Changing Linux group permissions, was Re: [plug] RE: Sound Card

Christian christian at amnet.net.au
Wed Aug 15 16:58:13 WST 2001


On Wed, Aug 15, 2001 at 01:30:02PM +0800, Mike Holland wrote:
 
> Thanks Greg, but that doesnt seem to help much. Neater than telnet to
> self, though.  We really want a way to add the group access to all a
> user's processes, e.g. the gnome/kde sound server. The only way I know
> is to effectively "reboot" the whole X gui. Though a more experienced user
> could probably just restart the particular processes that require the new
> permissions, in some cases.
>    This issue must have been the topic of many arguments in the history of
> Unix. Perhaps there is a good security reason for only checking group
> permissions at login time??   Looks like a design weakness though.

When would you like the group permissions to be checked?  Upon every
system call that requires checking a process's credentials?  This would
very likely slow down system operation I suspect and that has always
been my guess as to why it is not done this way.  When the login process
exec's the shell it assigns it the relevant credentials and all the
shell's children maintain these credentials unless they use setuid()
etc.

BTW, I tried the 'newgrp -' command on a Red Hat 7.1 machine this
afternoon and it didn't recognise the option (plus there was no mention
of it in the manual).  It's on my Debian system though.

-- 
DSA 0x0EC1D28C: BBCB 0D79 4EBB 078A A066  7267 8BED E9D6 0EC1 D28C



More information about the plug mailing list