tags:

views:

58

answers:

4
+2  Q: 

Change Default Group in Script

Is it possible to change a user's default group inside a script for the duration of that script's execution?

I need to generate files in a script that have the proper user and group but my user's primary group is not who should own the resultant output.

$ groups
groupa groupb

$ ./myscript.sh

$ ls -l
-rw-r--r-- 1 me groupa     0 Sep 17 09:42 myscript_output.txt

But I want "groupb".

myscript.sh:

#!/bin/bash

touch "myscript_output.txt"
+1  A: 

Normally that can be accomplished by applying to a program the modifications:

chgrp groupb myprog
chmod g+s myprog

But that works with normal programs - not with the shell scripts (for security reasons). For a shell script there is no other way (at least I'm not aware (*)) other than from inside script itself to call the chgrp:

#!/bin/bash

FNAME="myscript_output.txt"
GRP=groupb

touch $FNAME
chgrp $GRP $FNAME || { echo 2>&1 "Can't change group of $FNAME to $GRP"; exit 1; }

(*) Some people for the purpose write a tiny wrapper C program. But that is kludgy. Search net for "setuid shell scripts" - there would be lots of such example C programs and replace most commonly found there setuid(0) with getgrnam() + setgid().

Dummy00001  2010-09-17 18:44:46
A: 

Try the newgrp command, which changes the primary group of a user into another group of which that user is a member:

#!/bin/bash

newgrp groupb << END
    touch "myscript_output.txt"
END
dogbane  2010-09-17 22:59:49
I wanted to up-vote this but was unable due to an initial up-down voting that I did 30 minutes before I accepted the answer.
Nate  2010-09-28 04:44:22
+1  A: 

The sg command can do this pretty well.

#!/bin/bash

sg groupb "touch myscript-output.txt"
Nate  2010-09-18 00:21:57
+1  A: 

The group can be set from a script. It only requires the "if" statement below. The group is checked and if it is incorrect, then the script is restarted with the sg command Nate mentioned.
A check for looping is employed(just in case the unforeseeable happens.)

To use, just change the group from "wheel" to the desired. Replace the "DEMO" section with the regular code.

Read on, below(after the script.)

#! /bin/sh
#    
# If the group(set with NEEDGRP) is already correct, or this code has already
# run, then this section is skipped and the rest of the 
# script is run; otherwise sg is called to restart the script with the
# desired group.  Assumes the command "id -ng" returns the group.

if ! [ "${SBREADY:=false}" = true -o $(id -ng) = ${NEEDGRP:=wheel} ] ; then
    export SBREADY=true
    exec sg $NEEDGRP "$0" "$@"
fi

# ---------------------- DEMO: CUT HERE ---------------------------
# This is a demonstration of creating files.
echo HELLO my group is $(id -ng), GID=$(id -g)
# NOTE: files are created with the current group only if the directory
# is not sgid.
# Show current directory and permissions on it
echo
pwd -P
ls -ld .
echo
# Create and list some new files, the remove them.
touch my-$$.{a,b,c}
echo Created  my-$$.{a,b,c}...
ls -l  my-$$.{a,b,c}
echo
rm -v  my-$$.{a,b,c}

Following are printouts of some tests run in order to explain why just changing groups my not be sufficient to ensure files have the right group ownership. Directory permissions also come into play.

This first log is the output from ruining in a regular directory. The script is run as user frayser, and group frayser. Files are created with the desired group. Compare to the next listing:

frayser@gentoo ~/src/Answers $ (cd /tmp; $OLDPWD/set-group.sh)
HELLO my group is wheel, GID=10

/tmp
drwxrwxrwt 16 root root 976 Sep 24 04:45 .

Created my-19201.a... my-19201.b... my-19201.c...
-rw-r----- 1 frayser wheel 0 Sep 24 04:53 my-19201.a
-rw-r----- 1 frayser wheel 0 Sep 24 04:53 my-19201.b
-rw-r----- 1 frayser wheel 0 Sep 24 04:53 my-19201.c

removed `my-19201.a'
removed `my-19201.b'
removed `my-19201.c'

Now this next run happens in a director that is sgid "conman" because as a policy, Configuration Management is given group ownership of all src directories. NOTE: The files inherit the group of the directory.

frayser@gentoo ~/src/Answers $ ./set-group.sh 
HELLO my group is wheel, GID=10

/usr/lucho/src/frayser/practice
drwxr-s--- 6 frayser conman 768 Sep 24 04:51 .

Created my-19214.a... my-19214.b... my-19214.c...
-rw-r----- 1 frayser conman 0 Sep 24 04:54 my-19214.a
-rw-r----- 1 frayser conman 0 Sep 24 04:54 my-19214.b
-rw-r----- 1 frayser conman 0 Sep 24 04:54 my-19214.c

removed `my-19214.a'
removed `my-19214.b'
removed `my-19214.c'
frayser@gentoo ~/src/Answers $

Because of directory permissions, it may be necessary for a script to explicitly set permissions and ownership.

Frayser  2010-09-24 12:52:45

related questions

grep a file, but show several surrounding lines?
VMWare Server Under Linux Secondary NIC connection
Should I move from C++ to Python? ... Or another language?
Globus Toolkit virtual machine
How to avoid redefining VERSION, PACKAGE, etc.
How do I setup Public-Key Authentication?
showing a message box from a bash script in linux
Best Linux Distro for Computer Repair
Mapping my custom keys in Debian
Any IcedTea war stories?
How do you find the age of a long-running Linux process?
Personal Linux web server
Programmatically talking to a Serial Port in OS X or Linux
what's in your .bashrc ?
Linux - files and scripts that execute on boot
Text Editor For Linux (Besides Vi)?
Lightweight IDE for Linux
Shell scripting input redirection oddities
XML Editing/Viewing Software
What should a longtime Windows user know when starting to use Linux?
Gtk SSH client for Linux?
Getting root permissions on a file inside of vi?
Is it possible to drag windows between workspaces when using Compiz?
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?