HPE Community
Operating System - HP-UX
1753921 Members
7158 Online
108810 Solutions
New Discussion юеВ

Re: secondary group

 
SOLVED
Go to solution
christian_derek
Regular Advisor

тАО11-20-2009 01:54 PM

тАО11-20-2009 01:54 PM

secondary group

Hi,

How can I have a users building a file with a secondary group on 11iv3. I have some generic users on the system that have secondary group, in some cases I need to have them building file with one of there secondary, how can I do this.

eg: user TEMP is part of the users group as well as client1, client2 and client3 group.

When the user TEMP is working for client1, I want the file to be built as TEMP:client1, right now they are built as TEMP:users.

Thanks,


Thansk,
0 Kudos
Reply
3 REPLIES 3
Patrick Wallek
Honored Contributor

тАО11-20-2009 02:09 PM

тАО11-20-2009 02:09 PM

Re: secondary group

You need to make use of the 'newgrp' command.

When executed, as 'newgrp client1' for example, the users group will be changed to the group specified on the command line. In this case the default group will be client1, so any files created will be created with client1 as the group.

The 'newgrp' man page offers more information.
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

тАО11-20-2009 02:46 PM

тАО11-20-2009 02:46 PM

Re: secondary group

Hi Christian:

Using the contents of '/etc/group' allows you to use the 'newgrp' command to change a user's group. If you define '/etc/logingroup' you can create _lists_ of user groups. See:

http://www.docs.hp.com/en/B2355-60130/group.4.html

Regards!

...JRF...
0 Kudos
Reply
Matti_Kurkela
Honored Contributor

тАО11-20-2009 03:43 PM

тАО11-20-2009 03:43 PM

Solution

Re: secondary group

The "newgrp" command certainly does the job, but the users must always remember to use it. Sometimes they'll forget, and files will be created with wrong group. If the forgetful user is not reachable when the problem is eventually found, the sysadmin may have to fix the mess.

It's much better if the system could assign the correct group to files automatically... and yes, it can do exactly that.

Let's assume you have three directories:
/work/client1
/work/client2
/work/client3

You have probably already set their permissions to something like this, so that the users can access each directory if they belong to the respective group:

chgrp client1 /work/client1
chgrp client2 /work/client2
chgrp client3 /work/client3

chmod 770 /work/client1 /work/client2 /work/client3

Now, set the "setgid" bit on the directories:

chmod g+s /work/client1 /work/client2 /work/client3

(You could also specify all the permissions at once numerically as "chmod 2770" if you wish...)

The directory permissions will look like this: drwxrws---

Now, when the user creates a file in e.g. /work/client2/ directory, the file will be automatically owned by the client2 group. The user does not need to use the "newgrp" command: the file gets the right group 100% automatically.

And here's another clever thing: if the user creates a sub-directory in a directory has the setgid bit set, the sub-directory will inherit both the correct group membership and the setgid bit.

MK
MK
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.