1. Overview

In Linux, a group is a collection of users with the same permissions to directories, files, and other resources. By default, each user is associated with a primary group but can also belong to multiple secondary groups. This ensures that a system is kept organized and secure.

In this tutorial, we’ll discuss running a process with a specific group. To clarify, we’ll work from the command line with the help of the sg and newgrp commands.

2. Using the sg Command

The sg command is a powerful tool that allows users to run a process with the privileges of a specified group. So, it enables the user to access files, directories, and other resources accessible only to members of that group.

This command follows a general syntax:

$ sg [group] [[-c] command]

Also, it contains several parameters that help in customizing the output:

  • group – represents the name of the target group to execute a command with
  • -c – allows us to immediately provide the command to be executed. In detail, without the -c option, we’d have to provide the command as the last argument.
  • command – the command we want to run with the privileges of the specified group

Now, let’s check which groups we are a member of:

$ groups
samuel adm cdrom sudo dip plugdev lpadmin lxd sambashare devs

When we execute the groups command without passing any arguments, it shows the groups of the currently logged-in user. The first group in our output, samuel, represents our primary group while the others are the secondary groups.

Next, we run a process with a specific group:

$ sg adm -c "ls -l"
total 56
drwxrwxr-x  4 samuel samuel  4096 Jul 28  2022 Boot
drwxr-xr-x  5 samuel samuel  4096 Jul 20 10:06 Desktop
drwxr-xr-x  2 samuel samuel  4096 Aug  4 16:15 Documents
...
drwxr-xr-x  2 root   adm     4096 Aug  4 00:29 Testing
drwxr-xr-x  2 samuel samuel  4096 Jul 26  2022 Videos
drwx------  9 samuel samuel  4096 Jul  4 16:18 snap

In the above example, we execute the ls -l command with the adm group’s privileges to list detailed information about all the directories and files.

What’s more, it’s possible to create a new file:

$ sg adm -c "touch test.txt"

Here, we use the touch command to create a new file named test.txt. Once it’s done, we proceed to show the owner and user group associated with the file:

$ sg adm -c 'ls -l test.txt'
-rw-rw-r-- 1 samuel adm 1520 Ago 14 17:59 test.txt

From the above output, we can see the test.txt file we created is owned by a user named samuel and belongs to the adm group.

Also, we can delete directories and files:

$ sg adm -c "rm -r Documents/"

In the above command, we use the rm -r command to delete a directory named Documents with the privileges of the adm group.

3. Using the newgrp Command

The newgrp command is a Linux utility that allows users to switch their primary group to a different group temporarily. It enables users to access files and directories associated with that group without permanently changing their primary group.

It follows a general syntax:

$ newgrp [group]

The newgrp command contains the parameter group, which represents the name of the group we want to switch to temporarily.

Similar to the previous section, we need to view all the groups that we’re associated with:

$ groups
samuel adm cdrom sudo dip plugdev lpadmin lxd sambashare devs

Here, we’ll work with the devs user group, a secondary group we’re a part of.

So, let’s switch to this group:

$ newgrp devs

Using this command, we’ve temporarily changed our primary group from samuel to devs. This starts a new shell session with the temporary primary group. Therefore, we can now run any process with the permissions of the devs group. Notably, if we try to switch to a group that doesn’t exist or we’re not a member of, we’ll receive an error.

For instance, let’s create a directory in the devs group:

$ mkdir Files

Using the mkdir command, we’ve added the Files directory to the devs group.

Also, we can read the contents of a file in the devs group:

$ cat Contacts.txt 
CONTACTS
+254 735 111 222
+258 763 330 444
...
+919 611 655 811
+010 728 604 458

In the above command, we use the cat command to display a list of numbers in the Contacts.txt file.

Before we conclude, it’s important to return to our default primary group:

$ exit

The above command returns us to our original shell session with our default primary group.

4. Conclusion

In this article, we discussed how to run a process with a specific group. To achieve this, we explored how to utilize the sg and newgrp commands. However, it’s important to be careful when running processes with different groups’ permissions to maintain a stable and secure system.