1NEWGRP(1P) POSIX Programmer's Manual NEWGRP(1P)
2
6 This manual page is part of the POSIX Programmer's Manual. The Linux
7 implementation of this interface may differ (consult the corresponding
8 Linux manual page for details of Linux behavior), or the interface may
9 not be implemented on Linux.
10
12 newgrp — change to a new group
13
15 newgrp [-l] [group]
16
18 The newgrp utility shall create a new shell execution environment with
19 a new real and effective group identification. Of the attributes listed
20 in Section 2.12, Shell Execution Environment, the new shell execution
21 environment shall retain the working directory, file creation mask, and
22 exported variables from the previous environment (that is, open files,
23 traps, unexported variables, alias definitions, shell functions, and
24 set options may be lost). All other aspects of the process environment
25 that are preserved by the exec family of functions defined in the Sys‐
26 tem Interfaces volume of POSIX.1‐2017 shall also be preserved by new‐
27 grp; whether other aspects are preserved is unspecified.
28 A failure to assign the new group identifications (for example, for
30 security or password-related reasons) shall not prevent the new shell
31 execution environment from being created.
32 The newgrp utility shall affect the supplemental groups for the process
34 as follows:
35 * On systems where the effective group ID is normally in the supple‐
37 mentary group list (or whenever the old effective group ID actually
38 is in the supplementary group list):
39 -- If the new effective group ID is also in the supplementary
41 group list, newgrp shall change the effective group ID.
42 -- If the new effective group ID is not in the supplementary group
44 list, newgrp shall add the new effective group ID to the list,
45 if there is room to add it.
46 * On systems where the effective group ID is not normally in the sup‐
48 plementary group list (or whenever the old effective group ID is
49 not in the supplementary group list):
50 -- If the new effective group ID is in the supplementary group
52 list, newgrp shall delete it.
53 -- If the old effective group ID is not in the supplementary list,
55 newgrp shall add it if there is room.
56 Note: The System Interfaces volume of POSIX.1‐2017 does not specify
58 whether the effective group ID of a process is included in
59 its supplementary group list.
60 With no operands, newgrp shall change the effective group back to the
62 groups identified in the user's user entry, and shall set the list of
63 supplementary groups to that set in the user's group database entries.
64 If the first argument is '-', the results are unspecified.
66 If a password is required for the specified group, and the user is not
68 listed as a member of that group in the group database, the user shall
69 be prompted to enter the correct password for that group. If the user
70 is listed as a member of that group, no password shall be requested.
71 If no password is required for the specified group, it is implementa‐
72 tion-defined whether users not listed as members of that group can
73 change to that group. Whether or not a password is required, implemen‐
74 tation-defined system accounting or security mechanisms may impose
75 additional authorization restrictions that may cause newgrp to write a
76 diagnostic message and suppress the changing of the group identifica‐
77 tion.
78
80 The newgrp utility shall conform to the Base Definitions volume of
81 POSIX.1‐2017, Section 12.2, Utility Syntax Guidelines, except for the
82 unspecified usage of '-'.
83 The following option shall be supported:
85 -l (The letter ell.) Change the environment to what would be
87 expected if the user actually logged in again.
88
90 The following operand shall be supported:
91 group A group name from the group database or a non-negative
93 numeric group ID. Specifies the group ID to which the real
94 and effective group IDs shall be set. If group is a non-nega‐
95 tive numeric string and exists in the group database as a
96 group name (see getgrnam()), the numeric group ID associated
97 with that group name shall be used as the group ID.
98
100 Not used.
101
103 The file /dev/tty shall be used to read a single line of text for pass‐
104 word checking, when one is required.
105
107 The following environment variables shall affect the execution of new‐
108 grp:
109 LANG Provide a default value for the internationalization vari‐
111 ables that are unset or null. (See the Base Definitions vol‐
112 ume of POSIX.1‐2017, Section 8.2, Internationalization Vari‐
113 ables for the precedence of internationalization variables
114 used to determine the values of locale categories.)
115 LC_ALL If set to a non-empty string value, override the values of
117 all the other internationalization variables.
118 LC_CTYPE Determine the locale for the interpretation of sequences of
120 bytes of text data as characters (for example, single-byte as
121 opposed to multi-byte characters in arguments).
122 LC_MESSAGES
124 Determine the locale that should be used to affect the format
125 and contents of diagnostic messages written to standard
126 error.
127 NLSPATH Determine the location of message catalogs for the processing
129 of LC_MESSAGES.
130
132 Default.
133
135 Not used.
136
138 The standard error shall be used for diagnostic messages and a prompt
139 string for a password, if one is required. Diagnostic messages may be
140 written in cases where the exit status is not available. See the EXIT
141 STATUS section.
142
144 None.
145
147 None.
148
150 If newgrp succeeds in creating a new shell execution environment,
151 whether or not the group identification was changed successfully, the
152 exit status shall be the exit status of the shell. Otherwise, the fol‐
153 lowing exit value shall be returned:
154 >0 An error occurred.
156
158 The invoking shell may terminate.
159 The following sections are informative.
161
163 There is no convenient way to enter a password into the group database.
164 Use of group passwords is not encouraged, because by their very nature
165 they encourage poor security practices. Group passwords may disappear
166 in the future.
167 A common implementation of newgrp is that the current shell uses exec
169 to overlay itself with newgrp, which in turn overlays itself with a new
170 shell after changing group. On some implementations, however, this may
171 not occur and newgrp may be invoked as a subprocess.
172 The newgrp command is intended only for use from an interactive termi‐
174 nal. It does not offer a useful interface for the support of applica‐
175 tions.
176 The exit status of newgrp is generally inapplicable. If newgrp is used
178 in a script, in most cases it successfully invokes a new shell and the
179 rest of the original shell script is bypassed when the new shell exits.
180 Used interactively, newgrp displays diagnostic messages to indicate
181 problems. But usage such as:
182 newgrp foo
185 echo $?
186 is not useful because the new shell might not have access to any status
188 newgrp may have generated (and most historical systems do not provide
189 this status). A zero status echoed here does not necessarily indicate
190 that the user has changed to the new group successfully. Following new‐
191 grp with the id command provides a portable means of determining
192 whether the group change was successful or not.
193
195 None.
196
198 Most historical implementations use one of the exec functions to imple‐
199 ment the behavior of newgrp. Errors detected before the exec leave the
200 environment unchanged, while errors detected after the exec leave the
201 user in a changed environment. While it would be useful to have newgrp
202 issue a diagnostic message to tell the user that the environment
203 changed, it would be inappropriate to require this change to some his‐
204 torical implementations.
205 The password mechanism is allowed in the group database, but how this
207 would be implemented is not specified.
208 The newgrp utility was retained in this volume of POSIX.1‐2017, even
210 given the existence of the multiple group permissions feature in the
211 System Interfaces volume of POSIX.1‐2017, for several reasons. First,
212 in some implementations, the group ownership of a newly created file is
213 determined by the group of the directory in which the file is created,
214 as allowed by the System Interfaces volume of POSIX.1‐2017; on other
215 implementations, the group ownership of a newly created file is deter‐
216 mined by the effective group ID. On implementations of the latter type,
217 newgrp allows files to be created with a specific group ownership.
218 Finally, many implementations use the real group ID in accounting, and
219 on such systems, newgrp allows the accounting identity of the user to
220 be changed.
221
223 None.
224
226 Chapter 2, Shell Command Language, sh
227 The Base Definitions volume of POSIX.1‐2017, Chapter 8, Environment
229 Variables, Section 12.2, Utility Syntax Guidelines
230 The System Interfaces volume of POSIX.1‐2017, exec, getgrnam()
232
234 Portions of this text are reprinted and reproduced in electronic form
235 from IEEE Std 1003.1-2017, Standard for Information Technology -- Por‐
236 table Operating System Interface (POSIX), The Open Group Base Specifi‐
237 cations Issue 7, 2018 Edition, Copyright (C) 2018 by the Institute of
238 Electrical and Electronics Engineers, Inc and The Open Group. In the
239 event of any discrepancy between this version and the original IEEE and
240 The Open Group Standard, the original IEEE and The Open Group Standard
241 is the referee document. The original Standard can be obtained online
242 at http://www.opengroup.org/unix/online.html .
243 Any typographical or formatting errors that appear in this page are
245 most likely to have been introduced during the conversion of the source
246 files to man page format. To report such errors, see https://www.ker‐
247 nel.org/doc/man-pages/reporting_bugs.html .
248IEEE/The Open Group 2017 NEWGRP(1P)