Can my alter-ego use "at"?
Leo de Wit
leo at ehviea.ine.philips.nl
Sat Jun 30 03:46:39 AEST 1990
In article <960005 at teecs.UUCP> belkin at teecs.UUCP (Hershel Belkin) writes:
|Can anyone tell me if there is any way to scedule a process using
|"at" or crontab but have it run under a group ID that is different
|than one's login group ID? (Of course, I'm assuming that the user
|is a valid member of the group!)
|
|I've looked, but have not been able to come up with a solution (other
|than have a separate login entry for the user under a different group..
|but that isn't a viable solution)
|
|The problem is that newgrp replaces your shell, so that your
|execution script no longer runs, and it has no provision (or none
|that I've seen) for passing the name of a script to run when it
|starts up. I even tried doing a newgrp with the "-" option and then
|using .profile to kick on the script, but that results in a lot of
|loud complaining (via mail) since the login is not from an interactive
|device!
|
The following script should do what you want:
----------- start of script -----------
#! /bin/sh
# grpat - run an at script as an other group.
# Usage: grpat group date
# Author: L.J.M. de Wit, Fri Jun 29 1990
case $# in
0|1) echo >&2 "Usage: grpat group date"; exit 1;;
*) group=$1; shift;;
esac
(sleep 5; echo at "$@"; cat) | newgrp $group
----------- end of script -----------
The trick is to pass the newgrp command via a pipe the at command to
execute plus the script from stdin (passed by cat). The script stored
in /usr/spool/at will thus be setuid the group $group, and atrun will
execute it for the correct group.
The magical "sleep 5" is there to give newgrp a chance to source its
[.login|.profile|.cshrc|.whatever], without loosing subsequent input (I
don't know the cause, but that seems to be a quirk in many shells).
This is also the reason I couldn't use a here document for the newgrp
command.
Hope this will solve your problem,
Leo.
More information about the Comp.unix.wizards
mailing list