I can never remember how the set-gid and sticky bits work on directories, so I finally spent some time to re-read man (but had to resort to info) about chmod. This is my cheat sheet.
set-gid
Setgid (octal permission 2000) makes new files in the directory owned by the group that owns the directory. This is very useful for teams.
How to set
chmod g+s thisdir chmod 2770 thisdir
How to clear
chmod g-s thisdir chmod 00770 thisdir
sticky bit, or restricted deletion
Sticky bit (octal permission 1000) on a directory prevents Bob from deleting a file owned by Alice. Even if the directory is owned by one of Bob’s groups and is writable, Bob cannot delete the Alice’s files. This is particulary helpful for the /tmp directory. Check it out:
$ ls -lad /tmp drwxrwxrwt. 4 root root 120 Jan 23 09:40 /tmp
How to set sticky bit
chmod a+t thisdir chmod 1770 thisdir
How to clear
chmod a-t thisdir chmod 00770 thisdir
According to info coreutils chapter 27.4, “Directories and the Set-User-ID and Set-Group-ID Bits,” gnu chmod needs a 5-digit octal to clear this bit.
Basically, if it’s worth setting set-gid, you should throw in sticky bit.
chmod 03770 thisdir
[…] set aside the tasks I had scheduled for this afternoon, and took a look. Aside from some setgid on the parent directory without g+rx, nothing looked amiss. The directory was owned by root.root […]