Re: newgrp

[David Chamont <chamont@xxxxxxxxxxxxxxx>]

> 
> That's because on Unix systems superuser privileges are required to change
> the primary group id.  There is nothing in zsh which would prevent changing
> the GID parameter.  If it fails it fails because the OS refused change it.
> Of course some trickery with chgrp and setgid might also help but on secure
> systems normal users have no write access to suid mounted filesystems.
> Also secure systems does not use HP, or if ther use, they definitely do not
> keep suid newgrp since a root exploit was posted recently to bugtraq using
> HP's newgrp (where you can find one or two HP root exploits every week so
> if you subscribe it will not be difficult to install the missing newgrp on
> your machine).
> 

It is probably not the best solution, but I went around the lack of
newgrp command by writing the following script, and then asked my
administrator to change the owner to root and mode to 4755,
and finally add the alias newgrp='exec newgrp'.
At least it works !

          --------------------------------------------
          #!/usr/local/bin/zsh
          
          accord=non
          for g in `groups` ; do
            if [[ $g = "$1" ]] ; then
              group=`ypcat group | grep "^${1}:"`
              GID=${${group%:*}##*:}
            fi
          done
          
          EUID=$UID
          exec zsh
          --------------------------------------------

Thanks to the people who respond to my question and helped
me find out this solution.

==========================================================================
David Chamont - LPNHE                             
chamont@xxxxxxxxxxxxxxx
Ecole Polytechnique                                        
01.69.33.44.04
91128 Palaiseau - France            
http://polhp5.in2p3.fr:8000/~chamont/