Subject: Re: bin/11047: newgrp is missing
To: Greg A. Woods <>
From: Andrew Brown <>
List: tech-userlevel
Date: 04/26/2002 23:13:36
>> >yes, we don't have one, but what problem is that?  does it do
>> >something for anyone that they can't already do?
>> It adds a step that a user must do in order to do what he can do now.
>On systems with setgroups(2) the 'newgrp' command only changes the
>default group (and that inludes Solaris!).  So long as your system has
>setgroups(2), and your user-ID has membership to all the groups you need
>to do your job, and you don't mind leaving your default group as it is,
>then you don't ever have to type 'newgrp', whether or not the command

if one doesn't need it, then there's no need for it to exist.  it has
a vague usefulness under solaris, but only vague.  there are (at
least) two ways to get around without it.

>For those people who need a way to change their default group, 'newgrp'
>is necessary.  With a proper, secure, implementation of
>/etc/ and all the other sundry bits to manage keeping
>/etc/group et al in sync with it (vigrp too?), then it can even be
>possible to change your default group to one you're not listed in, which
>will effectively give additional group access to those with the
>appropriate authentication credentials (and for those which a password
>has been assigned, of course).

i think it would be vigr (ala getpwent() and getgrent() et al), but
that's neither here nor there.  if newgrp were used to *add* a
temporary group to a user's group list (presumably by means of a
subshell, ala su) then it *might* be useful, but one would have to
wonder why the user wasn't already *in* that group.

>BTW, adding /etc/ is a perfect time to introduce /etc/grp.db
>(and of course /etc/sgrp.db) to help out performance-wise on those
>systems where there are lots of users and every user has their own group
>by default....

that is...of ancillary benefit.  grp.db could already be generated
from /etc/group with very little effort.  the passwords for groups
(and the sgrp.db file) would only be needed *if* we needed passwords
on groups.  for which i still don't see a real need.  :)

|-----< "CODE WARRIOR" >-----|             * "ah!  i see you have the internet (Andrew Brown)                that goes *ping*!"       * "information is power -- share the wealth."