Is it possible to change a user's default group inside a script for the duration of that script's execution?
I need to generate files in a script that have the proper user and group but my user's primary group is not who should own the resultant output.
$ groups
groupa groupb
$ ./myscript.sh
$ ls -l
-rw-r--r-- 1 me groupa 0 Sep 17 09:42 myscript_output.txt
But I want "groupb".
myscript.sh:
#!/bin/bash
touch "myscript_output.txt"
To change the primary group a user is assigned to, run the usermod command, replacing examplegroup with the name of the group you want to be the primary and exampleusername with the name of the user account. Note the -g here. When you use a lowercase g, you assign a primary group.
Change User's Primary Group in Ubuntu By using the `usermode` command followed by the option `-g`, you can change the user's primary group.
A user's primary group is the default group the account is associated with. Directories and files the user creates will have this Group ID. A secondary group is any group(s) a user is a member of other than the primary group.
Try the newgrp
command, which changes the primary group of a user into another group of which that user is a member:
#!/bin/bash
newgrp groupb << END
touch "myscript_output.txt"
END
The group can be set from a script. It only requires the "if"
statement below. The group is checked and if it is incorrect, then
the script is restarted with the sg command Nate mentioned.
A check for looping is employed(just in case the unforeseeable happens.)
To use, just change the group from "wheel" to the desired. Replace the "DEMO" section with the regular code.
Read on, below(after the script.)
#! /bin/sh
#
# If the group(set with NEEDGRP) is already correct, or this code has already
# run, then this section is skipped and the rest of the
# script is run; otherwise sg is called to restart the script with the
# desired group. Assumes the command "id -ng" returns the group.
if ! [ "${SBREADY:=false}" = true -o $(id -ng) = ${NEEDGRP:=wheel} ] ; then
export SBREADY=true
exec sg $NEEDGRP "$0" "$@"
fi
# ---------------------- DEMO: CUT HERE ---------------------------
# This is a demonstration of creating files.
echo HELLO my group is $(id -ng), GID=$(id -g)
# NOTE: files are created with the current group only if the directory
# is not sgid.
# Show current directory and permissions on it
echo
pwd -P
ls -ld .
echo
# Create and list some new files, the remove them.
touch my-$$.{a,b,c}
echo Created my-$$.{a,b,c}...
ls -l my-$$.{a,b,c}
echo
rm -v my-$$.{a,b,c}
Following are printouts of some tests run in order to explain why just changing groups my not be sufficient to ensure files have the right group ownership. Directory permissions also come into play.
This first log is the output from ruining in a regular directory. The script is run as user frayser, and group frayser. Files are created with the desired group. Compare to the next listing:
frayser@gentoo ~/src/Answers $ (cd /tmp; $OLDPWD/set-group.sh)
HELLO my group is wheel, GID=10
/tmp
drwxrwxrwt 16 root root 976 Sep 24 04:45 .
Created my-19201.a... my-19201.b... my-19201.c...
-rw-r----- 1 frayser wheel 0 Sep 24 04:53 my-19201.a
-rw-r----- 1 frayser wheel 0 Sep 24 04:53 my-19201.b
-rw-r----- 1 frayser wheel 0 Sep 24 04:53 my-19201.c
removed `my-19201.a'
removed `my-19201.b'
removed `my-19201.c'
Now this next run happens in a director that is sgid "conman" because as a policy, Configuration Management is given group ownership of all src directories. NOTE: The files inherit the group of the directory.
frayser@gentoo ~/src/Answers $ ./set-group.sh
HELLO my group is wheel, GID=10
/usr/lucho/src/frayser/practice
drwxr-s--- 6 frayser conman 768 Sep 24 04:51 .
Created my-19214.a... my-19214.b... my-19214.c...
-rw-r----- 1 frayser conman 0 Sep 24 04:54 my-19214.a
-rw-r----- 1 frayser conman 0 Sep 24 04:54 my-19214.b
-rw-r----- 1 frayser conman 0 Sep 24 04:54 my-19214.c
removed `my-19214.a'
removed `my-19214.b'
removed `my-19214.c'
frayser@gentoo ~/src/Answers $
Because of directory permissions, it may be necessary for a script to explicitly set permissions and ownership.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With