HPE Community
Operating System - HP-UX
1825795 Members
2626 Online
109687 Solutions
New Discussion

Re: setgroups() where user is in more groups than NGROUPS_MAX

 
SOLVED
Go to solution
Val Naipaul
Occasional Contributor

‎01-20-2004 02:37 PM

‎01-20-2004 02:37 PM

setgroups() where user is in more groups than NGROUPS_MAX

Hi,
Can I execute setgroups() (in a setuid-root executable) to change the current groups of a parent process, eg execute it from within a shell script so that the new group will be available for the remainder of the script ?

I'm rereading setgroups(2) now and it doesn't mention parent process, but I seem to remember reading (Stevens' Unix book?) somewhere that changing the groups of the Parent process was possible.

Attached is an attempt at doing this...but it doesn't affect my shell group list as I hoped.

Thanks a lot,
Val Naipaul
0 Kudos
Reply
3 REPLIES 3
Mike Stroyan
Honored Contributor

‎01-21-2004 03:20 AM

‎01-21-2004 03:20 AM

Solution

Re: setgroups() where user is in more groups than NGROUPS_MAX

There is no system call to change the group ids of another process. The newgrp command works within that limit by starting a new shell process as a child of the newgrp command.
Reply
A. Clay Stephenson
Acclaimed Contributor

‎01-21-2004 03:30 AM

‎01-21-2004 03:30 AM

Re: setgroups() where user is in more groups than NGROUPS_MAX

No, a child would never be allowed to alter the uid/gid (effective or real) of a parent process. Think of the security implications if that were possible. You need to rethink your approach and fork/exec a child process that inherits the new gid.
If it ain't broke, I can fix that.
Reply
Val Naipaul
Occasional Contributor

‎01-21-2004 07:41 AM

‎01-21-2004 07:41 AM

Re: setgroups() where user is in more groups than NGROUPS_MAX

Thanks for the responses.

I think I'll fork/exec...that meets most of my requirements.

Btw, I understand from others in my dept that the reason just bumping up NGROUPS_MAX won't work for us is that there are some HP utilities that don't dynamically grab NGROUPS_MAX. I'll ask them what those utilities are, maybe they're not that important to us anymore.

Val
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.