 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
On Mon, May 11, 2009 at 12:27 PM, Laura Conrad <sunny-O0WJhd4tT3hg9hUCZPvPmw at public.gmane.org> wrote: >>>>>> "Eric" == Eric Martin <freak4uxxx-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> writes: > > ? ?Eric> if 'groups' isn't showing you in that group it's because you > ? ?Eric> need to logout / log in. ?hit CTRL-ALT-F2 to get a new virtual > ? ?Eric> console and log in. ?what does groups say now? > >>>>>> "Ben" == Ben Eisenbraun <bene-Gk2boCrsRs1AfugRpC6u6w at public.gmane.org> writes: > > ? ?Ben> Generally speaking, you'll need to spawn a full login shell in > ? ?Ben> order to pick up the new group privileges. ?I don't think a new > ? ?Ben> terminal tab or even a 'bash -l' will do it. ?The way I check > ? ?Ben> is to use one of the virtual ttys, i.e. ctrl-alt-f2, login > ? ?Ben> there and test it. > >>>>>> "Bill" == Bill Bogstad <bogstad-e+AXbWqSrlAAvxtiuMwx3w at public.gmane.org> writes: > > > ? ?Bill> You have to log off and back on. > > You can tell this system antedates X windows, can't you? It antedates virtual terminals and even the idea of having more then one group for a process. The 'newgrp' command that I mentioned was the canonical way to switch your single terminal session from one group to another. Since only one process (login shell) was involved, it was easy to just exec the setuid root /usr/bin/newgrp to replace your current shell with a new one in a different group. When group sets were added, the need to change back and forth between groups dynamically during a normal session basically went away. You had all the privileges of being logged into the group anyway. The newgrp command remains, but is almost useless. Most systems don't even put passwords on groups anymore and I had to go look up it's name since I'm not sure I've ever used it. As you point out, in the new modern X windows world; we have whole clouds of processes running around. Although they may share parent/child/sibling relationships the kernel treats their privileges as independent from each other. One could write a setuid root program to start a new program with a new set of groups based on the /etc/groups file, but I don't think there is anyway to retroactively change the groups on a set of already started programs. > > Thanks to everyone. ?I was hoping there was a magic word, the way there > is if you change your PATH, but I guess not. Changing groups is security related and as a result must be mediated by the OS kernel. PATH variables are just a convenience to avoid typing in full pathnames for programs. The kernel doesn't even look at PATH. Pedantically yours, Bill Bogstad
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
