On Thursday 21 August 2003 17:45, Bryan Feir wrote: > On Thu, Aug 21, 2003 at 04:54:45PM +0900, Jason Stubbs wrote: > > Can anybody offer an explanation as to why do/should modifications to > > /etc/group only take effect at logon?
> Basically, the /etc/group file is not some magic file that every program > reads. Only programs that are explicitly written to read it do so, and > /bin/login is one of those. Everything else just takes the permissions > handed to it. And since only a process with superuser access can increase > its own permissions... an unprivileged user can't do anything except call > a setuid program like newgrp to add groups to a currently running process. That makes perfect sense. Thanks for the clear concise explanation! > However, from the newgrp man page: > > newgrp is used to change the current group ID during a login > session. If the optional - flag is given, the user's environment will be > reini- tialized as though the user had logged in, otherwise the current > envi- ronment, including current working directory, remains unchanged. > > So just 'newgrp -' will work as a sort of re-login. This isn't exactly what I was getting at. That would just be a sub-shell that seems as if one just logged in. My problem (read: frustration) is that when su'ing to make changes to my own account, I have to logoff/logon to see if they work. A thought... Above you say that only a process with superuser access can increase its own permissions. Can a process with superuser access increase another processes permissions. I'm guessing it can else apps like renice would not work. Therefore, shouldn't usermod (at least have an option to) change the permissions of all running processes according to changes made? Just a thought. Regards, Jason -- [EMAIL PROTECTED] mailing list
