Linux SGID (Set Group ID) Explained — Shared Directories with chmod 2775

What Is SGID (Set Group ID)?

The SGID bit has two distinct behaviors depending on whether it is applied to a file or a directory.

SGID on Executables

When set on an executable, the process runs with the file's group ID rather than the user's primary group. This is similar to SUID but for group privileges.

SGID on Directories (More Common)

When set on a directory, new files and subdirectories created inside automatically inherit the directory's group instead of the creator's primary group. This is essential for shared project directories.

The Problem SGID Solves

Without SGID:

# Alice creates a file in the shared directory
$ id alice
uid=1001(alice) gid=1001(alice) groups=1001(alice),1005(devteam)

$ touch /shared/project/file1.txt
$ ls -l /shared/project/file1.txt
-rw-r--r-- 1 alice alice ...   # Group is 'alice', NOT 'devteam'

With SGID:

# Set SGID on the shared directory
chmod 2775 /shared/project
chown :devteam /shared/project

$ touch /shared/project/file2.txt
$ ls -l /shared/project/file2.txt
-rw-r--r-- 1 alice devteam ...  # Group is 'devteam'!

Setting SGID

# Using symbolic notation
chmod g+s /shared/project

# Using octal notation (prefix with 2)
chmod 2775 /shared/project

# Verify
ls -ld /shared/project
# drwxrwsr-x 2 root devteam ...

SGID Display

In ls -l output, SGID appears in the group execute position:

• s (lowercase): SGID + group execute permission
• S (uppercase): SGID WITHOUT group execute permission

Complete Shared Directory Setup

# Create the shared directory
sudo mkdir -p /shared/project

# Set the group
sudo chown :devteam /shared/project

# Set SGID + appropriate permissions
sudo chmod 2775 /shared/project

# Now all new files inherit the 'devteam' group

Combining SGID with Sticky Bit

For directories where multiple groups need write access but should not delete each other's files:

chmod 3775 /shared/project   # SGID (2) + Sticky (1) = 3