1NEWGRP(P) POSIX Programmer's Manual NEWGRP(P)
2
3
4
6 newgrp - change to a new group
7
9 newgrp [-l][group]
10
12 The newgrp utility shall create a new shell execution environment with
13 a new real and effective group identification. Of the attributes listed
14 in Shell Execution Environment , the new shell execution environment
15 shall retain the working directory, file creation mask, and exported
16 variables from the previous environment (that is, open files, traps,
17 unexported variables, alias definitions, shell functions, and set
18 options may be lost). All other aspects of the process environment that
19 are preserved by the exec family of functions defined in the System
20 Interfaces volume of IEEE Std 1003.1-2001 shall also be preserved by
21 newgrp; whether other aspects are preserved is unspecified.
22
23 A failure to assign the new group identifications (for example, for
24 security or password-related reasons) shall not prevent the new shell
25 execution environment from being created.
26
27 The newgrp utility shall affect the supplemental groups for the process
28 as follows:
29
30 * On systems where the effective group ID is normally in the supple‐
31 mentary group list (or whenever the old effective group ID actually
32 is in the supplementary group list):
33
34 * If the new effective group ID is also in the supplementary group
35 list, newgrp shall change the effective group ID.
36
37 * If the new effective group ID is not in the supplementary group
38 list, newgrp shall add the new effective group ID to the list, if
39 there is room to add it.
40
41 * On systems where the effective group ID is not normally in the sup‐
42 plementary group list (or whenever the old effective group ID is not
43 in the supplementary group list):
44
45 * If the new effective group ID is in the supplementary group list,
46 newgrp shall delete it.
47
48 * If the old effective group ID is not in the supplementary list,
49 newgrp shall add it if there is room.
50
51 Note: The System Interfaces volume of IEEE Std 1003.1-2001 does not
52 specify whether the effective group ID of a process is included
53 in its supplementary group list.
54
55
56 With no operands, newgrp shall change the effective group back to the
57 groups identified in the user's user entry, and shall set the list of
58 supplementary groups to that set in the user's group database entries.
59
60 If a password is required for the specified group, and the user is not
61 listed as a member of that group in the group database, the user shall
62 be prompted to enter the correct password for that group. If the user
63 is listed as a member of that group, no password shall be requested. If
64 no password is required for the specified group, it is implementation-
65 defined whether users not listed as members of that group can change to
66 that group. Whether or not a password is required, implementation-
67 defined system accounting or security mechanisms may impose additional
68 authorization restrictions that may cause newgrp to write a diagnostic
69 message and suppress the changing of the group identification.
70
72 The newgrp utility shall conform to the Base Definitions volume of
73 IEEE Std 1003.1-2001, Section 12.2, Utility Syntax Guidelines.
74
75 The following option shall be supported:
76
77 -l (The letter ell.) Change the environment to what would be
78 expected if the user actually logged in again.
79
80
82 The following operand shall be supported:
83
84 group A group name from the group database or a non-negative numeric
85 group ID. Specifies the group ID to which the real and effective
86 group IDs shall be set. If group is a non-negative numeric
87 string and exists in the group database as a group name (see
88 getgrnam()), the numeric group ID associated with that group
89 name shall be used as the group ID.
90
91
93 Not used.
94
96 The file /dev/tty shall be used to read a single line of text for pass‐
97 word checking, when one is required.
98
100 The following environment variables shall affect the execution of new‐
101 grp:
102
103 LANG Provide a default value for the internationalization variables
104 that are unset or null. (See the Base Definitions volume of
105 IEEE Std 1003.1-2001, Section 8.2, Internationalization Vari‐
106 ables for the precedence of internationalization variables used
107 to determine the values of locale categories.)
108
109 LC_ALL If set to a non-empty string value, override the values of all
110 the other internationalization variables.
111
112 LC_CTYPE
113 Determine the locale for the interpretation of sequences of
114 bytes of text data as characters (for example, single-byte as
115 opposed to multi-byte characters in arguments).
116
117 LC_MESSAGES
118 Determine the locale that should be used to affect the format
119 and contents of diagnostic messages written to standard error.
120
121 NLSPATH
122 Determine the location of message catalogs for the processing of
123 LC_MESSAGES .
124
125
127 Default.
128
130 Not used.
131
133 The standard error shall be used for diagnostic messages and a prompt
134 string for a password, if one is required. Diagnostic messages may be
135 written in cases where the exit status is not available. See the EXIT
136 STATUS section.
137
139 None.
140
142 None.
143
145 If newgrp succeeds in creating a new shell execution environment,
146 whether or not the group identification was changed successfully, the
147 exit status shall be the exit status of the shell. Otherwise, the fol‐
148 lowing exit value shall be returned:
149
150 >0 An error occurred.
151
152
154 The invoking shell may terminate.
155
156 The following sections are informative.
157
159 There is no convenient way to enter a password into the group database.
160 Use of group passwords is not encouraged, because by their very nature
161 they encourage poor security practices. Group passwords may disappear
162 in the future.
163
164 A common implementation of newgrp is that the current shell uses exec
165 to overlay itself with newgrp, which in turn overlays itself with a new
166 shell after changing group. On some implementations, however, this may
167 not occur and newgrp may be invoked as a subprocess.
168
169 The newgrp command is intended only for use from an interactive termi‐
170 nal. It does not offer a useful interface for the support of applica‐
171 tions.
172
173 The exit status of newgrp is generally inapplicable. If newgrp is used
174 in a script, in most cases it successfully invokes a new shell and the
175 rest of the original shell script is bypassed when the new shell exits.
176 Used interactively, newgrp displays diagnostic messages to indicate
177 problems. But usage such as:
178
179
180 newgrp foo
181 echo $?
182
183 is not useful because the new shell might not have access to any status
184 newgrp may have generated (and most historical systems do not provide
185 this status). A zero status echoed here does not necessarily indicate
186 that the user has changed to the new group successfully. Following new‐
187 grp with the id command provides a portable means of determining
188 whether the group change was successful or not.
189
191 None.
192
194 Most historical implementations use one of the exec functions to imple‐
195 ment the behavior of newgrp. Errors detected before the exec leave the
196 environment unchanged, while errors detected after the exec leave the
197 user in a changed environment. While it would be useful to have newgrp
198 issue a diagnostic message to tell the user that the environment
199 changed, it would be inappropriate to require this change to some his‐
200 torical implementations.
201
202 The password mechanism is allowed in the group database, but how this
203 would be implemented is not specified.
204
205 The newgrp utility was retained in this volume of IEEE Std 1003.1-2001,
206 even given the existence of the multiple group permissions feature in
207 the System Interfaces volume of IEEE Std 1003.1-2001, for several rea‐
208 sons. First, in some implementations, the group ownership of a newly
209 created file is determined by the group of the directory in which the
210 file is created, as allowed by the System Interfaces volume of
211 IEEE Std 1003.1-2001; on other implementations, the group ownership of
212 a newly created file is determined by the effective group ID. On imple‐
213 mentations of the latter type, newgrp allows files to be created with a
214 specific group ownership. Finally, many implementations use the real
215 group ID in accounting, and on such systems, newgrp allows the account‐
216 ing identity of the user to be changed.
217
219 None.
220
222 Shell Command Language , sh , the System Interfaces volume of
223 IEEE Std 1003.1-2001, exec, getgrnam()
224
226 Portions of this text are reprinted and reproduced in electronic form
227 from IEEE Std 1003.1, 2003 Edition, Standard for Information Technology
228 -- Portable Operating System Interface (POSIX), The Open Group Base
229 Specifications Issue 6, Copyright (C) 2001-2003 by the Institute of
230 Electrical and Electronics Engineers, Inc and The Open Group. In the
231 event of any discrepancy between this version and the original IEEE and
232 The Open Group Standard, the original IEEE and The Open Group Standard
233 is the referee document. The original Standard can be obtained online
234 at http://www.opengroup.org/unix/online.html .
235
236
237
238IEEE/The Open Group 2003 NEWGRP(P)