sg(C) 19 June 1992 sg(C) Name sg - set groups Syntax sg [ -e ] [ -t ] [ -v ] [ -g group ] [ -a grouplist ] [ -r grouplist ] [ -s grouplist ] [ -c command ] Description The sg command allows users to run shells and commands with a different group ID and a modified supplemental group list. You are limited to working with the groups of which you are a member. You are a member of a group if any one of the following conditions is true: + You are the super user. (The super user is considered a member of all groups.) + The group is your login group, listed in /etc/passwd. + You are listed as a member of the group in /etc/group. + The group is the current real (RGID) or effective group ID (EGID). + The group is in the current effective supplemental group access list. + The group has a password which you know. Options -e Display the supplemental group access list of the current process. This is the default. -t Display the user's login group plus any groups the user is a member of in /etc/group. The super user is considered to be a member of all groups listed in the group file. -v Display the new supplemental group access list before each command or shell is run. With -a or -s, -v warns if a group to be added is already in the supplemental group access list or if a group cannot be added because the supplemental group access list is full. With the -r option, it warns if a group to be removed is not in the supplemental group access list. -g group Set the real and effective group ID to group for subsequent commands to be executed by sg. group can be a group name or a group ID, but must be a group of which the user is a member. -a grouplist Add groups to the supplemental group list. See below for the syntax of grouplist. -r grouplist Remove groups from the supplemental group list. See below for the syntax of grouplist. (You do not need to be a member of the group being removed. Neither is there a requirement that the group being removed is actually in the supplemental group list.) -s grouplist Set the supplemental group list to grouplist. See below for the syntax of grouplist. -c command Pass command to the user's login shell for execution with the specifed supplemental group and/or group ID modifications. The shell must support the -c command syntax similar to sh(C). Giving the empty string "" as the argument to -c causes the user's shell to be run. Exiting that shell will resume execution of sg. A grouplist is a comma- or whitespace- (tab or space) separated list of group names and group IDs. The user must be a member of any groups speci- fied in grouplist. If group or grouplist are an empty string "", or just contain separators, the -s option sets the supplemental group access list to empty, and -a, -r, and -s have no effect. sg reads its options from left to right and performs them as they are read. The -g, -a, -r and -s options are cumulative, but they only take effect when a command is executed by the -c option. If at least one of the -g, -a, -r or -s options has been specified since the previous -c option was performed, and the end of the argument list is reached, the user's shell is invoked with the specified group ID and sup- plemental group access list. When sg terminates, the user's original shell and supplemental group access list will be in effect. Examples Assuming the user is listed as a member of groups work and eng (with group IDs of 100 and 200), to execute a shell with both groups added to the current supplemental group access list: sg -a work,eng -c "" This can also be achieved by: sg -a "100 200" To execute yourprog with a group ID of 100 and an empty supplemental group access list: sg -g work -s "" -c yourprog Files /etc/group Group file /etc/passwd Password file See also login(M), newgrp(C), sh(C) Diagnostics If sg detects an error, it displays an appropriate error message and exits with a status greater than zero. If no errors are encountered, sg exits with a status of zero. Notes Each process has a supplemental group access list (maintained by the ker- nel), which is used in determining file access permissions in addition to the effective group ID. The maximum number of group IDs which can be held in the supplemental group access list is defined by the tunable kernel parameter NGROUPS. sg can potentially output very long lines on systems with a large value of NGROUPS configured. sg executes as setuid zero, resetting the effec- tive user ID to the real user ID before executing any commands. Authorization The execsuid kernel authorization is required to run sg. Value added sg is an extension of AT&T System V provided by The Santa Cruz Operation, Inc.