sg(C)
sg --
set groups
Syntax
sg
[ -e ]
[ -t ]
[ -v ]
[ -g group ]
[ -a grouplist ]
[ -r grouplist ]
[ -s grouplist ]
[ -c command ]
Description
The sg command allows users to run shells and commands with
a different group ID and a modified supplemental group list.
You are limited to working with the groups of which you are a member.
You are a member of a group if any one of the following conditions is true:
-
You are the super user.
(The super user is considered a member of all groups.)
-
The group is your login group, listed in /etc/passwd.
-
You are listed as a member of the group in /etc/group.
-
The group is the current real (RGID) or effective group ID
(EGID).
-
The group is in the current effective supplemental group access list.
sg takes the following options:
-a grouplist-
Add groups to the supplemental group list.
See below for the syntax of grouplist.
-e-
Display the supplemental group access list of the current process.
This is the default.
-g group-
Set the real and effective group ID to group
for subsequent commands to be executed by sg.
group can be a group name or a group
ID, but must be a group of which the user is a member.
-t-
Display the user's login group plus any groups the user is a member of
in /etc/group. The super user is considered to be
a member of all groups listed in the group file.
-v-
Display the new supplemental group access list before
each command or shell is run. With -a or -s, -v
warns if a group to be added is already in the supplemental group
access list or if a group cannot be added because the supplemental group
access list is full.
With the -r option, it warns if a group
to be removed is not in the supplemental group access list.
-r grouplist-
Remove groups from the supplemental group list.
See below for the syntax of grouplist.
(You do not need to be a member of the group being
removed. Neither is there a requirement that the group
being removed is actually in the supplemental
group list.)
-s grouplist-
Set the supplemental group list to grouplist.
See below for the syntax of grouplist.
-c command-
Pass command to the user's login shell for execution with
the specified supplemental group and/or group
ID modifications.
The shell must support the -c command
syntax similar to
sh(C).
Giving the empty string "" as the argument
to -c causes the user's shell to be run. Exiting that shell will
resume execution of sg.
A grouplist is a comma- or whitespace- (tab or space) separated
list of group names and group IDs. The user must be a member
of any groups specified in grouplist.
If group or grouplist are an empty string "",
or just contain
separators, the -s option sets the supplemental group
access list to empty, and -a, -r, and -s
have no effect.
sg reads its options from left to
right and performs them as they are read.
The -g, -a, -r and -s options are
cumulative, but they only take effect when a
command is executed by the -c option.
If at least one of the -g, -a, -r or -s
options has been specified since the previous -c option was
performed, and the end of the argument list is reached, the user's shell
is invoked with the specified group ID and supplemental
group access list.
When sg terminates, the user's original shell and supplemental
group access list will be in effect.
Exit values
If sg detects an error, it displays an appropriate error message
and exits with a status greater than zero. If no errors are encountered,
sg exits with a status of zero.
Examples
Assuming the user is listed as a member of groups work and
eng (with group IDs of 100 and 200), to execute a shell with
both groups added to the current supplemental group access list:
sg -a work,eng -c ""
This can also be achieved by:
sg -a "100 200"
To execute yourprog with a group ID of 100 and an
empty supplemental group access list:
sg -g work -s "" -c yourprog
Limitations
Each process has a supplemental group access list (maintained by the
kernel), which is used in determining file access permissions in
addition to the effective group ID. The maximum number of group
IDs which can be held in the supplemental group access list is
defined by the tunable kernel parameter NGROUPS.
sg can potentially output very long lines on systems with a large
value of NGROUPS configured.
sg executes as setuid zero, resetting the effective user
ID to the real user ID before executing any commands.
Authorization
The execsuid kernel privilege is required to run sg.
Files
/etc/group-
group file
/etc/passwd-
password file
See also
login(M),
newgrp(C),
sh(C)
Standards conformance
sg is not part of any currently supported
standard; it is an extension of AT&T System V
provided by The Santa Cruz Operation, Inc.
© 2005 The SCO Group, Inc. All rights reserved.
SCO OpenServer Release 6.0.0 -- 03 June 2005