Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!seismo!think!ames!oliveb!sun!gorodish!guy
From: guy%gorodish@Sun.COM (Guy Harris)
Newsgroups: comp.unix.questions,comp.unix.wizards
Subject: Re: System V letting random users chown
Message-ID: <15136@sun.uucp>
Date: Tue, 17-Mar-87 04:47:43 EST
Article-I.D.: sun.15136
Posted: Tue Mar 17 04:47:43 1987
Date-Received: Wed, 18-Mar-87 06:29:52 EST
References: <713@aw.sei.cmu.edu.sei.cmu.edu> <15054@sun.uucp> <2454@mtgzy.UUCP>
Sender: news@sun.uucp
Lines: 38
Xref: mnetor comp.unix.questions:1469 comp.unix.wizards:1477

> Pardon my ignorance of BSD, but what's wrong with the use of group
> permissions and /etc/group in Sys V for group access?  We've used it (on
> several projects) for years and it's worked quite well.

You can use groups in the same way on systems with the 4BSD group
mechanism (this includes IBM's AIX, almost) that you do on systems
without it.  However, if you frequently switch between groups - or
have to work with two different files that are in two different
groups and are NOT readable/writable by the world - the 4BSD group
mechanism is a win.

How it works:

	In addition to the effective and real user and group IDs for
	a process, there is also a "group set" for the process.  If
	the effective user ID of a process does not match the user ID
	owning a file, but either the effective group ID *or* any
	member of the group set of a process matches the group ID
	owning the file, then the group permission bits are used to
	grant access to the file.

	In addition, when a file is created, the group ID that owns
	the file is not set from the effective group ID of the
	process, but is set from the group ID that owns the directory
	in which the file is being created.  (This is why I said
	"almost" above; AIX doesn't do this.)

	When you log in, your effective group ID is set to the number
	in the group field of your "/etc/passwd" entry.  Your group
	set is initialized from { group ID in "/etc/passwd" } (union)
	<set of groups in "/etc/group" that you belong to> (although
	if this exceeds 16, only the first 16 groups are used).

There is no "newgrp" command in 4.[23]BSD; it's not needed.

(And next week, we talk about files with component names longer than
14 characters, "CRT erase" modes that can erase tabs, etc. properly,
and other nice things....)