LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices



Reply
 
Search this Thread
Old 10-27-2013, 11:40 PM   #1
dksellou
Member
 
Registered: Feb 2013
Posts: 30

Rep: Reputation: Disabled
newgrp command versus roles


I don'tknow if it is the correct category to post this post, but what is the difference between newgrp command and role? Does it differ or not?
For example, in a System V-based UNIX system, in which a process can have exactly one group identity, and in order to change groups users must execute the newgrp command.
Do these groups differ from roles?
does my question make sense?
 
Old 10-28-2013, 12:53 AM   #2
evo2
Guru
 
Registered: Jan 2009
Location: Japan
Distribution: Mostly Debian and Scientific Linux
Posts: 5,591

Rep: Reputation: 1244Reputation: 1244Reputation: 1244Reputation: 1244Reputation: 1244Reputation: 1244Reputation: 1244Reputation: 1244Reputation: 1244
Hi,

I'm not familiar with "roles": in what context and on what system are you using "roles"?

Evo2.
 
Old 10-28-2013, 10:52 AM   #3
dksellou
Member
 
Registered: Feb 2013
Posts: 30

Original Poster
Rep: Reputation: Disabled
It is a very general question...
 
Old 10-28-2013, 04:32 PM   #4
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 2,349

Rep: Reputation: 595Reputation: 595Reputation: 595Reputation: 595Reputation: 595Reputation: 595
newgrp has nothing to do with security roles...

It sets the processes group id - which in most systems is irrelevent. All groups are available.

Groups are defined as collections of users, group access is granted to files based on the file group.

Normally, (see getgroups/setgroups) all groups are in the process access list. A process may access a file if the file belongs to the user (the owner of the file), or if the file group identifier match on of the groups in the users group list. That access is still limited by the corresponding permissions flags on the file.

Groups HAVE been overloaded with some "role" definitions - but these are only overloaded, and not a good use of groups. The use of a group as a role was supported by the set group id flag, AND by utilities like sudo - where a group name also matches a security control. It assumes that the group name is NOT used for files... but once a user is in the group, that user can then apply the group to a file, even if it isn't what the group was for.

This overloaded use worked where systems did not support true "roles". The overloaded use was just a workaround.

Linux has true role definition - supported by SELinux models, and can be applied to files, users, and or processes.
 
Old 10-28-2013, 04:44 PM   #5
evo2
Guru
 
Registered: Jan 2009
Location: Japan
Distribution: Mostly Debian and Scientific Linux
Posts: 5,591

Rep: Reputation: 1244Reputation: 1244Reputation: 1244Reputation: 1244Reputation: 1244Reputation: 1244Reputation: 1244Reputation: 1244Reputation: 1244
Quote:
Originally Posted by dksellou View Post
It is a very general question...
It's a very vague set of questions using an common word in what seems to be a specific way while leaving that term undefined.

Evo2.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: OpenOffice versus LibreOffice versus The World LXer Syndicated Linux News 0 03-06-2013 12:30 AM
newgrp command - how to change effective gid durus123 Red Hat 1 05-02-2012 05:47 PM
[SOLVED] Remote command execution via SSH and newgrp command SuperMegaMau Linux - General 4 05-13-2011 08:31 AM
[SOLVED] bash - versus --perl - versus python ow1 Linux - Software 2 05-03-2010 08:57 PM
newgrp command within perl/csh script bobsey Programming 1 04-13-2001 11:05 PM


All times are GMT -5. The time now is 09:03 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration