Setting the SISGID permission bit ON - The iSeries Blog
Home > IT Blogs > The iSeries Blog > Setting the SISGID permission bit ON
« i5/OS Server Names
Look for low-end System i soon »
» VIEW ALL POSTS Apr 3 2007   8:01AM GMT

Setting the SISGID permission bit ON



Posted by: Contributing Bloggers
Security – alerts – compliance, System management, iSeries software, Operating systems

I’ve always been unhappy with how the default owner of an object in the IFS is determined.

When a new object is created the ownership is, by default,  the creating user’s profile name.

When objects are shared amoung a group of profiles (Group Profile Membership), this can lead to problems, especially if someone in the group has to delete an object created by another group member.

I have learned that if a directory object has the S_ISGID permission bit set ON, then whenever a new object is created in that directory the owner of the object will be the same as the directory’s PRIMARY GROUP OWNER.

The S_ISGID permission bit can be set on a couple of different ways.

You can use the CHGATR command… For example:

 CHGATR OBJ('/PRDCIS/INBOUND') ATR(*SETGID) VALUE(*YES)

or, via the Properties/Security tab within iSeries Navigator:

propsecurity.jpg

Kenneth

AddThis Social Bookmark Button     Comment     RSS Feed     Email a friend

Comment on this Post


You must be logged-in to post a comment. Log-in/Register
Visit AS/400 Home |   AS/400 News  |  AS/400 White Papers  |  AS/400 Videos  |  AS/400 Resources