Previous Table of Contents Next


Module 92
newgrp (SV)

DESCRIPTION

The internal newgrp command lets you change to a new group. Groups allow users belonging to the same group to access directories and files based on group permissions. To change groups you must be listed in the /etc/group file as a user in the desired group. When you execute newgrp, your shell always execs a new shell for you; thus your environment is always reset.


BSD (Berkeley)
The approach to group access and group membership under BSD systems is different from that of System V. If you are listed in multiple groups in the /etc/group file, you are a member of each group at all times. Thus there is no need for a newgrp command.


NOTE:  
Some vendors provide the newgrp and support the BSD idea of groups. The system administrator can configure the system to be SV like or BSD like.



COMMAND FORMAT

Following is the general format of the newgrp command.

     newgrp [ - ] [ group ]

Options

The following option may be used to control how newgrp functions.

- The environment is changed to reflect an initial login environment for your user name with the new group identification. Has the same effect as logging in to the system but with a new group ID.

Arguments

The following argument may be passed to the newgrp command.

group Changes your group ID to the ID of the group you specified.
If no argument is given, your group ID is changed to the group specified in /etc/passwd for your user name. It has the same basic effect as logging out and logging back in with your normal group ID.

FURTHER DISCUSSION

If the requested group exists and you are allowed access to it, your group ID will be changed. If you are not allowed access to the requested group or the group does not exist, your environment is reset to the exported environment before the newgrp was performed.

The current environment (all exported variables) is passed to the new shell when newgrp is executed. Variables that have not been exported are lost. System variables are reset to default values if they were not exported. The export command is described in Module 47.

To know which variables have been exported use the env or printenv command. The env command is described in Module 41, the printenv command is described in Module 107. The set command will list all variables that have been set. It lists both exported and nonexported variables.

If you need to be a member of a group other than the one you are in, contact your system administrator. The administrator can add your logname to the /etc/group file for the new group.

If the group has a password and you are not listed in the /etc/group file as a group member, you will be requested to enter the group password. If you enter the correct password, a new shell will be execed and your new shell will assume the new group ID. The following section describes problems with group passwords.

DIAGNOSTICS AND BUGS

Because group passwords promote poor security practices and there is no good way to implement them, it is advisable not to use them.

You may receive the following responses from newgrp depending on the circumstances described:

unknown group The group you requested does not exist in the /etc/group file.
Sorry You are NOT allowed access to that group. This means your user name is not listed as a member of the group in the /etc/group file.

RELATED COMMANDS

Refer to the login command described in Module 77 and the ksh command described in Module 71.

RELATED FILES

The following list describes the files that newgrp uses.

/etc/passwd The system's passwd file, used to reset your group ID back to your default login group ID.
/etc/group The system's group file, used to locate valid groups and access permissions for your new group requests.

APPLICATION

Newgrp is useful in switching between groups to keep programming projects and other business groups separate. A manager may be in multiple groups while each of the manager's employees is only in one group. This allows the manager to access the employee's files even though they belong to different groups.

TYPICAL OPERATION


NOTE:  
System V provides an environment for being in one group at a time, whereas Berkeley allows you to be in multiple groups simultaneously. Therefore, Berkeley does not provide a newgrp command since there is no need for one.



1.  Type ps and press Return to display the process ID (PID) of your current shell. Remember this number so you can compare it to your new shell after you execute newgrp.
2.  Type newgrp dvlp and press Return. After a few seconds delay you will see your prompt reappear. You will need to locate a valid group you can change groups to using newgrp. You might ask your system administrator to add you to a new group if you have a good reason. Some sites only implement one user group.
     cj> newgrp dvlp
     cj>

You should now be able to access files and directories set with group permissions that you may not have previously been able to access.
3.  Type ps and press Return to display your new shell's process ID. Notice the process IDs are different. This is because a new process was started for your new shell.
4.  Type newgrp xxx and press Return. If you request a group that does not exist in the /etc/group file, you receive the following message and remain in your current group, although you will be in a new shell and possibly a reset environment.
     cj> newgrp xxx
     newgrp: Unknown group
5.  Type newgrp root and press Return. If you request a group that you are not allowed to be a member of, you receive the following message and remain in your current group.
     cj> newgrp root
     newgrp: Sorry
6.  Turn to Module 100 to continue the learning sequence.


Previous Table of Contents Next