Do group permissions matter for files owned by the root group?

I’ve stumbled upon a script which included the following two commands:

chown -R some-user:0 /some/dir
chmod -R g+w /some/dir

Specifically, this is from the Dockerfile of the nginx-unprivileged Docker image.

Is there any reason why one would add group-write permission to files owned by the root group anyway?
Is there any situation in which this might make a difference, considering there are no other users in the root group?

Asked By: JMC

||
Source

First, the question should not be "are any users in the root group" but "will there ever be any users in the root group".

Users (real users and system users) or running processes could end up in the root group any of these ways:

  • (obviously) if they are listed in the root group in /etc/group
  • If they are listed in the root group in /etc/passwd column 4
  • If the executable is sgid root
  • if some system service (like systemd or sudo) starts a process in the root group
  • probably something else I’ve forgotten

If any of these ever occurs, then it matters if files are group root writable.

Answered By: user10489
Categories: Answers Tags: , , ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.