Setting SGID on a directory means that all new files created in the
directory inherit the directory's group, and new directories within it
also get SGID. It's useful for having something like a project
directory, so all files belonging to the project have the same group.
The potential security concern is that if the SGID directory is writable
to all, and someone not in the directory's group creates a file there,
they get to own a file in a group they don't belong to. This would (in
theory) allow them to set SGID on that file, and be able to become a
member of that group. In practice, Linux prevents them from setting
SGID on their file, but there's a bug because chmod silently fails
rather than with an EPERM. This seems to be deliberate, so I'm not sure
if its worth fixing (fs/inode.c:inode_change_ok() silently squashes the
SGID bit rather than returning -EPERM).
J