The setgid bit (Set Group ID) has two different but related effects. On an executable file, it causes the program to run with the effective group of the file's group owner—analogous to setuid but for groups. This was historically used for games that needed access to a shared high-score file, among other things.
On a directory, setgid changes how new files within it acquire their group ownership: instead of taking the creating user's primary group, they take the directory's group. This is the standard way to set up shared project directories where everyone in a team should see each other's files:
sudo mkdir /srv/projects
sudo chown root:developers /srv/projects
sudo chmod 2775 /srv/projects # 2 = setgid, 775 = rwxrwxr-x
ls -ld /srv/projects
drwxrwsr-x 2 root developers ... /srv/projects # 's' in group field
Now when any member of the developers group creates a file under /srv/projects, it is group-owned by developers, not by the creator's personal group, and is accessible to all the others—provided their umask allows group write. Combined with umask 002 for team members, setgid directories make collaborative workflows much smoother.
Related terms: setuid, chmod, Sticky Bit
Discussed in:
- Chapter 9: Users, Groups, and Permissions — Special Bits: setuid, setgid, and sticky
Also defined in: Textbook of Linux