newgrp - change to a new group
newgrp [-l][group newgrp [-][group]
The newgrp utility creates a new shell execution environment with a new real and effective group identification. Of the attributes listed in
Shell Execution Environment, the new shell execution environment will retain the working directory, file creation mask and exported variables from the previous environment (that is, open files, traps, unexported variables, alias definitions, shell functions and set options may be lost). All other aspects of the process environment that are preserved by the exec family of functions in the XSH specification also are preserved by newgrp; whether other aspects are preserved is unspecified.
A failure to assign the new group identifications (for example, for security or password-related reasons) does not prevent the new shell execution environment from being created.
The newgrp utility affects the supplemental groups for the process as follows:
- On systems where the effective group ID is normally in the supplementary group list (or whenever the old effective group ID actually is in the supplementary group list):
- If the new effective group ID is also in the supplementary group list, newgrp will change the effective group ID.
- If the new effective group ID is not in the supplementary group list, newgrp will add the new effective group ID to the list, if there is room to add it.
- On systems where the effective group ID is not normally in the supplementary group list (or whenever the old effective group ID is not in the supplementary group list):
- If the new effective group ID is in the supplementary group list, newgrp will delete it.
- If the old effective group ID is not in the supplementary list, newgrp will add it if there is room.
With no operands, newgrp will change the effective group back to the groups identified in the user's user entry, and will set the list of supplementary groups to that set in the user's group database entries.
- The XSH specification does not specify whether the effective group ID of a process is included in its supplementary group list.
If a password is required for the specified group, and the user is not listed as a member of that group in the group database, the user will be prompted to enter the correct password for that group. If the user is listed as a member of that group, no password will be requested. If no password is required for the specified group, it is implementation-dependent whether users not listed as members of that group can change to that group. Whether or not a password is required, implementation-dependent system accounting or security mechanisms may impose additional authorisation restrictions that may cause newgrp to write a diagnostic message and suppress the changing of the group identification.
The newgrp utility supports the XBD specification, Utility Syntax Guidelines , except that the obsolescent version uses "-" in a non-standard manner.
The following option is supported:
- (The letter ell.)
- Change the environment to what would be expected if the user actually logged in again.
The following operand is supported:
- A group name from the group database or a non-negative numeric group ID. Specifies the group ID to which the real and effective group IDs will be set. If group is a non-negative numeric string and exists in the group database as a group name (see getgrnam()), the numeric group ID associated with that group name will be used as the group ID.
The file /dev/tty is used to read a single line of text for password checking, when one is required.
The following environment variables affect the execution of newgrp:
- Provide a default value for the internationalisation variables that are unset or null. If LANG is unset or null, the corresponding value from the implementation-dependent default locale will be used. If any of the internationalisation variables contains an invalid setting, the utility will behave as if none of the variables had been defined.
- If set to a non-empty string value, override the values of all the other internationalisation variables.
- Determine the locale for the interpretation of sequences of bytes of text data as characters (for example, single- as opposed to multi-byte characters in arguments).
- Determine the locale that should be used to affect the format and contents of diagnostic messages written to standard error.
- Determine the location of message catalogues for the processing of LC_MESSAGES .
Used for diagnostic messages and a prompt string for a password, if one is required. Diagnostic messages may be written in cases where the exit status is not available; see EXIT STATUS.
If newgrp succeeds in creating a new shell execution environment, whether or not the group identification was changed successfully, the exit status will be the exit status of the shell. Otherwise, the following exit value is returned:
- An error occurred.
The invoking shell may terminate.
There is no convenient way to enter a password into the Group Database. Use of group passwords is not encouraged, because by their very nature they encourage poor security practices. Group passwords may disappear in the future.
A common implementation of newgrp is that the current shell uses exec to overlay itself with newgrp, which in turn overlays itself with a new shell after changing group. On some systems, however, this may not occur and newgrp may be invoked as a subprocess.
The newgrp command is intended only for use from an interactive terminal. It does not offer a useful interface for the support of applications.
The exit status of newgrp is generally inapplicable. If newgrp is used in a script, in most cases it will successfully invoke a new shell and the rest of the original shell script will be bypassed when the new shell exits. Used interactively, newgrp displays diagnostic messages to indicate problems. But usage such as:is not useful because the new shell might not have access to any status newgrp may have generated (and most historical systems do not provide this status). A zero status echoed here does not necessarily indicate that the user has changed to the new group successfully. Following newgrp with the id command provides a portable means of determining whether the group change was successful or not.
newgrp foo echo $?
sh, the XSH specification description of exec.