What is SGID and how to set SGID in Linux?

This is next to SUID in our ongoing Linux file and folder permissions series. We already discussed about CHMOD, UMASK, CHOWN, CHGRP, SUIDStickyBit and SUDO  concepts in our previous posts. In this post we will see

What is SGID?

Why we require SGID?

Where we are going to implement SGID?

How to implement SGID in Linux?


What is SGID?

SGID (Set Group ID up on execution) is a special type of file permissions given to a file/folder. Normally in Linux/Unix when a program runs, it inherits access permissions from the logged in user. SGID is defined as giving temporary permissions to a user to run a program/file with the permissions of the file group permissions to become member of that group to execute the file. In simple words users will get file Group’s permissions when executing a Folder/file/program/command.

SGID is similar to SUID. The difference between both is that SUID assumes owner of the file permissions and SGID assumes group’s permissions when executing a file instead of logged in user inherit permissions.

Learn SGID with examples:

Example: Linux Group quota implementation

When implementing Linux Group quota for group of people SGID plays an important role in checking the quota timer. SGID bit set on folder is used to change their inherit permissions to group’s permissions to make it as single user who is dumping data. So that group members whoever dumps the data the data will be written with group permissions and in turn quota will be reduced centrally for all the users. For clear understanding of this you have to implement group quota from the above link. Without implementation of SGID the quota will not be effective.

How can I setup SGID for a file?

SGID can be set in two ways

1) Symbolic way (s)

2) Numerical/octal way (2, SGID bit as value 2)

Use chmod command to set SGID on file: file1.txt

Symbolic way:

chmod g+s file1.txt

Let me explain above command we are setting SGID(+s) to group who owns this file.

Numerical way:

chmod 2750 file1.txt

Here in 2750, 2 indicates SGID bitset, 7 for full permissions for owner, 5 for read and execute permissions for group, and no permissions for others.

How can I check if a file is set with SGID bit or not?

Use ls –l to check if the x in group permissions field is replaced by s or S

For example: file1.txt listing before and after SGID set

Before SGID set:

ls -l

total 8

-rwxr--r-- 1 xyz xyzgroup 148 Dec 22 03:46 file1.txt

After SGID set:

ls -l

total 8

-rwxr-sr-- 1 xyz xyzgroup 148 Dec 22 03:46 file1.txt

Some FAQ’s related to SGID:

Where is SGID used?

1) When implementing Linux group disk quota.

I am seeing “S” ie Capital s in the file permissions, what’s that?

After setting SUID or SGID to a file/folder if you see ‘S’ in the file permission area that indicates that the file/folder does not have executable permissions for that user or group on that particular file/folder.

chmod g+s file1.txt

-rwxrwSr-x 1 surendra surendra 0 Dec 27 11:24 file1.txt

so if you want executable permissions too, apply executable permissions to the file.

chmod g+x file1.txt

-rwxrwsr-x 1 surendra surendra 0 Dec 5 11:24 file1.txt

you should see a smaller 's' in the executable permission position.

How can I find all the SGID set files in Linux/Unix.

find / -perm /2000

The above find command will check all the files which is set with SGID bit(2000).

Can I set SGID for folders?

Yes, you can if it’s required (you should remember one thing, that Linux treats everything as a file)

How can I remove SGID bit on a file/folder?

chmod g-s file1.txt

Post your thoughts on this.

The following two tabs change content below.
Mr Surendra Anne is from Vijayawada, Andhra Pradesh, India. He is a Linux/Open source supporter who believes in Hard work, A down to earth person, Likes to share knowledge with others, Loves dogs, Likes photography. He works as Devops Engineer with Taggle systems, an IOT automatic water metering company, Sydney . You can contact him at surendra (@) linuxnix dot com.
  • Karan Chauhan023

    Awesome Articles you have written….simple & explanatory. 

    Keep it UP.

  • Anuja

    Well explained!!!!

  • Sredhar

    Thanks for sharing..very helpful.

  • Sreekumar

    An excellent Article …. really good.. Thanks much for your contributions to the IT….

  • Bhushan Nehate

    Very Helpful Article…

  • Nagi Reddy

    Thanks for sharing very nice………….

  • dilip

    very useful..thank you very much..keep on posting..
    can you pz post how to configure mysql proxy?

    Thanks in advance


  • Pingback: Défendons le droit des framboises314 : Les droits Linux sur le Raspberry Pi | Framboise 314, le Raspberry Pi à la sauce française….()

  • prr.suresh

    In the numerical way , there is a small mistake . It is not write and execute (5) in group permission and it would be read and execute(5)

  • Selvam

    Thank for Article. Really Very useful. But i h’ve a doubt this permission temporary only , how we add this permission ( SUID, SGID ) as permanent. ?

    • Hi Selvam,

                     This is a permanent change it self. How you are saying its temporary?

      • Selvam

        Sorry , I confused with that. i tried to delete the post can’t.
        Thanks for your replay. :)

  • Hi Surendra, That’s nice article, please can you also write something about SUDO permissions.

    Thank you very much.

  • ashok

    Awesome Surendra…Thanks for useful article

  • Ashok Deshmane

    Awesome Surendra…Thanks for useful article

  • Nice explanation. Thank you Surendra.

  • moni

    Can we set SUID and SGID altoghether on a file?

  • model

    as stated above `how come quota will be reduced centrally for all the users `.can you explain this more in detail

    • Normally a quota works on user(UID) but when we set SGID on a pertical folder and implemented quota for that perticular folder it will increment counter for GID instead of UID. Hope this helps.

  • model

    ok it will increment counter for GID instead of UID ? then

    still not clear sir. can you explain in simple words thanks you so much for replying

  • Moromete

    the command :

    find / -perm +2000

    does not find the files with SGID , of contrary will show just the files for which SGID bit(2000) is NOT set.

    find / -perm -2000 will do the job (find the SGID files)

  • Tero

    Great article series!

    One minor typo in FAQ, SUID in place of SGID.

  • Willian

    Simple observation. The correct parameter to search file with some SGUID is:

    find /tmp -perm +2000  # deprecated

    find /tmp -perm /2000  # change "+" by "/"

    Following the Manual the command find, the "+" is no supported (and has been deprecated since 2005).

    • Thanks for your comment. Updated post accordingly.

  • KR

    Fentastic atricle!

  • Franxis

    Well explained..

  • Harshad Awati

    Thanks for this article.