|NEWGRP(1P)||POSIX Programmer's Manual||NEWGRP(1P)|
newgrp [-l] [group]
A failure to assign the new group identifications (for example, for security or password-related reasons) shall not prevent the new shell execution environment from being created.
The newgrp utility shall affect the supplemental groups for the process as follows:
- On systems where the effective group ID is normally in the supplementary group list (or whenever the old effective group ID actually is in the supplementary group list):
- If the new effective group ID is also in the supplementary group list, newgrp shall change the effective group ID.
- If the new effective group ID is not in the supplementary group list, newgrp shall add the new effective group ID to the list, if there is room to add it.
- On systems where the effective group ID is not normally in the supplementary group list (or whenever the old effective group ID is not in the supplementary group list):
- If the new effective group ID is in the supplementary group list, newgrp shall delete it.
- If the old effective group ID is not in the supplementary list, newgrp shall add it if there is room.
- The System Interfaces volume of POSIX.1‐2017 does not specify whether the effective group ID of a process is included in its supplementary group list.
With no operands, newgrp shall change the effective group back to the groups identified in the user's user entry, and shall set the list of supplementary groups to that set in the user's group database entries.
If the first argument is '-', the results are unspecified.
If a password is required for the specified group, and the user is not listed as a member of that group in the group database, the user shall be prompted to enter the correct password for that group. If the user is listed as a member of that group, no password shall be requested. If no password is required for the specified group, it is implementation-defined whether users not listed as members of that group can change to that group. Whether or not a password is required, implementation-defined system accounting or security mechanisms may impose additional authorization restrictions that may cause newgrp to write a diagnostic message and suppress the changing of the group identification.
The following option shall be supported:
- (The letter ell.) Change the environment to what would be expected if the user actually logged in again.
- A group name from the group database or a non-negative numeric group ID. Specifies the group ID to which the real and effective group IDs shall be set. If group is a non-negative numeric string and exists in the group database as a group name (see getgrnam()), the numeric group ID associated with that group name shall be used as the group ID.
- Provide a default value for the internationalization variables that are unset or null. (See the Base Definitions volume of POSIX.1‐2017, Section 8.2, Internationalization Variables for the precedence of internationalization variables used to determine the values of locale categories.)
- If set to a non-empty string value, override the values of all the other internationalization variables.
- Determine the locale for the interpretation of sequences of bytes of text data as characters (for example, single-byte as opposed to multi-byte characters in arguments).
Determine the locale that should be used to affect the format and contents of diagnostic messages written to standard error.
- Determine the location of message catalogs for the processing of LC_MESSAGES.
- An error occurred.
The following sections are informative.
A common implementation of newgrp is that the current shell uses exec to overlay itself with newgrp, which in turn overlays itself with a new shell after changing group. On some implementations, however, this may not occur and newgrp may be invoked as a subprocess.
The newgrp command is intended only for use from an interactive terminal. It does not offer a useful interface for the support of applications.
The exit status of newgrp is generally inapplicable. If newgrp is used in a script, in most cases it successfully invokes a new shell and the rest of the original shell script is bypassed when the new shell exits. Used interactively, newgrp displays diagnostic messages to indicate problems. But usage such as:
newgrp foo echo $?
is not useful because the new shell might not have access to any status newgrp may have generated (and most historical systems do not provide this status). A zero status echoed here does not necessarily indicate that the user has changed to the new group successfully. Following newgrp with the id command provides a portable means of determining whether the group change was successful or not.
The password mechanism is allowed in the group database, but how this would be implemented is not specified.
The newgrp utility was retained in this volume of POSIX.1‐2017, even given the existence of the multiple group permissions feature in the System Interfaces volume of POSIX.1‐2017, for several reasons. First, in some implementations, the group ownership of a newly created file is determined by the group of the directory in which the file is created, as allowed by the System Interfaces volume of POSIX.1‐2017; on other implementations, the group ownership of a newly created file is determined by the effective group ID. On implementations of the latter type, newgrp allows files to be created with a specific group ownership. Finally, many implementations use the real group ID in accounting, and on such systems, newgrp allows the accounting identity of the user to be changed.
The Base Definitions volume of POSIX.1‐2017, Chapter 8, Environment Variables, Section 12.2, Utility Syntax Guidelines
The System Interfaces volume of POSIX.1‐2017, exec, getgrnam()
Any typographical or formatting errors that appear in this page are most likely to have been introduced during the conversion of the source files to man page format. To report such errors, see https://www.kernel.org/doc/man-pages/reporting_bugs.html .
|2017||IEEE/The Open Group|