Path: utzoo!utgpu!news-server.csri.toronto.edu!mailrus!uunet!mcsun!hp4nl!phigate!ehviea!leo From: leo@ehviea.ine.philips.nl (Leo de Wit) Newsgroups: comp.unix.wizards Subject: Re: Can my alter-ego use "at"? Message-ID: <817@ehviea.ine.philips.nl> Date: 29 Jun 90 17:46:39 GMT References: <960005@teecs.UUCP> Reply-To: leo@ehviea.UUCP (Leo de Wit) Organization: Philips I&E Eindhoven Lines: 49 In article <960005@teecs.UUCP> belkin@teecs.UUCP (Hershel Belkin) writes: |Can anyone tell me if there is any way to scedule a process using |"at" or crontab but have it run under a group ID that is different |than one's login group ID? (Of course, I'm assuming that the user |is a valid member of the group!) | |I've looked, but have not been able to come up with a solution (other |than have a separate login entry for the user under a different group.. |but that isn't a viable solution) | |The problem is that newgrp replaces your shell, so that your |execution script no longer runs, and it has no provision (or none |that I've seen) for passing the name of a script to run when it |starts up. I even tried doing a newgrp with the "-" option and then |using .profile to kick on the script, but that results in a lot of |loud complaining (via mail) since the login is not from an interactive |device! | The following script should do what you want: ----------- start of script ----------- #! /bin/sh # grpat - run an at script as an other group. # Usage: grpat group date # Author: L.J.M. de Wit, Fri Jun 29 1990 case $# in 0|1) echo >&2 "Usage: grpat group date"; exit 1;; *) group=$1; shift;; esac (sleep 5; echo at "$@"; cat) | newgrp $group ----------- end of script ----------- The trick is to pass the newgrp command via a pipe the at command to execute plus the script from stdin (passed by cat). The script stored in /usr/spool/at will thus be setuid the group $group, and atrun will execute it for the correct group. The magical "sleep 5" is there to give newgrp a chance to source its [.login|.profile|.cshrc|.whatever], without loosing subsequent input (I don't know the cause, but that seems to be a quirk in many shells). This is also the reason I couldn't use a here document for the newgrp command. Hope this will solve your problem, Leo.