newgrp command versus roles
 

I don'tknow if it is the correct category to post this post, but what is the difference between newgrp command and role? Does it differ or not?
For example, in a System V-based UNIX system, in which a process can have exactly one group identity, and in order to change groups users must execute the newgrp command.
Do these groups differ from roles?
does my question make sense?

Hi,

I'm not familiar with "roles": in what context and on what system are you using "roles"?

Evo2.

It is a very general question...

newgrp has nothing to do with security roles...

It sets the processes group id - which in most systems is irrelevent. All groups are available.

Groups are defined as collections of users, group access is granted to files based on the file group.

Normally, (see getgroups/setgroups) all groups are in the process access list. A process may access a file if the file belongs to the user (the owner of the file), or if the file group identifier match on of the groups in the users group list. That access is still limited by the corresponding permissions flags on the file.

Groups HAVE been overloaded with some "role" definitions - but these are only overloaded, and not a good use of groups. The use of a group as a role was supported by the set group id flag, AND by utilities like sudo - where a group name also matches a security control. It assumes that the group name is NOT used for files... but once a user is in the group, that user can then apply the group to a file, even if it isn't what the group was for.

This overloaded use worked where systems did not support true "roles". The overloaded use was just a workaround.

Linux has true role definition - supported by SELinux models, and can be applied to files, users, and or processes.

It's a very vague set of questions using an common word in what seems to be a specific way while leaving that term undefined.

Evo2.