Changing UNIX primary group

[Justin Johnson]

I have a unix id that has group1 for a primary group, and group2, group3,
and group4 for supplementary groups. I'd like to change my primary group
before running certain commands. So sometimes I might want group2 to be
the primary group, and other times group3 or group4.

I saw the posix module's setgid method, but it failed for me unless I was
running as root. Also it only accepts the gid, but I'd rather pass in
the group name, or somehow lookup the gid based on the name.

Does anyone know a way to do all of this?
Thanks much.
-Justin

 

[Inyeol Lee]

I have a unix id that has group1 for a primary group, and group2, group3,
and group4 for supplementary groups. I'd like to change my primary group
before running certain commands. So sometimes I might want group2 to be
the primary group, and other times group3 or group4.

I saw the posix module's setgid method, but it failed for me unless I was
running as root. Also it only accepts the gid, but I'd rather pass in
the group name, or somehow lookup the gid based on the name.

Does anyone know a way to do all of this?
Thanks much.
-Justin

These are not python solution;

1) make a setgid script and put your commands there, or
2) use shell commands;

echo "command1; command2;" | newgrp group2

-Inyeol

 

[Justin Johnson]

Thanks. I was hoping for a python solution though. :-( Does anyone
know of a way to do this in python?

 

[Justin Johnson]

Okay, I'll have to do some more research. Maybe I *will* have to run the
script setuid root. Shucks! Thanks for the grp.getgrnam help. Just
what I needed.

Thanks. I was hoping for a python solution though. :-( Does anyone
know of a way to do this in python?

Unix doesn't let you setgid() to groups in the supplemental group list
without the same permission needed to change to any group.

But depending what you need to do, you might be able to use set-group-id
directories. For instance, if I am group g1 and have a group list [g1,
g2, g3], then I can read files readable by any of those groups, and
create files in directories writable by any of those groups. But if you
make a directory d2 that is setgid g2 and d3 setgid g3, then when I
create a file in d2 it will belong to group g2.

Barring that, you could modify the setgid() call in the kernel, to permit
the change if the requested group is in the auxiliary group list.
It looks like something you could do in an afternoon if you have the
source for your kernel (bsd, linux, etc) and can program C.

Also [setgid] only accepts the gid, but I'd rather pass in
the group name, or somehow lookup the gid based on the name.

See grp.getgrnam(). Example'utmp', 'x', 22, [])

Jeff