1. Securing Files and Verifying File Integrity in Oracle Solaris 11.4
  2. Controlling Access to Files
  3. Using UNIX Permissions to Protect Files
  4. Special File Permissions Using setuid, setgid and Sticky Bit
  5. setgid Permission

setgid Permission

The setgid permission is similar to the setuid permission. The process's effective group ID (GID) is changed to the group that owns the file, and a user is granted access based on the permissions that are granted to that group. The /usr/bin/mail command has setgid permissions: 

-r-x--s--x   1 root   mail     149K Jun 14 14:04 /usr/bin/mail

When the setgid permission is applied to a directory, files that are created in this directory belong to the group that owns the directory. The files do not belong to the group to which the creating process belongs. Any user who has write and execute permissions in the directory can create a file there. However, the file belongs to the group that owns the directory, not to the group that the user belongs to.

You should monitor your system for any unauthorized use of the setgid permission to gain root capabilities. A suspicious permission grants group access to such a program to an unusual group rather than to root or bin. To search for and list all files that use this permission, see How to Find Files With Special File Permissions.