From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <zsh-workers-request@euclid.skiles.gatech.edu>
Received: (qmail 595 invoked from network); 12 Dec 1996 14:37:54 -0000
Received: from euclid.skiles.gatech.edu (list@130.207.146.50)
  by coral.primenet.com.au with SMTP; 12 Dec 1996 14:37:54 -0000
Received: (from list@localhost) by euclid.skiles.gatech.edu (8.7.3/8.7.3) id JAA04050; Thu, 12 Dec 1996 09:29:54 -0500 (EST)
Resent-Date: Thu, 12 Dec 1996 09:17:29 -0500 (EST)
From: Zoltan Hidvegi <hzoli@cs.elte.hu>
Message-Id: <199612121418.PAA10636@bolyai.cs.elte.hu>
Subject: Re: newgrp
In-Reply-To: <32B01157.24A1@polhp3.in2p3.fr> from David Chamont at "Dec 12, 96 03:06:15 pm"
To: chamont@polhp3.in2p3.fr (David Chamont)
Date: Thu, 12 Dec 1996 15:18:09 +0100 (MET)
Cc: zsh-users@math.gatech.edu
Organization: Dept. of Comp. Sci., Eotvos University, Budapest, Hungary
Phone: (36 1)2669833 ext: 2667, home phone: (36 1) 2752368
X-Mailer: ELM [version 2.4ME+ PL27 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Resent-Message-ID: <"eFs0x.0._u.uF1io"@euclid>
Resent-From: zsh-users@math.gatech.edu
X-Mailing-List: <zsh-users@math.gatech.edu> archive/latest/552
X-Loop: zsh-users@math.gatech.edu
X-Loop: zsh-workers@math.gatech.edu
Precedence: list
Resent-Sender: zsh-workers-request@math.gatech.edu

David Chamont wrote:
> It is probably not the best solution, but I went around the lack of
> newgrp command by writing the following script, and then asked my
> administrator to change the owner to root and mode to 4755,
> and finally add the alias newgrp='exec newgrp'.
> At least it works !

Be careful with that.  Zsh was not designed to run setuid scripts although
some attempt was made to make is somewhat secure.  I do hope that the
script you wrote is secure but I cannot guarantee that zsh has no bugs that
can be exploited to gain root privileges.  And I would not run ypcat and
grep with 0 euid.  I would use this:

>           --------------------------------------------
>           #!/usr/local/bin/zsh

            EUID=UID

>           
>           accord=non
>           for g in `groups` ; do
>             if [[ $g = "$1" ]] ; then
>               group=`ypcat group | grep "^${1}:"`
                EUID=0
>               GID=${${group%:*}##*:}
                break
>             fi
>           done
>           
>           EUID=$UID
            UID=UID
>           exec zsh
>           --------------------------------------------

Zoltan