Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

sudo and newgrp problem

Status
Not open for further replies.
wpdavids

wpdavids

IS-IT--Management
Jan 31, 2001
60
US
I hope others have run into this.
When using sudo combined with the "newgrp" command I am droped into the "root" user ID. This is what I am running:
sudo newgrp - d_tst
Environment 'tst' set.
root@mybox:/#

I am now "root" what is going on.
root@mybox:/# id
uid=0(root) gid=204(d_tst)groups=0(system),2(bin),3(sys),7(security),8(cron),10(audit),11(lp)

I really do not want this to happen and I have set the "sudoers" file up correctly I think.
Is there a security bug with sudo and the "newgrp" command?

thanx
 
Sort by date Sort by votes
Hi!

It is by the mechanism of newgrp command. As it is written in its man page, it replaces your shell with a new one, regardless if it runs successfully, or not.
Thus the effect with sudo is similar to starting a new subshell. Try running a [tt]ps -ef | grep ksh[/tt] before running [tt]sudo newgrp[/tt], and also right afterward. Then check process ID-s and process parents.

--Trifo
 
Upvote 0 Downvote
Trifo,
I checked the process IDs and noticed that the pid for "wpdavids" is the same as the process ppid for the "root" shell. Your right that the newgrp command replaces the current shell for a new one. However, why is it replacing the shell from a regular user to the "root" ID?

I need to run newgrp with the sudo command and I do not want the shell to drop to the "root" ID.

How would the process ID check help me?

wpdavids 209642 196330 0 10:23:39 pts/1 0:00 -ksh
root 212642 209642 1 10:23:43 pts/1 0:00 -ksh
 
Upvote 0 Downvote
Well, you are dropped to root user, because sudo sets root user ID by default. Thus "sudo newgrp ..." starts a new shell environment (beacuse of sudo) and then newgrp replaces the newly created shell and keeps running. Now, if you type "exit", you will drop back to your original shell.
So this way is not for walk on.

By the way, what is the exact task to be done? Maybe I will be able to give some worthy support.

(I told you to chech PID-s to make you see the behaviour of the commands)

--Trifo
 
Upvote 0 Downvote
If you are trying to change your group from your primary group to another group of which you are a member, you don't need root rights and so you don't need to use sudo.

But having seen the results of sudo newgrp, you'll probably want to configure sudo so no one can execute sudo newgrp.
 
Upvote 0 Downvote
bi: Well, you told the right words. People authorized to use newgrp will be able to do so without root privileges.

--Trifo
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

E
  • Locked
  • Question
What are reservations and how do you set them?
Replies
0
Views
375
emze
E
jkc2023
  • Locked
  • Question
AIX TL and SP upgrade
Replies
0
Views
536
jkc2023
jkc2023
Dan Gaeta
  • Locked
  • Question
Power 740 and HMC
Replies
1
Views
427
pa2nc
pa2nc
vipermaus
  • Locked
  • Question
IBM 615-6C3 Fans missing fault (1011 7620 and 1011 7611)
Replies
0
Views
243
vipermaus
vipermaus
BunnyMerah
  • Locked
  • Question
Using sed to find matched patterns and append
Replies
1
Views
173
johnherman
johnherman

Part and Inventory Search

Sponsor

Back
Top