From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 589 invoked from network); 12 Dec 1996 14:31:37 -0000 Received: from euclid.skiles.gatech.edu (list@130.207.146.50) by coral.primenet.com.au with SMTP; 12 Dec 1996 14:31:37 -0000 Received: (from list@localhost) by euclid.skiles.gatech.edu (8.7.3/8.7.3) id JAA03677; Thu, 12 Dec 1996 09:17:46 -0500 (EST) Resent-Date: Thu, 12 Dec 1996 09:06:36 -0500 (EST) Sender: chamont@polhp3.in2p3.fr Message-Id: <32B01157.24A1@polhp3.in2p3.fr> Date: Thu, 12 Dec 1996 15:06:15 +0100 From: David Chamont Organization: X-LPNHE X-Mailer: Mozilla 3.0Gold (X11; I; HP-UX A.09.05 9000/735) Mime-Version: 1.0 To: Zoltan Hidvegi Cc: zsh-users@math.gatech.edu Subject: Re: newgrp References: <199612121344.OAA10133@bolyai.cs.elte.hu> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Resent-Message-ID: <"2dxbm.0.hr.i51io"@euclid> Resent-From: zsh-users@math.gatech.edu X-Mailing-List: archive/latest/551 X-Loop: zsh-users@math.gatech.edu X-Loop: zsh-workers@math.gatech.edu Precedence: list Resent-Sender: zsh-workers-request@math.gatech.edu > > That's because on Unix systems superuser privileges are required to change > the primary group id. There is nothing in zsh which would prevent changing > the GID parameter. If it fails it fails because the OS refused change it. > Of course some trickery with chgrp and setgid might also help but on secure > systems normal users have no write access to suid mounted filesystems. > Also secure systems does not use HP, or if ther use, they definitely do not > keep suid newgrp since a root exploit was posted recently to bugtraq using > HP's newgrp (where you can find one or two HP root exploits every week so > if you subscribe it will not be difficult to install the missing newgrp on > your machine). > It is probably not the best solution, but I went around the lack of newgrp command by writing the following script, and then asked my administrator to change the owner to root and mode to 4755, and finally add the alias newgrp='exec newgrp'. At least it works ! -------------------------------------------- #!/usr/local/bin/zsh accord=non for g in `groups` ; do if [[ $g = "$1" ]] ; then group=`ypcat group | grep "^${1}:"` GID=${${group%:*}##*:} fi done EUID=$UID exec zsh -------------------------------------------- Thanks to the people who respond to my question and helped me find out this solution. ========================================================================== David Chamont - LPNHE chamont@polhp3.in2p3.fr Ecole Polytechnique 01.69.33.44.04 91128 Palaiseau - France http://polhp5.in2p3.fr:8000/~chamont/