From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <zsh-workers-request@euclid.skiles.gatech.edu>
Received: (qmail 571 invoked from network); 12 Dec 1996 14:02:46 -0000
Received: from euclid.skiles.gatech.edu (list@130.207.146.50)
  by coral.primenet.com.au with SMTP; 12 Dec 1996 14:02:46 -0000
Received: (from list@localhost) by euclid.skiles.gatech.edu (8.7.3/8.7.3) id IAA03157; Thu, 12 Dec 1996 08:54:54 -0500 (EST)
Resent-Date: Thu, 12 Dec 1996 08:44:21 -0500 (EST)
From: Zoltan Hidvegi <hzoli@cs.elte.hu>
Message-Id: <199612121344.OAA10133@bolyai.cs.elte.hu>
Subject: Re: newgrp
In-Reply-To: <199612121017.LAA09533@sgi.ifh.de> from Peter Stephenson at "Dec 12, 96 11:17:26 am"
To: pws@ifh.de (Peter Stephenson)
Date: Thu, 12 Dec 1996 14:44:49 +0100 (MET)
Cc: chamont@polhp3.in2p3.fr, zsh-users@math.gatech.edu
Organization: Dept. of Comp. Sci., Eotvos University, Budapest, Hungary
Phone: (36 1)2669833 ext: 2667, home phone: (36 1) 2752368
X-Mailer: ELM [version 2.4ME+ PL27 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Resent-Message-ID: <"BNJ_e2.0.yk.qm0io"@euclid>
Resent-From: zsh-users@math.gatech.edu
X-Mailing-List: <zsh-users@math.gatech.edu> archive/latest/550
X-Loop: zsh-users@math.gatech.edu
X-Loop: zsh-workers@math.gatech.edu
Precedence: list
Resent-Sender: zsh-workers-request@math.gatech.edu

Peter Stephenson wrote:
> > Wether with the above function, or with the alias proposed in the FAQ,
> > I always finally receive the message "zsh: newgrp not found",
> > since there is no newgrp command available.
> 
> aha --- most systems have an external command newgrp available which
> seems to be missing there.  zsh does have some mechanism for changing
> the group by altering $GID, but the way it's set up it's only usable by
> the superuser, as far as I can tell.

That's because on Unix systems superuser privileges are required to change
the primary group id.  There is nothing in zsh which would prevent changing
the GID parameter.  If it fails it fails because the OS refused change it.
Of course some trickery with chgrp and setgid might also help but on secure
systems normal users have no write access to suid mounted filesystems.
Also secure systems does not use HP, or if ther use, they definitely do not
keep suid newgrp since a root exploit was posted recently to bugtraq using
HP's newgrp (where you can find one or two HP root exploits every week so
if you subscribe it will not be difficult to install the missing newgrp on
your machine).

Zoltan