Sheldon Lee Wen wrote:
Hi,
I have a question regarding the gpasswd and newgrp commands.
I created a new group called test, then set the group administrator
to be my local userid, (call it foo). Then from my foo account I did
gpasswd test and changed the group passwd. Then I added the user
user1 to the group test. From user1's account I can newgrp test and
change my primary group to test without supplying the password.
However, if I try to `newgrp test` from any account that is not a
member of the group it fails even if I supply the correct group password.
Am I misinterpreting the usage of newgrp? I thought that I could change to
a group that I am not in if I have the group password. What's wrong or am
I doing something incorrect?
Sheldon.
As far as I could ever tell by reading all the available docs on Linux,
Solaris and a few sites online, adding a group password simply inserts
an extra step in the group changing process. However it's not toally
useless. You can use the group password to add one extra level of
security. If a user has access to a file by changing to another group
you could password that group to insert one extra hurdle to a unwelcome
guest who hacks a user account in that group. How much extra security
that adds is questionable but hey... Also if that user leaves his/her
terminal logged in and unattended, a passer by doesn't automatically
have access to the new group's files (unless the user has already issued
the newgrp command.) If I can locate my *old* UNIX books, I'll see if
there isn't anymore info there.
If anyone else knows more or knows better, feel free to correct.
Enjoy,
Woody
