On Thu, Aug 21, 2003 at 04:54:45PM +0900, Jason Stubbs wrote: > On Thursday 21 August 2003 11:16, oleander wrote: > > it's kind of silly but you could do: > > > > % sg cron -c 'crontab -e' > > > > from the current shell after being added to cron group. that prevents a > > logout at least. or "newgrp cron", too. > > Yep, that works. It's more of a workaround though. > > Can anybody offer an explanation as to why do/should modifications to > /etc/group only take effect at logon?
Because the owner and group ids are associated with a particular process when it's created, and normally aren't changed after that. Each process maintains a copy of what permissions it has, and passes those permissions on to any other process it creates. You don't want every process having to check the /etc/group file every time anything happens, do you? This way, only the login process really has to check the file for permissions. Basically, the /etc/group file is not some magic file that every program reads. Only programs that are explicitly written to read it do so, and /bin/login is one of those. Everything else just takes the permissions handed to it. And since only a process with superuser access can increase its own permissions... an unprivileged user can't do anything except call a setuid program like newgrp to add groups to a currently running process. However, from the newgrp man page: newgrp is used to change the current group ID during a login session. If the optional - flag is given, the user's environment will be reini- tialized as though the user had logged in, otherwise the current envi- ronment, including current working directory, remains unchanged. So just 'newgrp -' will work as a sort of re-login. ---------------------------+--------------------------------------------------- Bryan Feir VA3GBF|"Advertising may be described as the science of Home:[EMAIL PROTECTED] | arresting human intelligence long enough to get | money from it." -- Stephen Leacock ---------------------------+--------------------------------------------------- -- [EMAIL PROTECTED] mailing list