Resets a session's process group set.
The setgroups command, by default, displays the user's current group set and process group set for the current shell. A user's group set is defined in the user database files. When given a flag and a GroupSet parameter, this command resets the process group set as listed by the GroupSet parameter. The GroupSet parameter is a comma-separated list of group names. The available groups are defined in the user database files.
You can also use the setgroups command to add or delete groups from the current group set. Using the -r flag, you can reset the real group ID. If you specify the Groupset parameter but no flags, the setgroups command resets all the groups and makes the first group in the list the real group. The setgroups command does not change the security characteristics of the controlling terminal.
When you run the setgroups command, the system always replaces your shell with a new one. The command replaces your shell regardless of whether the command is successful or not. For this reason, the command does not return error codes.
The setgroups -r command is identical to the newgrp command.
Item | Description |
---|---|
-a GroupSet | Adds the groups specified by the GroupSet parameter to the current session. The number of groups in the new set must not exceed NGROUPS_MAX groups, a value defined in the limits.h file. The real group ID is not changed. |
-d GroupSet | Removes the groups specified by the GroupSet parameter from the current session. If the real group is removed, the next group listed in the current set becomes the real group. |
-r Group | Resets the real group for the current process. If you do not specify a Group parameter and the current real group is not the primary group, the -r flag removes the current real group and resets the real group to the original primary group. If you specify a Group parameter, this behaves identically to the newgrp command. |
- | Re-initializes the group set of the session to its original login state. |
Access Control: This command should be a general user program. This command should be installed as a program in the trusted computing base (TCB). The command should be owned by the root user with the setuid (SUID) bit set.
Files Accessed:
Mode | Files |
---|---|
r | /etc/passwd |
r | /etc/group |
Auditing Events:
Item | Description |
---|---|
Event | Information |
Item | Description |
---|---|
USER_SetGroups | realgroup, groupset |
setgroups
Output
similar to the following appears: sah:
user groups = staff,payroll
process groups = staff,payroll
setgroups -a finance
setgroups finance,staff,payroll
This
sets finance as the real group. The staff and payroll groups
make up the supplementary group list.setgroups -d payroll
setgroups -
This resets your current session to its original state just after you log in.Item | Description |
---|---|
/usr/bin/setgroups | Contains the setgroups command. |
/etc/group | Contains basic group attributes. |
/etc/passwd | Contains basic user attributes. |