Date: Fri, 19 Jan 2001 23:56:16 +0200 From: Peter Pentchev <roam@orbitel.bg> To: Terry Lambert <tlambert@primenet.com> Cc: Wes Peters <wes@softweyr.com>, Will Andrews <will@physics.purdue.edu>, arch@FreeBSD.ORG Subject: Re: no newgroup/newgrp in FreeBSD? Message-ID: <20010119235616.A49279@ringworld.oblivion.bg> In-Reply-To: <200101191743.KAA10770@usr08.primenet.com>; from tlambert@primenet.com on Fri, Jan 19, 2001 at 05:42:55PM %2B0000 References: <3A6728FB.76E7C687@softweyr.com> <200101191743.KAA10770@usr08.primenet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jan 19, 2001 at 05:42:55PM +0000, Terry Lambert wrote: > > > Sorry for being ignorant, but what's the difference between this and the > > > pw(8) group operations? > > > > System V only holds one GID per process. The newgrp command changes the > > active GID to another group by starting a new shell with the GID specified > > on the newgrp command line. You have to be a member of the group or know > > the group password. Since BSD uses a list of group memberships, newgrp > > is not needed. > > Actually, it could be useful. > > In SVR4, the most powerful effect is that newgrp permits you > to obtain membership in a group without explicit configuration, > so long as there is communication of the password to you. > > Specifically, it allows adjunct group membership, through > knowledge of a password. The BSD method grants membership > in groups explicitly. > > As an example, consider membership in group "wheel". To > be able to "su", you must have two things: membership in > group "wheel", and the "root" password. [snip] Hmm.. good points. The 1.0.1 version of my newgrp(1) implementation, at http://ringwraith.online.bg/~roam/devel/sysutils/newgrp-1.0.1.tar.gz allows the users to change to a group they are not members of, if that group is password-protected. It also restricts access to groups users *are* members of, if those are password-protected. Both those items are controlled by compile-time defines. G'luck, Peter -- I've heard that this sentence is a rumor. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010119235616.A49279>