newgrp(1p) — Linux manual page

PROLOG | NAME | SYNOPSIS | DESCRIPTION | OPTIONS | OPERANDS | STDIN | INPUT FILES | ENVIRONMENT VARIABLES | ASYNCHRONOUS EVENTS | STDOUT | STDERR | OUTPUT FILES | EXTENDED DESCRIPTION | EXIT STATUS | CONSEQUENCES OF ERRORS | APPLICATION USAGE | EXAMPLES | RATIONALE | FUTURE DIRECTIONS | SEE ALSO | COPYRIGHT

NEWGRP(1P)              POSIX Programmer's Manual             NEWGRP(1P)

PROLOG         top

       This manual page is part of the POSIX Programmer's Manual.  The
       Linux implementation of this interface may differ (consult the
       corresponding Linux manual page for details of Linux behavior),
       or the interface may not be implemented on Linux.

NAME         top

       newgrp — change to a new group

SYNOPSIS         top

       newgrp [-l] [group]

DESCRIPTION         top

       The newgrp utility shall create a new shell execution environment
       with a new real and effective group identification. Of the
       attributes listed in Section 2.12, Shell Execution Environment,
       the new shell execution environment shall retain the working
       directory, file creation mask, and exported variables from the
       previous environment (that is, open files, traps, unexported
       variables, alias definitions, shell functions, and set options
       may be lost). All other aspects of the process environment that
       are preserved by the exec family of functions defined in the
       System Interfaces volume of POSIX.1‐2017 shall also be preserved
       by newgrp; whether other aspects are preserved is unspecified.

       A failure to assign the new group identifications (for example,
       for security or password-related reasons) shall not prevent the
       new shell execution environment from being created.

       The newgrp utility shall affect the supplemental groups for the
       process as follows:

        *  On systems where the effective group ID is normally in the
           supplementary group list (or whenever the old effective group
           ID actually is in the supplementary group list):

           --  If the new effective group ID is also in the
               supplementary group list, newgrp shall change the
               effective group ID.

           --  If the new effective group ID is not in the supplementary
               group list, newgrp shall add the new effective group ID
               to the list, if there is room to add it.

        *  On systems where the effective group ID is not normally in
           the supplementary group list (or whenever the old effective
           group ID is not in the supplementary group list):

           --  If the new effective group ID is in the supplementary
               group list, newgrp shall delete it.

           --  If the old effective group ID is not in the supplementary
               list, newgrp shall add it if there is room.

       Note:
           The System Interfaces volume of POSIX.1‐2017 does not specify
           whether the effective group ID of a process is included in
           its supplementary group list.

       With no operands, newgrp shall change the effective group back to
       the groups identified in the user's user entry, and shall set the
       list of supplementary groups to that set in the user's group
       database entries.

       If the first argument is '-', the results are unspecified.

       If a password is required for the specified group, and the user
       is not listed as a member of that group in the group database,
       the user shall be prompted to enter the correct password for that
       group. If the user is listed as a member of that group, no
       password shall be requested.  If no password is required for the
       specified group, it is implementation-defined whether users not
       listed as members of that group can change to that group. Whether
       or not a password is required, implementation-defined system
       accounting or security mechanisms may impose additional
       authorization restrictions that may cause newgrp to write a
       diagnostic message and suppress the changing of the group
       identification.

OPTIONS         top

       The newgrp utility shall conform to the Base Definitions volume
       of POSIX.1‐2017, Section 12.2, Utility Syntax Guidelines, except
       for the unspecified usage of '-'.

       The following option shall be supported:

       -l        (The letter ell.) Change the environment to what would
                 be expected if the user actually logged in again.

OPERANDS         top

       The following operand shall be supported:

       group     A group name from the group database or a non-negative
                 numeric group ID. Specifies the group ID to which the
                 real and effective group IDs shall be set. If group is
                 a non-negative numeric string and exists in the group
                 database as a group name (see getgrnam()), the numeric
                 group ID associated with that group name shall be used
                 as the group ID.

STDIN         top

       Not used.

INPUT FILES         top

       The file /dev/tty shall be used to read a single line of text for
       password checking, when one is required.

ENVIRONMENT VARIABLES         top

       The following environment variables shall affect the execution of
       newgrp:

       LANG      Provide a default value for the internationalization
                 variables that are unset or null. (See the Base
                 Definitions volume of POSIX.1‐2017, Section 8.2,
                 Internationalization Variables for the precedence of
                 internationalization variables used to determine the
                 values of locale categories.)

       LC_ALL    If set to a non-empty string value, override the values
                 of all the other internationalization variables.

       LC_CTYPE  Determine the locale for the interpretation of
                 sequences of bytes of text data as characters (for
                 example, single-byte as opposed to multi-byte
                 characters in arguments).

       LC_MESSAGES
                 Determine the locale that should be used to affect the
                 format and contents of diagnostic messages written to
                 standard error.

       NLSPATH   Determine the location of message catalogs for the
                 processing of LC_MESSAGES.

ASYNCHRONOUS EVENTS         top

       Default.

STDOUT         top

       Not used.

STDERR         top

       The standard error shall be used for diagnostic messages and a
       prompt string for a password, if one is required. Diagnostic
       messages may be written in cases where the exit status is not
       available. See the EXIT STATUS section.

OUTPUT FILES         top

       None.

EXTENDED DESCRIPTION         top

       None.

EXIT STATUS         top

       If newgrp succeeds in creating a new shell execution environment,
       whether or not the group identification was changed successfully,
       the exit status shall be the exit status of the shell. Otherwise,
       the following exit value shall be returned:

       >0    An error occurred.

CONSEQUENCES OF ERRORS         top

       The invoking shell may terminate.

       The following sections are informative.

APPLICATION USAGE         top

       There is no convenient way to enter a password into the group
       database. Use of group passwords is not encouraged, because by
       their very nature they encourage poor security practices. Group
       passwords may disappear in the future.

       A common implementation of newgrp is that the current shell uses
       exec to overlay itself with newgrp, which in turn overlays itself
       with a new shell after changing group.  On some implementations,
       however, this may not occur and newgrp may be invoked as a
       subprocess.

       The newgrp command is intended only for use from an interactive
       terminal. It does not offer a useful interface for the support of
       applications.

       The exit status of newgrp is generally inapplicable. If newgrp is
       used in a script, in most cases it successfully invokes a new
       shell and the rest of the original shell script is bypassed when
       the new shell exits. Used interactively, newgrp displays
       diagnostic messages to indicate problems. But usage such as:

           newgrp foo
           echo $?

       is not useful because the new shell might not have access to any
       status newgrp may have generated (and most historical systems do
       not provide this status). A zero status echoed here does not
       necessarily indicate that the user has changed to the new group
       successfully. Following newgrp with the id command provides a
       portable means of determining whether the group change was
       successful or not.

EXAMPLES         top

       None.

RATIONALE         top

       Most historical implementations use one of the exec functions to
       implement the behavior of newgrp.  Errors detected before the
       exec leave the environment unchanged, while errors detected after
       the exec leave the user in a changed environment. While it would
       be useful to have newgrp issue a diagnostic message to tell the
       user that the environment changed, it would be inappropriate to
       require this change to some historical implementations.

       The password mechanism is allowed in the group database, but how
       this would be implemented is not specified.

       The newgrp utility was retained in this volume of POSIX.1‐2017,
       even given the existence of the multiple group permissions
       feature in the System Interfaces volume of POSIX.1‐2017, for
       several reasons. First, in some implementations, the group
       ownership of a newly created file is determined by the group of
       the directory in which the file is created, as allowed by the
       System Interfaces volume of POSIX.1‐2017; on other
       implementations, the group ownership of a newly created file is
       determined by the effective group ID. On implementations of the
       latter type, newgrp allows files to be created with a specific
       group ownership. Finally, many implementations use the real group
       ID in accounting, and on such systems, newgrp allows the
       accounting identity of the user to be changed.

FUTURE DIRECTIONS         top

       None.

SEE ALSO         top

       Chapter 2, Shell Command Language, sh(1p)

       The Base Definitions volume of POSIX.1‐2017, Chapter 8,
       Environment Variables, Section 12.2, Utility Syntax Guidelines

       The System Interfaces volume of POSIX.1‐2017, exec(1p),
       getgrnam(3p)

COPYRIGHT         top

       Portions of this text are reprinted and reproduced in electronic
       form from IEEE Std 1003.1-2017, Standard for Information
       Technology -- Portable Operating System Interface (POSIX), The
       Open Group Base Specifications Issue 7, 2018 Edition, Copyright
       (C) 2018 by the Institute of Electrical and Electronics
       Engineers, Inc and The Open Group.  In the event of any
       discrepancy between this version and the original IEEE and The
       Open Group Standard, the original IEEE and The Open Group
       Standard is the referee document. The original Standard can be
       obtained online at http://www.opengroup.org/unix/online.html .

       Any typographical or formatting errors that appear in this page
       are most likely to have been introduced during the conversion of
       the source files to man page format. To report such errors, see
       https://www.kernel.org/doc/man-pages/reporting_bugs.html .

IEEE/The Open Group               2017                        NEWGRP(1P)