Restricted Program Access

Sat Jul 8 00:55:38 AEST 1989

In article <164 at nisca.ircc.ohio-state.edu>, frank at hpuxa.ircc.ohio-state.edu (Frank G. Fiamingo) writes:
> I'm trying to set up a program so that is executable only by members of
> a certain group.  This group, however, is generally NOT the group that
> its members login to.  I thought I could set the mode to say 750 and
> then use newgrp.  This works when typed directly in, but doesn't work
> in a shell script.  

Within a System V environment, you can execute commands by sending them
into the shell spawned by newgrp like this:
	Script started on Fri Jul  7 10:40:34 1989
	$ uname -a
	HP-UX prcrs A.B3.10 D 9000/850 0
	$ id
	uid=2007(paul) gid=9(sysadm)
	$ echo id | (newgrp cms)
	uid=2007(paul) gid=58(cms)
	$ 
	script done on Fri Jul  7 10:41:38 1989

The idea is to execute newgrp in a subshell and redirect stdin of the subshell
to be some commands to be executed.

> I'm working with an HP9000/840 running HP-UX3.01 (SysVish).

While hp-ux is indeed SysVish, it can also be BSDish and this gives you
another option.  It's somewhat hidden in TFM, but there is a file supported
called "/etc/logingroup". It's like /etc/group except that you can be a 
member of many groups at one time.  Your group from /etc/passwd is always
used for the group of any files created and newgrp does change this.  But
we have linked /etc/logingroup to /etc/group and so our users have access
to all their groups at once.

Paul Hite   PRC Realty Systems  McLean,Va   uunet!prcrs!paul    (703) 556-2243
                      DOS is a four letter word!