- 论坛徽章:
- 3
|
*****************************Change group temporary***************************
# Let's check the description of newgrp:
$ newgrp -h
Usage: newgrp [-] [group]
$ man -f newgrp
newgrp (1) - log in to a new group
newgrp (1p) - change to a new group
# From the man page,we know this:
newgrp is used to change the current group ID during a login session.
If the optional - flag is given,the user's environment will be reinitialized as though the user had logged in (just like the su -),otherwise the current
environment, including current working directory,remains unchanged.
# The /etc/gshadow stores the password infromation of groups
$ man -f gshadow
gshadow (5) - shadowed group file
$ grep lrc /etc/group
lrc::500:
[root]# grep lrc /etc/gshadow
lrc:::
# group name:encrypted password:group administrators:group members
$ su - oracle
[oracle]$ newgrp lrc
Sorry.
# Because if not root,the user will be promted for a password if she does not have a password,or if the user is not listed as a member,the user will be denied.
# If we use root
[root@server ~]# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) context=user_u:system_r:unconfined_t
[root@server ~]# newgrp lrc
[root@server ~]# id
uid=0(root) gid=500(lrc) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),500(lrc) context=user_u:system_r:unconfined_t
# we can find that the root user can change gid success,and the gid has been changed to lrc
# If we want the oracle user to change gid to lrc success,we can use gpasswd by root privilege.
$ man -f gpasswd
gpasswd (1) - administer the /etc/group file
$ su -
[root@server ~]# grep lrc /etc/gshadow
lrc:::
[root@server ~]# gpasswd -a oracle lrc
Adding user oracle to group lrc
[root@server ~]# grep lrc /etc/gshadow
lrc:::oracle
[root@server ~]# su - oracle
[oracle@server ~]$ id
uid=501(oracle) gid=501(oracle) groups=500(lrc),501(oracle) context=user_u:system_r:unconfined_t
[oracle@server ~]$ newgrp lrc
[oracle@server ~]$ id
uid=501(oracle) gid=500(lrc) groups=500(lrc),501(oracle) context=user_u:system_r:unconfined_t
# Obviously,We change use gpasswd -a to add oracle to lrc group as a member.But
# there is another way to grant oracle to use newgrp
$ su -
[root@server ~]# gpasswd -d oracle lrc
Removing user oracle from group lrc
[root@server ~]# grep lrc /etc/gshadow
lrc:::
[root@server ~]# gpasswd lrc
Changing the password for group lrc
New Password:
Re-enter new password:
[root@server ~]# grep lrc /etc/gshadow
lrc:$1$Vqzun/qK$eEjNvYuP7AxNslwNxo4if.::
[root@server ~]# su - oracle
[oracle@server ~]$ id
uid=501(oracle) gid=501(oracle) groups=501(oracle) context=user_u:system_r:unconfined_t
[oracle@server ~]$ newgrp lrc
Password:
[oracle@server ~]$ id
uid=501(oracle) gid=500(lrc) groups=500(lrc),501(oracle) context=user_u:system_r:unconfined_t
# We changed the password of group lrc,then input the correct password oracle
# can change the gid of lrc.
# If we want to delete the password of group,we can use gpasswd -r
[root@server ~]# grep lrc /etc/gshadow
lrc:$1$Vqzun/qK$eEjNvYuP7AxNslwNxo4if.::
[root@server ~]# gpasswd -r lrc
[root@server ~]# grep lrc /etc/gshadow
lrc:::
[root@server ~]# su - oracle
[oracle@server ~]$ id
uid=501(oracle) gid=501(oracle) groups=501(oracle) context=user_u:system_r:unconfined_t
[oracle@server ~]$ newgrp lrc
Sorry.
# If we want to forbid other non-root user to change to the specific gid.
[root@server ~]# gpasswd -R lrc
[root@server ~]# grep lrc /etc/gshadow
lrc:!::
[root@server ~]# su - oracle
[oracle@server ~]$ newgrp lrc
Password:
Sorry.
# Previously,we mentioned that If the optional - flag is given,the user's
# environment will be reinitialized as though the user had logged in
# (just like the su -)
[root@server ~]# export T=hh
[root@server ~]# echo $T
hh
[root@server ~]# newgrp lrc
[root@server ~]# echo $T
hh
[root@server ~]# newgrp - lrc
[root@server ~]# echo $T
[root@server ~]#
因为是在text mode下总结的,所以使用蹩脚的英文
: )
[ 本帖最后由 ruconse 于 2009-5-5 23:32 编辑 ] |
|
免费注册
发表于 2009-05-05 23:30