir/
-rw-r--r--    1 tc       staff           0 Jan 21 23:26 newfile

What's the purpose in TC of setting the setgid bit for directories by default?
I think I would prefer my directory created without that bit by default. Would there be any reason against that? And how to not set the setgid bit by default?

(ps: I have not changed the default umask)

[roberts]

Because if something ends up in your home directory, you should have access to it to at least see what it is. TC is not meant to be installed as multiuser, so typically this was to allow at least read access if root created something there.

[^thehatsrule^]

If you still want to try without it, use chmod g-s /home/tc.  setgid is set in tc-config if you want to remaster it, although it may be easier just to add the chmod line in bootlocal.sh.

I don't think umask wouldn't affect this, iirc.  Is there a reason why you don't want setguid btw?

How the files in /home/tc are accessed after creation depends on the umask.  Currently it's set to 0022, so read access is granted to 'others'.  This suggests that whether or not setgid was used, the same RO permissions should apply.

[florian]

Thanks for the explanations! I got it now.

I was confused because I didn't quite remember that setgid bit on a directory causes new files and directories to inherit its group rather than the group of the user who created the file. With that in mind and with Robert's explanation, this makes a lot of sense.