On Thu, Aug 21, 2003 at 04:54:45PM +0900, Jason Stubbs wrote:
> On Thursday 21 August 2003 11:16, oleander wrote:
> > it's kind of silly but you could do:
> >
> > % sg cron -c 'crontab -e'
> >
> > from the current shell after being added to cron group. that prevents a
> > logout at least. or "newgrp cron", too.
>
> Yep, that works. It's more of a workaround though.
>
> Can anybody offer an explanation as to why do/should modifications to
> /etc/group only take effect at logon?
Because the owner and group ids are associated with a particular process
when it's created, and normally aren't changed after that. Each process
maintains a copy of what permissions it has, and passes those permissions
on to any other process it creates. You don't want every process having to
check the /etc/group file every time anything happens, do you? This way,
only the login process really has to check the file for permissions.
Basically, the /etc/group file is not some magic file that every program
reads. Only programs that are explicitly written to read it do so, and
/bin/login is one of those. Everything else just takes the permissions
handed to it. And since only a process with superuser access can increase
its own permissions... an unprivileged user can't do anything except call
a setuid program like newgrp to add groups to a currently running process.
However, from the newgrp man page:
newgrp is used to change the current group ID during a login session.
If the optional - flag is given, the user's environment will be reini-
tialized as though the user had logged in, otherwise the current envi-
ronment, including current working directory, remains unchanged.
So just 'newgrp -' will work as a sort of re-login.
---------------------------+---------------------------------------------------
Bryan Feir VA3GBF|"Advertising may be described as the science of
Home:[EMAIL PROTECTED] | arresting human intelligence long enough to get
| money from it." -- Stephen Leacock
---------------------------+---------------------------------------------------
--
[EMAIL PROTECTED] mailing list
