Path: utzoo!utgpu!jarvis.csri.toronto.edu!rutgers!cs.utexas.edu!uunet!prcrs!paul
From: paul@prcrs.UUCP (Paul Hite)
Newsgroups: comp.unix.questions
Subject: Re: Restricted Program Access
Message-ID: <127@prcrs.UUCP>
Date: 7 Jul 89 14:55:38 GMT
References: <164@nisca.ircc.ohio-state.edu>
Organization: PRC Realty Systems, McLean, VA
Lines: 34

In article <164@nisca.ircc.ohio-state.edu>, frank@hpuxa.ircc.ohio-state.edu (Frank G. Fiamingo) writes:
> I'm trying to set up a program so that is executable only by members of
> a certain group.  This group, however, is generally NOT the group that
> its members login to.  I thought I could set the mode to say 750 and
> then use newgrp.  This works when typed directly in, but doesn't work
> in a shell script.  

Within a System V environment, you can execute commands by sending them
into the shell spawned by newgrp like this:
	Script started on Fri Jul  7 10:40:34 1989
	$ uname -a
	HP-UX prcrs A.B3.10 D 9000/850 0
	$ id
	uid=2007(paul) gid=9(sysadm)
	$ echo id | (newgrp cms)
	uid=2007(paul) gid=58(cms)
	$ 
	script done on Fri Jul  7 10:41:38 1989

The idea is to execute newgrp in a subshell and redirect stdin of the subshell
to be some commands to be executed.

> I'm working with an HP9000/840 running HP-UX3.01 (SysVish).

While hp-ux is indeed SysVish, it can also be BSDish and this gives you
another option.  It's somewhat hidden in TFM, but there is a file supported
called "/etc/logingroup". It's like /etc/group except that you can be a 
member of many groups at one time.  Your group from /etc/passwd is always
used for the group of any files created and newgrp does change this.  But
we have linked /etc/logingroup to /etc/group and so our users have access
to all their groups at once.

Paul Hite   PRC Realty Systems  McLean,Va   uunet!prcrs!paul    (703) 556-2243
                      DOS is a four letter word!