NAME
newgrp - change to a new group
SYNOPSIS
newgrp [-l][group]
DESCRIPTION
The newgrp utility shall create a new shell execution environment with
a new real and effective group identification. Of the attributes listed
in Shell Execution Environment , the new shell execution environment
shall retain the working directory, file creation mask, and exported
variables from the previous environment (that is, open files, traps,
unexported variables, alias definitions, shell functions, and set
options may be lost). All other aspects of the process environment that
are preserved by the exec family of functions defined in the System
Interfaces volume of IEEE Std 1003.1-2001 shall also be preserved by
newgrp; whether other aspects are preserved is unspecified.
A failure to assign the new group identifications (for example, for
security or password-related reasons) shall not prevent the new shell
execution environment from being created.
The newgrp utility shall affect the supplemental groups for the process
as follows:
* On systems where the effective group ID is normally in the
supplementary group list (or whenever the old effective group ID
actually is in the supplementary group list):
* If the new effective group ID is also in the supplementary group
list, newgrp shall change the effective group ID.
* If the new effective group ID is not in the supplementary group
list, newgrp shall add the new effective group ID to the list, if
there is room to add it.
* On systems where the effective group ID is not normally in the
supplementary group list (or whenever the old effective group ID is
not in the supplementary group list):
* If the new effective group ID is in the supplementary group list,
newgrp shall delete it.
* If the old effective group ID is not in the supplementary list,
newgrp shall add it if there is room.
Note: The System Interfaces volume of IEEE Std 1003.1-2001 does not
specify whether the effective group ID of a process is included
in its supplementary group list.
With no operands, newgrp shall change the effective group back to the
groups identified in the user’s user entry, and shall set the list of
supplementary groups to that set in the user’s group database entries.
If a password is required for the specified group, and the user is not
listed as a member of that group in the group database, the user shall
be prompted to enter the correct password for that group. If the user
is listed as a member of that group, no password shall be requested. If
no password is required for the specified group, it is implementation-
defined whether users not listed as members of that group can change to
that group. Whether or not a password is required, implementation-
defined system accounting or security mechanisms may impose additional
authorization restrictions that may cause newgrp to write a diagnostic
message and suppress the changing of the group identification.
OPTIONS
The newgrp utility shall conform to the Base Definitions volume of
IEEE Std 1003.1-2001, Section 12.2, Utility Syntax Guidelines.
The following option shall be supported:
-l (The letter ell.) Change the environment to what would be
expected if the user actually logged in again.
OPERANDS
The following operand shall be supported:
group A group name from the group database or a non-negative numeric
group ID. Specifies the group ID to which the real and effective
group IDs shall be set. If group is a non-negative numeric
string and exists in the group database as a group name (see
getgrnam()), the numeric group ID associated with that group
name shall be used as the group ID.
STDIN
Not used.
INPUT FILES
The file /dev/tty shall be used to read a single line of text for
password checking, when one is required.
ENVIRONMENT VARIABLES
The following environment variables shall affect the execution of
newgrp:
LANG Provide a default value for the internationalization variables
that are unset or null. (See the Base Definitions volume of
IEEE Std 1003.1-2001, Section 8.2, Internationalization
Variables for the precedence of internationalization variables
used to determine the values of locale categories.)
LC_ALL If set to a non-empty string value, override the values of all
the other internationalization variables.
LC_CTYPE
Determine the locale for the interpretation of sequences of
bytes of text data as characters (for example, single-byte as
opposed to multi-byte characters in arguments).
LC_MESSAGES
Determine the locale that should be used to affect the format
and contents of diagnostic messages written to standard error.
NLSPATH
Determine the location of message catalogs for the processing of
LC_MESSAGES .
ASYNCHRONOUS EVENTS
Default.
STDOUT
Not used.
STDERR
The standard error shall be used for diagnostic messages and a prompt
string for a password, if one is required. Diagnostic messages may be
written in cases where the exit status is not available. See the EXIT
STATUS section.
OUTPUT FILES
None.
EXTENDED DESCRIPTION
None.
EXIT STATUS
If newgrp succeeds in creating a new shell execution environment,
whether or not the group identification was changed successfully, the
exit status shall be the exit status of the shell. Otherwise, the
following exit value shall be returned:
>0 An error occurred.
CONSEQUENCES OF ERRORS
The invoking shell may terminate.
The following sections are informative.
APPLICATION USAGE
There is no convenient way to enter a password into the group database.
Use of group passwords is not encouraged, because by their very nature
they encourage poor security practices. Group passwords may disappear
in the future.
A common implementation of newgrp is that the current shell uses exec
to overlay itself with newgrp, which in turn overlays itself with a new
shell after changing group. On some implementations, however, this may
not occur and newgrp may be invoked as a subprocess.
The newgrp command is intended only for use from an interactive
terminal. It does not offer a useful interface for the support of
applications.
The exit status of newgrp is generally inapplicable. If newgrp is used
in a script, in most cases it successfully invokes a new shell and the
rest of the original shell script is bypassed when the new shell exits.
Used interactively, newgrp displays diagnostic messages to indicate
problems. But usage such as:
newgrp foo
echo $?
is not useful because the new shell might not have access to any status
newgrp may have generated (and most historical systems do not provide
this status). A zero status echoed here does not necessarily indicate
that the user has changed to the new group successfully. Following
newgrp with the id command provides a portable means of determining
whether the group change was successful or not.
EXAMPLES
None.
RATIONALE
Most historical implementations use one of the exec functions to
implement the behavior of newgrp. Errors detected before the exec leave
the environment unchanged, while errors detected after the exec leave
the user in a changed environment. While it would be useful to have
newgrp issue a diagnostic message to tell the user that the environment
changed, it would be inappropriate to require this change to some
historical implementations.
The password mechanism is allowed in the group database, but how this
would be implemented is not specified.
The newgrp utility was retained in this volume of IEEE Std 1003.1-2001,
even given the existence of the multiple group permissions feature in
the System Interfaces volume of IEEE Std 1003.1-2001, for several
reasons. First, in some implementations, the group ownership of a newly
created file is determined by the group of the directory in which the
file is created, as allowed by the System Interfaces volume of
IEEE Std 1003.1-2001; on other implementations, the group ownership of
a newly created file is determined by the effective group ID. On
implementations of the latter type, newgrp allows files to be created
with a specific group ownership. Finally, many implementations use the
real group ID in accounting, and on such systems, newgrp allows the
accounting identity of the user to be changed.
FUTURE DIRECTIONS
None.
SEE ALSO
Shell Command Language , sh , the System Interfaces volume of
IEEE Std 1003.1-2001, exec, getgrnam()
COPYRIGHT
Portions of this text are reprinted and reproduced in electronic form
from IEEE Std 1003.1, 2003 Edition, Standard for Information Technology
-- Portable Operating System Interface (POSIX), The Open Group Base
Specifications Issue 6, Copyright (C) 2001-2003 by the Institute of
Electrical and Electronics Engineers, Inc and The Open Group. In the
event of any discrepancy between this version and the original IEEE and
The Open Group Standard, the original IEEE and The Open Group Standard
is the referee document. The original Standard can be obtained online
at http://www.opengroup.org/unix/online.html .