Reload a Linux user's group assignments without logging out
Solution 1
Horribly hacky, but you could use two layers of newgrp
to achieve this for a particular group:
id -g
...will give you the current primary group ID. We'll call this orig_group
for the purposes of this example.
Then:
newgrp <new_group_name>
...will switch you to that group as the primary and add it to the list of groups returned by groups
or id -G
.
Now, a further:
newgrp <orig_group_name>
...will get you a shell in which you can see the new group and the primary is the original one.
This is horrible and will only get you one group added at a time, but it has helped me out a couple of times to get groups added without logging out/in my whole X session (e.g. to get fuse added as a group to a user so that sshfs will work).
Notes:
-
This doesn't require you to type your password either, which
su
will -
Each call to
newgrp
launches a new shell (as a child of the current shell) -
The current shell can be "replaced" with the
exec
commandexec newgrp <new_group_name>
-
Using
exec
will resolve the caching issue for the current branch of thepstree
I.e. if you are logged in to a window manager, every new terminal you launch will be a child of an earlier branch than the one "corrected" by this exercise and will therefore inherit the cached gid map.
Solution 2
From inside a shell, you can issue the following command
su - $USER
id will now list the new group:
id
Solution 3
This nifty trick from this link works great!
exec su -l $USER
I figured I'd post it here as every time I forget how to do this, this is the first link that come up in google.
Solution 4
1. Getting a shell with the new group without logging out and in again
If you're only adding one group, I used the following:
exec sg <new group name> newgrp `id -gn`
This is a variation on Legooolas's two-layer newgrp trick, but it is in one line and doesn't require you to manually enter your primary group.
sg
is newgrp but accepting a command to execute with the new group ID. The exec
means that the new shell replaces the existing shell, so you don't need to "logout" twice.
Unlike using su, you don't need to type in your password. It also doesn't refresh your environment (other than adding the group), so you retain your current working directory etc.
2. Executing the command in all Screen windows in a session
The at
command in Screen runs a command in whatever windows you specify (note this is a Screen command, not a shell command).
You can use the following command to send the command to all an existing Screen sessions:
screen -S <session_name> -X at \# stuff "exec sg <new_group_name> newgrp \`id -gn\`^M"
Note the need to escape the backticks to get id
to run in the Screen session, and the ^M to get Screen to hit 'enter' at the end of your command.
Note also that screen's stuff
command simply types the command text on your behalf. Therefore something strange may happen if one of the screen windows has a half-written command at a command prompt or is running an application other than a shell (e.g. emacs, top). If this is an issue, I have some ideas:
- To get rid of any half-written command, you can add "^C" to the start of the command.
- To avoid running the command in an emacs window, etc, you could ask `at' to filter on window title etc (in the example above, I use "#", which matches all windows, but you can filter by window title, user, etc).
To run the command in a specific window (identified by window number), use the following:
screen -S <session_name> -p 0 -X stuff "exec sg <new_group_name> newgrp \`id -gn\`^M"
Solution 5
Using newgrp
command solved problem for me:
newgrp <GroupName>
This blog post has detailed explanation.
Related videos on Youtube
Simon
Updated on September 18, 2022Comments
-
Simon over 1 year
When assigning a user's secondary group list using:
# usermod -G <grouplist> <user>
is it possible to force this group assignment to take effect without logging out all running sessions?
This would be very useful in the situation where a Screen session exists with many running shells, as the entire session essentially needs to be destroyed to make the group assignment take effect.
I think I can change the user's primary group in a running shell using the
newgrp
command - is there some alternative that would work for secondary groups?Ideally, I'd want something that would take effect in each shell without being run manually in every one, but failing that, maybe some way of forcing Screen to execute the same command in each.
-
mc0e over 8 yearsI know that at least for some window / session managers it's possible to do this such that the session picks up the new group and it's available to any new processes started from the menus, panel buttons or whatever. I came here just now looking to find that again, so can't say just now how to do it, and it's probably specific to the window manager.
-
-
Adrian Ratnapala over 12 yearsI think this the best approach in many cases, but the original poster did want to update multiple shells within a screen session. This solution would have be be done from each shell.
-
lunchmeat317 over 12 yearsTruthfully, I'm pretty sure that this isn't true - I'd found a way to do it before on a Linux box. However, for the life of me, I cannot remember what the command was. If I find it, I'll post it. Edit: Just found it, I'm posting it as an answer.
-
Michael about 11 yearstried in on a session in tmux and it did not work there either
-
ahmed afzaal over 10 yearsOn Fedora I had to do
newgrp $USER
instead ofnewgrp <orig_group>
. That means I didn't have to find my original primary group ID, so it's even easier than this solution. -
Dror about 10 yearsThe original solution would also only fix a single shell session in screen. I just tested that. The reason this solution works is because you are spawning a complete new session rather than inheriting from the original environment.
-
Ivan X over 9 years+1 for not putting the user in a subshell; you can logout/exit as usual with this. Also, if NOPASSWD: is set in /etc/sudoers, you can instead use
exec sudo su -l $USER
to avoid being prompted for password. -
Tyler Collier about 9 yearsBe advised: you'll be asked for a sudo password. If you get it wrong, your terminal will close.
-
bmaupin about 9 yearsYou can make the command slightly more generic like so:
su - $USER
-
Legooolas almost 9 yearsThis also doesn't require a password, which su does.
-
Edward Falk about 8 yearsI found it was sufficient to do
newgrp <new group name>
. This was Ubuntu 14.04 -
Legooolas about 8 yearsThis requires you to type a password though, which might be awkward/unwanted if you are trying to do it in lots of sessions.
-
mimoralea almost 8 years@EdwardFalk right, but you don't (might not) want to leave that group as your primary...
-
Raffi over 7 yearsFor
new group name
I had to specify the group that was missing from the firstid
. -
user3467349 over 7 yearsThis doesn't seem to work...
newgrp -<orig_group>
will resolve to a login that doesn't include the<new_group_name>
.. Are you sure this answer is still functional? -
pepoluan over 7 years@user3467349 where does that dash
-
before<orig_group>
come from? The command should benewgrp <orig_group>
<== notice, no dash -
pepoluan over 7 years@TylerCollier Ivan did mention
NOPASSWD:
-
user3467349 over 7 yearsThe
-
was a typo but your answer 100% doesn't work. -
user3467349 over 7 yearstry it:
groupadd example_group; sudo usermod -aG example_group; original_group=$(id -gn); newgrp example_group; newgrp $original_group;
than look at the output ofgroups
.example_group
is not in there. -
jwd over 7 yearsNote that each
newgrp
creates a new shell, so when you need to fully exit from your session you need to do "exit exit exit" to get all the way out (: -
jimav about 7 yearsBy the way,
exec su - <username>
can be used to get a new login shell with groups set, but that won't work in scripts because a new shell will read commands from the terminal. You could usesu -c "command ..." <myusername>
to restart your script, but the resulting process has no controlling terminal and so an error will occur if a screen editor or other interactive command is attempted. -
jasonmp85 about 7 yearsWhy was this downvoted? Can someone explain what's bad about it, because it was what occurred to me and I think I like it best?
-
jasonmp85 about 7 yearsGah, I voted it up before testing.
newgrp -
does not replace the "primary group". Patrick Conheady's answer is the best one here, as it neither forks nor changes the primary group. -
Pablo A almost 7 yearsCould you please explain what does this? Also would be great why is better or the differences with other solutions like
newgrp -
andexec su -l $USER
. -
Cyril Duchon-Doris about 6 yearsTried on Amazon linux 2, it did not work
-
Piotr Findeisen about 6 years
newgrp -
starts a new shell process -
Gringo Suave about 6 yearsThe one below with exec is a bit better, doesn't create a subshell.
-
rickfoosusa almost 6 yearsDidn't work on Ubuntu 18.04. Asked for password and failed.
newgrp docker
resulted innewgrp: failed to crypt password with previous salt: Invalid argument
. su method below worked. -
crockeea about 5 yearsSee stackoverflow.com/a/10080117/925978 for how to do this inside a script; you need heredocs.
-
Tacahiroy over 4 years@jwd You can avoid
exit; exit; exit
you could useexec
to replace the current shell likeexec newgrp new_group
, thenexec newgrp orig_group
. -
scravy over 4 yearsIn light of your comment on the answer by Mister_Tom, this is, as all of the other answers, a workaround. Mister_Tom's answer is still correct.
-
scravy over 4 yearsThank you for pointing this out, this is also my understanding. Every other answer here simply opens a new shell, no matter whether it replaces one open shell or restarts screen or whatever. There is no magical panacea to issue a command or script and have every running session, including your X session, reflect the new group memberships.
-
nijoakim over 4 yearsNote that you won't be able to run X applications without doing
export DISPLAY=:0.0
aftersu - $USER
. (Or replace ":0.0" with whateverecho $DISPLAY
outputs.) -
neokyle over 4 yearsThis only works for an interactive shell, If you try to put it in a bash.sh script as soon as this command is run the script will stop. On this related question, unix.stackexchange.com/questions/18897/…, Gilles points out that this is just the way Linux processes work. Ansible will let you refresh group but it only works for ssh connections not localhost stackoverflow.com/questions/26677064/… For localhost I've worked around it by using EC2's Userdata to pre-add the group before my first login.
-
Hermann Schwarz over 4 years
su - your_login
is the most elegant and simple way. -
Sam Johnson about 4 yearsonly thing that worked for me trying to get docker to work without restarting because I had a huge job running
-
tom about 4 yearsReally nice answer. Small correction:
sg
expects the command to be a single argument, and ignores further arguments (trysg some_group echo test
). Sosg new_group_name newgrp `id -gn`
is actually equivalent tosg new_group_name newgrp
. The reason it seems to work is that whennewgrp
is invoked with no arguments it uses the default group in /etc/passwd, which usually matches the current group. The fix is to quote the command:sg new_group_name "newgrp `id -gn`"
-
errolflynn about 4 yearsTwo notes: (1) After running this I could not open X applications in this shell [Archlinux, Surface Book 2]. (2) This only works for the current shell. Else it is a good solution.
-
Akito over 3 yearsThe best answer so far. However, if you create an error (e.g. due to providing an invalid password for the specified user) then your current shell will just close, as a result of that error.
-
Alex over 3 yearsThis is the best answer!!!
-
Frank Nocke over 3 yearsinteresting! this is one of few or the only session, that doesn not spawn a new session.
-
bitoffdev about 3 yearsOn Ubuntu 20.x, I found the stock
newgrp
command would not accept the numeric user id returned by the stockid -g
command, but it does accept the textual user name as returned byid -gn
, or alternatively$USER
in most cases. -
smac89 about 3 yearsThis only works for the current shell you're in. As soon as you exit the shell, you loose the group setting again. I ended up just logging out and back in. Much faster TBH
-
Admin almost 2 yearsWARNING: When you mistype your password, it will log you out of your current shell! Which is exactly what I came here to avoid, goddammit!
-
Admin almost 2 years@tom: if
newgrp
without arguments uses the default group, why bother withnewgrp $(id -gn)
at all?sg new_group_name newgrp
is all that is needed, correct? -
Admin almost 2 years@MestreLion: The reason for
id -gn
is to preserve the user's current group ID in the case where the current group it is not the default group. In most cases the user's current group will be their default group, and in that casesg <new_group_name> newgrp
would be fine. -
Admin almost 2 years@tom: wow, so that snippet "loads" a new group and then is careful enough to "revert" to the user's previously current group? Sweet! Wish I could upvote more. Suggestion: replace backticks with
$()
, far easier to read and also standard on most (all?) shells -
Admin almost 2 years@MestreLion: Yes (like the double-newgrp trick from Legooolas' answer). I personally prefer
$()
, but some non-POSIX shells such astcsh
don't support it (demo). I suggested an edit to fix the issue withsg
, but left the backticks to respect the author's preference.