DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 

sg(C)


sg -- set groups

Syntax

sg [ -e ] [ -t ] [ -v ] [ -g group ] [ -a grouplist ] [ -r grouplist ] [ -s grouplist ]
[ -c command ]

Description

The sg command allows users to run shells and commands with a different group ID and a modified supplemental group list.

You are limited to working with the groups of which you are a member.

You are a member of a group if any one of the following conditions is true:

sg takes the following options:


-a grouplist
Add groups to the supplemental group list. See below for the syntax of grouplist.

-e
Display the supplemental group access list of the current process. This is the default.

-g group
Set the real and effective group ID to group for subsequent commands to be executed by sg. group can be a group name or a group ID, but must be a group of which the user is a member.

-t
Display the user's login group plus any groups the user is a member of in /etc/group. The super user is considered to be a member of all groups listed in the group file.

-v
Display the new supplemental group access list before each command or shell is run. With -a or -s, -v warns if a group to be added is already in the supplemental group access list or if a group cannot be added because the supplemental group access list is full. With the -r option, it warns if a group to be removed is not in the supplemental group access list.

-r grouplist
Remove groups from the supplemental group list. See below for the syntax of grouplist. (You do not need to be a member of the group being removed. Neither is there a requirement that the group being removed is actually in the supplemental group list.)

-s grouplist
Set the supplemental group list to grouplist. See below for the syntax of grouplist.

-c command
Pass command to the user's login shell for execution with the specified supplemental group and/or group ID modifications. The shell must support the -c command syntax similar to sh(C). Giving the empty string "" as the argument to -c causes the user's shell to be run. Exiting that shell will resume execution of sg.
A grouplist is a comma- or whitespace- (tab or space) separated list of group names and group IDs. The user must be a member of any groups specified in grouplist.

If group or grouplist are an empty string "", or just contain separators, the -s option sets the supplemental group access list to empty, and -a, -r, and -s have no effect.

sg reads its options from left to right and performs them as they are read. The -g, -a, -r and -s options are cumulative, but they only take effect when a command is executed by the -c option.

If at least one of the -g, -a, -r or -s options has been specified since the previous -c option was performed, and the end of the argument list is reached, the user's shell is invoked with the specified group ID and supplemental group access list.

When sg terminates, the user's original shell and supplemental group access list will be in effect.

Exit values

If sg detects an error, it displays an appropriate error message and exits with a status greater than zero. If no errors are encountered, sg exits with a status of zero.

Examples

Assuming the user is listed as a member of groups work and eng (with group IDs of 100 and 200), to execute a shell with both groups added to the current supplemental group access list:

sg -a work,eng -c ""

This can also be achieved by:

sg -a "100 200"

To execute yourprog with a group ID of 100 and an empty supplemental group access list:

sg -g work -s "" -c yourprog

Limitations

Each process has a supplemental group access list (maintained by the kernel), which is used in determining file access permissions in addition to the effective group ID. The maximum number of group IDs which can be held in the supplemental group access list is defined by the tunable kernel parameter NGROUPS.

sg can potentially output very long lines on systems with a large value of NGROUPS configured. sg executes as setuid zero, resetting the effective user ID to the real user ID before executing any commands.

Authorization

The execsuid kernel privilege is required to run sg.

Files


/etc/group
group file

/etc/passwd
password file

See also

login(M), newgrp(C), sh(C)

Standards conformance

sg is not part of any currently supported standard; it is an extension of AT&T System V provided by The Santa Cruz Operation, Inc.
© 2005 The SCO Group, Inc. All rights reserved.
SCO OpenServer Release 6.0.0 -- 03 June 2005