the following are two scenarios to let you know how i understand the problem and the SGID:
-
Scenario 1:
user A is part of the group G.
group G has full privileges to 2 files-its the group owner of these files AND has rwx- in the system of user B where 1 file is a script the other file is a normal file which the script relies on to work.
now if user A is part of the group G this means that he also has the same privileges
his group has which means he can execute these 2 files successfully. -
Scenario 2:
user B doesnt want any USER on the system to have any access to his file that the script relies on but he wants the users to be able to run the script so he decided to use setgid on the executable file and remove user A from the group G so he wont have direct access to the file yet still be able to run the executable with the help of the sgid.
I wonder if its possible, and is this how setgid works?