From owner-freebsd-questions Tue Apr 3 1:13:34 2001 Delivered-To: freebsd-questions@freebsd.org Received: from guru.mired.org (okc-65-26-235-186.mmcable.com [65.26.235.186]) by hub.freebsd.org (Postfix) with SMTP id 2FD9937B71C for ; Tue, 3 Apr 2001 01:13:31 -0700 (PDT) (envelope-from mwm@mired.org) Received: (qmail 71197 invoked by uid 100); 3 Apr 2001 08:13:29 -0000 From: Mike Meyer MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15049.34345.325736.372823@guru.mired.org> Date: Tue, 3 Apr 2001 03:13:29 -0500 To: "Aaron Hill" Cc: questions@freebsd.org, trond@ramstind.gtf.ol.no Subject: Re: Is there an equivalent of newgrp in FreeBSD? In-Reply-To: <132676056@toto.iv> X-Mailer: VM 6.90 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Aaron Hill types: > >The command newgrp exists on SysV inspired systems such as RISC/os and Red > >Hat GNU/Linux. Its purpose is to change the effective gid of the user > >running the command. The user may choose only from the groups he/she is a > >member of. > >What is the BSD equivalent, if any? > There is none that I know of. I've just come back from a week of Solaris > training and on the course it was explained that Sys V only allow a user to > be a member of one group at any one time, so the newgrp program was > necessary to swap the user to another group when required. In BSD a user can > be a member of several groups (maximum 32?) *concurrently* so there is no > need for this type of program. I thought they'd fixed that in SysV as well. In any case, BSD still has a distinguished group - that's what the various gid calls works on. It's the one that's fooled with by setgid programs, for instance. The only place I've seen it matter is that it's the one logged for accounting purposes. Elsewhere, programs should check the entire group list, not just the gid. If you need to do group accounting, you might want something like the newgrp command. Writing such is not hard, but if you're not careful you can lose a groups permissions. Which is why negative security (setting group permissions on a file to ---, then cramming people into that group to keep them out) is a bad idea. http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message