Do group permissions matter for files owned by the root group?
I’ve stumbled upon a script which included the following two commands:
chown -R some-user:0 /some/dir
chmod -R g+w /some/dir
Specifically, this is from the Dockerfile of the nginx-unprivileged Docker image.
Is there any reason why one would add group-write permission to files owned by the root group anyway?
Is there any situation in which this might make a difference, considering there are no other users in the root group?
First, the question should not be "are any users in the root group" but "will there ever be any users in the root group".
Users (real users and system users) or running processes could end up in the root group any of these ways:
- (obviously) if they are listed in the root group in /etc/group
- If they are listed in the root group in /etc/passwd column 4
- If the executable is sgid root
- if some system service (like systemd or sudo) starts a process in the root group
- probably something else I’ve forgotten
If any of these ever occurs, then it matters if files are group root writable.