Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: newgrp

X-seq: zsh-users 552
From: Zoltan Hidvegi <hzoli@xxxxxxxxxx>
To: chamont@xxxxxxxxxxxxxxx (David Chamont)
Subject: Re: newgrp
Date: Thu, 12 Dec 1996 15:18:09 +0100 (MET)
Cc: zsh-users@xxxxxxxxxxxxxxx
In-reply-to: <32B01157.24A1@xxxxxxxxxxxxxxx> from David Chamont at "Dec 12, 96 03:06:15 pm"
Organization: Dept. of Comp. Sci., Eotvos University, Budapest, Hungary
Phone: (36 1)2669833 ext: 2667, home phone: (36 1) 2752368

David Chamont wrote:
> It is probably not the best solution, but I went around the lack of
> newgrp command by writing the following script, and then asked my
> administrator to change the owner to root and mode to 4755,
> and finally add the alias newgrp='exec newgrp'.
> At least it works !

Be careful with that.  Zsh was not designed to run setuid scripts although
some attempt was made to make is somewhat secure.  I do hope that the
script you wrote is secure but I cannot guarantee that zsh has no bugs that
can be exploited to gain root privileges.  And I would not run ypcat and
grep with 0 euid.  I would use this:

>           --------------------------------------------
>           #!/usr/local/bin/zsh

            EUID=UID

>           
>           accord=non
>           for g in `groups` ; do
>             if [[ $g = "$1" ]] ; then
>               group=`ypcat group | grep "^${1}:"`
                EUID=0
>               GID=${${group%:*}##*:}
                break
>             fi
>           done
>           
>           EUID=$UID
            UID=UID
>           exec zsh
>           --------------------------------------------

Zoltan

Follow-Ups:
- Re: newgrp
  - From: Richard Coleman

References:
- Re: newgrp
  - From: David Chamont

Messages sorted by: Reverse Date, Date, Thread, Author