Hacker News new | past | comments | ask | show | jobs | submit login

The newgrp command also changes your primary group. This affects the gid on new files that get created (a field in the new file's inode).

Try these commands:

    id
    touch a
    newgrp cdrom   # or any group other than the first one
    id             # note that gid is now 'cdrom',
                   # and it's also first on the groups= list
    touch b
    ls -l a b      # note different group ownership
    exit           # leave the extra shell that newgrp created
This can actually save steps if the gid of newly-created files matters because it can avoid an extra chgrp command (which saves typing and avoids a little I/O).



It could also eliminate a race condition.


Good point. I hadn't thought about that. With careful use of umask, chgrp, and chmod (in that order and with proper error handling), you could protect yourself, but just setting it to the right value in the first place seems simpler.


If you're talking about command line programs (as opposed to fchown/fchmod on an open fd), there's still a race whereby an attacker in the shared group can make a link and get you to chgrp away one of your personal files.


Depends. On BSD systems, files inherit the directory group.


You can get that behaviour on linux, if you set setgid bit on the directory permissions, e.g. chmod g+s




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: