Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Changing the Effective Group ID
Top Forums UNIX for Dummies Questions & Answers Changing the Effective Group ID Post 32759 by Perderabo on Thursday 5th of December 2002 02:53:05 PM
Old 12-05-2002
The id command displays your id, it doesn't alter it. The newgroup command changes your group id, not the effective group id.

If you really want to change the effective gid (which does not really make any sense), try the following commands. You will need to use a valid group on your system and maybe a different shell than ksh...

cp /usr/bin/ksh /tmp
chgrp nuucp /tmp/ksh
chmod 2555 /tmp/ksh # this may require root to work
/tmp/ksh
id

You should see "egid=nuucp(11)" or something like that depending on what group you used.

The su command is owned by root and has permissions of 4555 which makes it suid to root. So you can run it as an ordinary user but it can take actions that require root power. While the su command is running, the uid is your account and euid is root. The egid is similiar. You probably have some sgid programs and "find /usr/bin -perm -2000 -perm" will find them.

Originally a process could have only one group at a time. And you used newgroup to change your group. BSD introduced multiple groups, so now a process can be in many groups. After that the newgroup command wasn't used anymore. HP-UX supports both schemes. But most HP-UX users go with the multiple group at once scheme.
 

10 More Discussions You Might Find Interesting

1. Cybersecurity

Changing effective user

I would like to give execution rights for a script to one user. (that's the easy part...) When that user is running the script, I would like the effective user ID to be that of the file-owner. Is this possible? (6 Replies)
Discussion started by: hilmel
6 Replies

2. UNIX for Advanced & Expert Users

File group ownership changing automatically

Hi everyone, Need help with an issue. The group ownership of files on my Solaris system is getting changed automatically. Could someone tell me the reason why? And how could I correct it? One more info- everytime the ownership changes, it changes to "x". Thanks :confused: (1 Reply)
Discussion started by: top_gun
1 Replies

3. Filesystems, Disks and Memory

changing group ID

My current GID are all < 100, however I am having issues now with this. Does anyone know of a way to change all GID's to perhaps add 100, IE so GID now = 23 will = 123. I am running an NIS network so changing the table is easy , however finding all the files on all my filesystems and modifying... (4 Replies)
Discussion started by: frankkahle
4 Replies

4. Shell Programming and Scripting

Changing userID and Changing group and GID

Hello, I want to write a ksh script about changing UID and changing group with GID. There are multiple servers i want to perform that job. linux1 linux2 linux3 linux4 linux5 ...... . . . . . 1.) How can i enter "password" in script rather asking me? I was trying this... ssh... (2 Replies)
Discussion started by: deal732
2 Replies

5. Solaris

Changing root group to group from other

Does any one know if changing root's group from “other” to “root” will cause any problems on a running system. Thanks (4 Replies)
Discussion started by: mjkroner
4 Replies

6. UNIX for Dummies Questions & Answers

regarding changing ownership and group

i am able to change the mode using chmod and able to change permission. but i am not able to change group and ownership. getting as invalid can any one help me regarding this . (4 Replies)
Discussion started by: satheeshkr_cse
4 Replies

7. UNIX for Dummies Questions & Answers

Changing rights without touching user and group?

Hello, I have a small problem and would be happy if someone could help me to find a solution: A machine ("server") makes backups of different computers ("clients") using rsync. Users and groups are keept, so that it's possible to copy them back to the client if required. The number of groups... (3 Replies)
Discussion started by: tracer
3 Replies

8. Shell Programming and Scripting

perl :Changing script to only find the group

Hi scripting guru's I found this script on IBM's website and it seems to be really good only thing it gives off more info than i need. I was wondering if someone could help me modify it to only find a group instead of every user. (group is support) I believe i know how to add the line so it... (2 Replies)
Discussion started by: vpundit
2 Replies

9. Red Hat

Can't chgrp. Error - chgrp: changing group of `<file>': Invalid argument

I found that I cannot chgrp for some reason with error: chgrp: changing group of `<file>': Invalid argument This happens on all NFS mounted disks on client machines. We use AD (not my call) for authentication and it also provides groups. We have a NFS server running Scientific Linux 6.3... (1 Reply)
Discussion started by: venmx
1 Replies

10. UNIX for Advanced & Expert Users

Can adding to a new group be effective in current login environment without re-login?

Hey folks, When a user is added to a new group, the user has to be log out and log in again to make the new group effective. Is there any system command or technique to refresh user group ID update without re-login? I am not talking about to use "login" or "su -l" commands which can only make... (2 Replies)
Discussion started by: hce
2 Replies

LEARN ABOUT DEBIAN

getfacl

getfacl(1)                                                         User Commands                                                        getfacl(1)

NAME

       getfacl - display discretionary file information

SYNOPSIS

       getfacl [-ad] file...

DESCRIPTION

       For  each  argument  that is a regular file, special file, or named pipe, the getfacl utility displays the owner, the group, and the Access
       Control List (ACL).  For each directory argument, getfacl displays the owner, the group, and the ACL and/or the default ACL. Only  directo-
       ries contain default ACLs.

       The getfacl utility may be executed on a file system that does not support ACLs. It reports the ACL based on the base permission bits.

       With no options specified, getfacl displays the filename, the file owner, the file group owner, and both the ACL and the default ACL, if it
       exists.

OPTIONS

       The following options are supported:

       -a       Displays the filename, the file owner, the file group owner, and the ACL of the file.

       -d       Displays the filename, the file owner, the file group owner, and the default ACL of the file, if it exists.

OPERANDS

       The following operands are supported:

       file     The path name of a regular file, special file, or named pipe.

OUTPUT

       The format for ACL output is as follows:

       # file: filename
       # owner: uid
       # group: gid
       user::perm
       user:uid:perm
       group::perm
       group:gid:perm
       mask:perm
       other:perm
       default:user::perm
       default:user:uid:perm
       default:group::perm
       default:group:gid:perm
       default:mask:perm
       default:other:perm

       When multiple files are specified on the command line, a blank line separates the ACLs for each file.

       The ACL entries are displayed in the order in which they are evaluated when an access check is performed. The default ACL entries that  may
       exist on a directory have no effect on access checks.

       The  first three lines display the filename, the file owner, and the file group owner. Notice that when only the -d option is specified and
       the file has no default ACL, only these three lines are displayed.

       The user entry without a user ID indicates the permissions that  are granted to the file owner. One or more additional user  entries  indi-
       cate the permissions that are granted to the specified users.

       The  group  entry  without  a  group  ID  indicates the permissions that  are granted to the file group owner. One or more additional group
       entries indicate the permissions that  are granted to the specified groups.

       The mask entry indicates the ACL mask permissions. These are the maximum permissions allowed to any user entries except the file owner, and
       to any group entries, including the file group owner. These permissions restrict the permissions specified in other entries.

       The other entry indicates the permissions that are granted to others.

       The  default entries may exist only for directories. These entries indicate the default entries that are added to a file created within the
       directory.

       The uid is a login name or a user ID if there is no entry for the uid in the system password file, /etc/passwd. The gid is a group name  or
       a group ID if there is no entry for the gid in the system group file, /etc/group. The perm is a three character string composed of the let-
       ters representing the separate discretionary access rights: r (read), w (write), x (execute/search), or the place holder character  -.  The
       perm is displayed in the following order: rwx. If a permission is not granted by an ACL entry, the place holder character appears.

       If   you  use the chmod(1) command to change the file group owner permissions on a file with ACL entries, both the file group owner permis-
       sions and the ACL mask are changed to the new permissions. Be aware that the new ACL mask permissions may change the effective  permissions
       for additional users and groups who have ACL entries on the file.

       In  order  to  indicate  that  the  ACL mask  restricts an ACL entry, getfacl displays an additional tab character, pound sign (#), and the
       actual permissions granted, following the entry.

EXAMPLES

       Example 1: Displaying file information

       Given file foo, with an ACL six entries long, the command

       host% getfacl foo

       would print:

       # file: foo
       # owner: shea
       # group: staff
       user::rwx
       user:spy:---
       user:mookie:r--
       group::r--
       mask::rw-
       other::---

       Example 2: Displaying information after chmod command

       Continue with the above example, after chmod 700 foo was issued:

       host% getfacl foo

       would print:

       # file: foo
       # owner: shea
       # group: staff
       user::rwx
       user:spy:---
       user:mookie:r--     #effective:---
       group::---
       mask::---
       other::---

       Example 3: Displaying information when ACL contains default entries

       Given directory doo, with an ACL containing default entries, the command

       host% getfacl -d doo

       would print:

       # file: doo
       # owner: shea
       # group: staff
       default:user::rwx
       default:user:spy:---
       default:user:mookie:r--
       default:group::r--
       default:mask::---
       default:other::---

FILES

       /etc/passwd     system password file

       /etc/group      group file

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE         |      ATTRIBUTE VALUE        |
       +-----------------------------+-----------------------------+
       |Availability                 |SUNWcsu                      |
       +-----------------------------+-----------------------------+
       |Interface Stability          |Evolving                     |
       +-----------------------------+-----------------------------+

SEE ALSO

       chmod(1), ls(1), setfacl(1), acl(2), aclsort(3SEC), group(4), passwd(4), attributes(5)

NOTES

       The output from getfacl is in the correct format for input to the setfacl -f command. If the output from getfacl is redirected to  a  file,
       the file may be used as input to setfacl. In this way, a user may easily assign one file's ACL to another file.

SunOS 5.10                                                          5 Nov 1994                                                          getfacl(1)
All times are GMT -4. The time now is 08:07 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy