From owner-freebsd-arch  Fri Jan 19 13:57:59 2001
Delivered-To: freebsd-arch@freebsd.org
Received: from ringworld.nanolink.com (ringworld.nanolink.com [195.24.48.189])
	by hub.freebsd.org (Postfix) with SMTP id 3C0BE37B401
	for <arch@FreeBSD.ORG>; Fri, 19 Jan 2001 13:57:40 -0800 (PST)
Received: (qmail 50059 invoked by uid 1000); 19 Jan 2001 21:56:16 -0000
Date: Fri, 19 Jan 2001 23:56:16 +0200
From: Peter Pentchev <roam@orbitel.bg>
To: Terry Lambert <tlambert@primenet.com>
Cc: Wes Peters <wes@softweyr.com>,
	Will Andrews <will@physics.purdue.edu>, arch@FreeBSD.ORG
Subject: Re: no newgroup/newgrp in FreeBSD?
Message-ID: <20010119235616.A49279@ringworld.oblivion.bg>
Mail-Followup-To: Terry Lambert <tlambert@primenet.com>,
	Wes Peters <wes@softweyr.com>,
	Will Andrews <will@physics.purdue.edu>, arch@FreeBSD.ORG
References: <3A6728FB.76E7C687@softweyr.com> <200101191743.KAA10770@usr08.primenet.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200101191743.KAA10770@usr08.primenet.com>; from tlambert@primenet.com on Fri, Jan 19, 2001 at 05:42:55PM +0000
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Fri, Jan 19, 2001 at 05:42:55PM +0000, Terry Lambert wrote:
> > > Sorry for being ignorant, but what's the difference between this and the
> > > pw(8) group operations?
> > 
> > System V only holds one GID per process.  The newgrp command changes the
> > active GID to another group by starting a new shell with the GID specified
> > on the newgrp command line.  You have to be a member of the group or know
> > the group password.  Since BSD uses a list of group memberships, newgrp
> > is not needed.
> 
> Actually, it could be useful.
> 
> In SVR4, the most powerful effect is that newgrp permits you
> to obtain membership in a group without explicit configuration,
> so long as there is communication of the password to you.
> 
> Specifically, it allows adjunct group membership, through
> knowledge of a password.  The BSD method grants membership
> in groups explicitly.
> 
> As an example, consider membership in group "wheel".  To
> be able to "su", you must have two things: membership in
> group "wheel", and the "root" password.
[snip]

Hmm.. good points.  The 1.0.1 version of my newgrp(1) implementation,
at http://ringwraith.online.bg/~roam/devel/sysutils/newgrp-1.0.1.tar.gz
allows the users to change to a group they are not members of, if that
group is password-protected.  It also restricts access to groups users
*are* members of, if those are password-protected.  Both those items
are controlled by compile-time defines.

G'luck,
Peter

-- 
I've heard that this sentence is a rumor.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message