The newgrp command

Robert Locke lists at ralii.com
Thu Aug 25 02:54:08 UTC 2005 

On Thu, 2005-08-25 at 08:24 +0700, Vidol Loeung wrote:
> Thanks Richard. When I as a user used newgrp to switch myself to a new
> group, I of course gave the password of that group, which was assigned by
> the gpasswd comamnd as you mentioned. I also agree that, this command is
> rarely used and I think, it only makes sense when a user would like
> files/directories (s)he creates to belong to a particular group. Having the
> user as a member in each group is fine.
> 
> My question was out of curiosity as I was trying to experiment the newgrp
> command and found that it did not seem to work the way it should as its
> manual and documentations stated that the command is used to switch a user
> to a new group and requires the group password.
> 
> Let me give a scenario here:
> - I logged in as user 'joe'.
> - Then, I typed this command ('joe' is not a member of group 'users'):
>   $ newgrp users
>   Password:
>   newgrp: Permission denied
> 
> I've wondering what the group passwd command is used for and found that the
> newgrp command is the one that needs the group passwd. Now, when I tried it
> as above it did not work.
> 
> Would someone kindly clarify a bit more on the use of the newgrp command?
> 
> Regards,
> Vidol
> 
<snip>

I'll give it a try....

A user may belong to more than one group, but one group is considered
that user's primary group (the one delineated in the fourth field
of /etc/passwd).  When that user creates a file, the file needs both a
user and group associated with the file.  The user is the user but the
group, by default, will be that user's primary group.

Now since a user may belong to more than one group and that user may
desire that a file they create belong to one of their "secondary" or
"auxiliary" groups, there are two ways to override the default behavior.

1) A file created in a directory where the SGID bit is set will assume
the group of the directory rather than the primary group of the user
creating the file....  And since I need write access to the directory in
order to create a file, there is an implication that I am a member of
the group associated with the directory....

2) The newgrp command will spawn a "sub-shell" where the primary group
of the user is switched from the one defined in /etc/passwd to the
groupname specified as an argument to "newgrp".  Thus files created by
processes spawned by this subshell will assume the "new group"....

Now, as to your problem of being able to specify the password when
utilizing the newgrp command, I must admit to only trying to newgrp
myself in to groups that I am a pre-defined member of and consequently
the password has been moot, so I cannot be of much help there, though,
perhaps your relatively unique testing has uncovered a "bug"....

HTH,

--Rob

More information about the fedora-list mailing list