12/12/94 Changing Group Membership from a Shell Script SPECIAL NOTICES Information in this document is correct to the best of our knowledge at the time of this writing. Please send feedback by fax to "AIXServ Information" at (512) 823-4009. Please use this information with care. IBM will not be responsible for damages of any kind resulting from its use. The use of this information is the sole responsibility of the customer and depends on the customer's ability to eval- uate and integrate this information into the customer's operational environment. ABOUT THIS DOCUMENT This document describes a method of using a non-interactive script to change group membership and bypass group limits. This document applies to AIX 3.1, 3.2, and 4.1. INTRODUCTION AIX includes two commands for changing group set membership. They are "newgrp" and "setgroups". Both of these commands require that the user enter the command from the command line, because these commands cannot be executed from a shell script. The sample code in this document provides a way to set the real and effective group ID from a shell script. The tool verifies that the current user is a member of the target group before executing the named command. SAMPLE CODE NOTE: Please note that page headers and footers may appear in the following code. They should be removed before the code is used. Also, revision bars (vertical bars in the left margin which mark changes in the document) may appear to the left of the code and should be removed before the code is used. /* * NAME: switchgrp * * COMPILATION: * cc -o switchgrp switchgrp.c * chown root switchgrp * chmod 4555 switchgrp * mv switchgrp * * FUNCTION: * Set real and effective group ID to a value from /etc/group. * * DESCRIPTION: * switchgrp allows a user to bypass the 32-group limitation without Changing Group Membership from a Shell Script 1 12/12/94 * using the newgrp command. newgrp cannot be used inside a shell * script because of how it works. */ #include #include #include #include main (int argc, char ** argv) { char *newgrp = argv[1]; struct passwd *pwd; struct group *grp; int i; if (argc < 3) { fprintf (stderr, "usage: switchgrp group cmd [ args ]\n"); exit (1); } if (! (grp = getgrnam (newgrp))) { fprintf (stderr, "unknown group: %s\n", newgrp); exit (1); } if (! (pwd = getpwuid (getuid ()))) { fprintf (stderr, "who are you?\n"); exit (1); } for (i = 0;grp->gr_mem[i];i++) if (strcmp (pwd->pw_name, grp->gr_mem[i]) == 0) break; if (grp->gr_mem[i] == (char *) 0) { fprintf (stderr, "not a member\n"); exit (1); } setgidx (ID_REAL|ID_EFFECTIVE, grp->gr_gid); setuid (getuid ()); execvp (argv[2], &argv[2]); perror (argv[2]); exit (255); } Changing Group Membership from a Shell Script 2 12/12/94 READER'S COMMENTS Please fax this form to (512) 823-4009, attention "AIXServ Informa- tion". You may also e-mail comments to: elizabet@austin.ibm.com. These comments should include the same customer information requested below. Use this form to tell us what you think about this document. If you have found errors in it, or if you want to express your opinion about it (such as organization, subject matter, appearance) or make sug- gestions for improvement, this is the form to use. If you need technical assistance, contact your local branch office, point of sale, or 1-800-CALL-AIX (for information about support offer- ings). These services may be billable. Faxes on a variety of sub- jects may be ordered free of charge from 1-800-IBM-4FAX. Outside the U.S. call 415-855-4329 using a fax machine phone. When you send comments to IBM, you grant IBM a nonexclusive right to use or distribute your comments in any way it believes appropriate without incurring any obligation to you. NOTE: If you have a problem report or item number, supplying that number may help us determine why a procedure did or did not work in your specific situation. Problem Report or Item #: Branch Office or Customer #: Be sure to print your name and fax number below if you would like a reply: Name: Fax Number: ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ END OF DOCUMENT (setgrp.script.31-41.cmd) Changing Group Membership from a Shell Script 3