The newgrp command also changes your primary group. This affects the gid on new files that get created (a field in the new file's inode).
Try these commands:
id
touch a
newgrp cdrom # or any group other than the first one
id # note that gid is now 'cdrom',
# and it's also first on the groups= list
touch b
ls -l a b # note different group ownership
exit # leave the extra shell that newgrp created
This can actually save steps if the gid of newly-created files matters because it can avoid an extra chgrp command (which saves typing and avoids a little I/O).
Good point. I hadn't thought about that. With careful use of umask, chgrp, and chmod (in that order and with proper error handling), you could protect yourself, but just setting it to the right value in the first place seems simpler.
If you're talking about command line programs (as opposed to fchown/fchmod on an open fd), there's still a race whereby an attacker in the shared group can make a link and get you to chgrp away one of your personal files.
Try these commands:
This can actually save steps if the gid of newly-created files matters because it can avoid an extra chgrp command (which saves typing and avoids a little I/O).