Execute command as a restricted group without entering password

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
1
down vote

favorite
1












I want to prevent some apps from going to network, so I've created a no-internet group:
sudo groupadd -g 9876 no-internet

and created a script
sudo gedit /usr/bin/ni 



#!/bin/bash
sg no-internet "$1"


And added an iptable rule



#!/bin/bash
iptables -A OUTPUT -m owner --gid-owner no-internet -j DROP


Now ni my_command should run an app in a restricted mode. However, I am getting sg: failed to crypt password with previous salt: Invalid argument



How can I run an app as 'no-internet group`, without limiting my own access to LAN/WAN?



I've checked this question (claiming that requirements are contradictory)
How to switch a group without asking for a password?



But is it really so?




users




share|improve this question




















  • is user using ni in no-internet group ?
    – Archemar
    Mar 25 at 13:47










  • I am a user (admin with root rights). I want to run ni untrusted-app in order to prevent this app from talking to internet. I don't want to block my own access to internet though.
    – sixtytrees
    Mar 25 at 22:26














up vote
1
down vote

favorite
1












I want to prevent some apps from going to network, so I've created a no-internet group:
sudo groupadd -g 9876 no-internet

and created a script
sudo gedit /usr/bin/ni 



#!/bin/bash
sg no-internet "$1"


And added an iptable rule



#!/bin/bash
iptables -A OUTPUT -m owner --gid-owner no-internet -j DROP


Now ni my_command should run an app in a restricted mode. However, I am getting sg: failed to crypt password with previous salt: Invalid argument



How can I run an app as 'no-internet group`, without limiting my own access to LAN/WAN?



I've checked this question (claiming that requirements are contradictory)
How to switch a group without asking for a password?



But is it really so?




users




share|improve this question




















  • is user using ni in no-internet group ?
    – Archemar
    Mar 25 at 13:47










  • I am a user (admin with root rights). I want to run ni untrusted-app in order to prevent this app from talking to internet. I don't want to block my own access to internet though.
    – sixtytrees
    Mar 25 at 22:26












up vote
1
down vote

favorite
1









up vote
1
down vote

favorite
1






1





I want to prevent some apps from going to network, so I've created a no-internet group:
sudo groupadd -g 9876 no-internet

and created a script
sudo gedit /usr/bin/ni 



#!/bin/bash
sg no-internet "$1"


And added an iptable rule



#!/bin/bash
iptables -A OUTPUT -m owner --gid-owner no-internet -j DROP


Now ni my_command should run an app in a restricted mode. However, I am getting sg: failed to crypt password with previous salt: Invalid argument



How can I run an app as 'no-internet group`, without limiting my own access to LAN/WAN?



I've checked this question (claiming that requirements are contradictory)
How to switch a group without asking for a password?



But is it really so?




users




share|improve this question












I want to prevent some apps from going to network, so I've created a no-internet group:
sudo groupadd -g 9876 no-internet

and created a script
sudo gedit /usr/bin/ni 



#!/bin/bash
sg no-internet "$1"


And added an iptable rule



#!/bin/bash
iptables -A OUTPUT -m owner --gid-owner no-internet -j DROP


Now ni my_command should run an app in a restricted mode. However, I am getting sg: failed to crypt password with previous salt: Invalid argument



How can I run an app as 'no-internet group`, without limiting my own access to LAN/WAN?



I've checked this question (claiming that requirements are contradictory)
How to switch a group without asking for a password?



But is it really so?





users





share|improve this question











share|improve this question




share|improve this question










asked Mar 25 at 2:39









sixtytrees

1062




1062











  • is user using ni in no-internet group ?
    – Archemar
    Mar 25 at 13:47










  • I am a user (admin with root rights). I want to run ni untrusted-app in order to prevent this app from talking to internet. I don't want to block my own access to internet though.
    – sixtytrees
    Mar 25 at 22:26
















  • is user using ni in no-internet group ?
    – Archemar
    Mar 25 at 13:47










  • I am a user (admin with root rights). I want to run ni untrusted-app in order to prevent this app from talking to internet. I don't want to block my own access to internet though.
    – sixtytrees
    Mar 25 at 22:26















is user using ni in no-internet group ?
– Archemar
Mar 25 at 13:47




is user using ni in no-internet group ?
– Archemar
Mar 25 at 13:47












I am a user (admin with root rights). I want to run ni untrusted-app in order to prevent this app from talking to internet. I don't want to block my own access to internet though.
– sixtytrees
Mar 25 at 22:26




I am a user (admin with root rights). I want to run ni untrusted-app in order to prevent this app from talking to internet. I don't want to block my own access to internet though.
– sixtytrees
Mar 25 at 22:26










1 Answer
1






active

oldest

votes

















up vote
0
down vote













user running sg command must be the group being sued uppon.



here I belong to www-data group



archemar@unix:~$ id
uid=1003(archemar) gid=1002(stackexchange) groups=1002(stackexchange),27(sudo),33(www-data)


sg goes OK



archemar@unix:~$ sg www-data id
uid=1003(archemar) gid=33(www-data) groups=33(www-data),27(sudo),1002(stackexchange)


my gid is www-data



Now, I don't belong to ntp group



archemar@unix:~$ sg ntp id
Password:
sg: failed to crypt password with previous salt: Invalid argument





share|improve this answer




















    Your Answer







    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "106"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    convertImagesToLinks: false,
    noModals: false,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );








     

    draft saved


    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f433360%2fexecute-command-as-a-restricted-group-without-entering-password%23new-answer', 'question_page');

    );

    Post as a guest

















    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    0
    down vote













    user running sg command must be the group being sued uppon.



    here I belong to www-data group



    archemar@unix:~$ id
    uid=1003(archemar) gid=1002(stackexchange) groups=1002(stackexchange),27(sudo),33(www-data)


    sg goes OK



    archemar@unix:~$ sg www-data id
    uid=1003(archemar) gid=33(www-data) groups=33(www-data),27(sudo),1002(stackexchange)


    my gid is www-data



    Now, I don't belong to ntp group



    archemar@unix:~$ sg ntp id
    Password:
    sg: failed to crypt password with previous salt: Invalid argument





    share|improve this answer
























      up vote
      0
      down vote













      user running sg command must be the group being sued uppon.



      here I belong to www-data group



      archemar@unix:~$ id
      uid=1003(archemar) gid=1002(stackexchange) groups=1002(stackexchange),27(sudo),33(www-data)


      sg goes OK



      archemar@unix:~$ sg www-data id
      uid=1003(archemar) gid=33(www-data) groups=33(www-data),27(sudo),1002(stackexchange)


      my gid is www-data



      Now, I don't belong to ntp group



      archemar@unix:~$ sg ntp id
      Password:
      sg: failed to crypt password with previous salt: Invalid argument





      share|improve this answer






















        up vote
        0
        down vote










        up vote
        0
        down vote









        user running sg command must be the group being sued uppon.



        here I belong to www-data group



        archemar@unix:~$ id
        uid=1003(archemar) gid=1002(stackexchange) groups=1002(stackexchange),27(sudo),33(www-data)


        sg goes OK



        archemar@unix:~$ sg www-data id
        uid=1003(archemar) gid=33(www-data) groups=33(www-data),27(sudo),1002(stackexchange)


        my gid is www-data



        Now, I don't belong to ntp group



        archemar@unix:~$ sg ntp id
        Password:
        sg: failed to crypt password with previous salt: Invalid argument





        share|improve this answer












        user running sg command must be the group being sued uppon.



        here I belong to www-data group



        archemar@unix:~$ id
        uid=1003(archemar) gid=1002(stackexchange) groups=1002(stackexchange),27(sudo),33(www-data)


        sg goes OK



        archemar@unix:~$ sg www-data id
        uid=1003(archemar) gid=33(www-data) groups=33(www-data),27(sudo),1002(stackexchange)


        my gid is www-data



        Now, I don't belong to ntp group



        archemar@unix:~$ sg ntp id
        Password:
        sg: failed to crypt password with previous salt: Invalid argument






        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Mar 26 at 7:37









        Archemar

        18.9k93366




        18.9k93366






















             

            draft saved


            draft discarded


























             


            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f433360%2fexecute-command-as-a-restricted-group-without-entering-password%23new-answer', 'question_page');

            );

            Post as a guest
































































            -

            Popular posts from this blog

            Peggy Mitchell

            Image
            EastEnders character This article is about the soap opera character. For the British tennis player, see Peggy Michell. For the author, see Margaret Mitchell. Peggy Mitchell Barbara Windsor as Peggy Mitchell (2008) EastEnders character Portrayed by Jo Warne (1991) Barbara Windsor (1994–2016) Duration 1991, 1994–2010, 2013–2016 First appearance Episode 650 30 April 1991  ( 1991-04-30 ) Last appearance Episode 5286 17 May 2016  ( 2016-05-17 ) (appearance) Episode 5287 19 May 2016 (voiceover) Introduced by Michael Ferguson (1991) Barbara Emile (1994) Louise Berridge (2004) Kate Harwood (2005) Lorraine Newman (2013) Dominic Treadwell-Collins (2014) Spin-off appearances The Mitchells - Naked Truths (1998) Classification Former; regular Profile Other names Peggy Butcher Occupation Barmaid Businesswoman Pub landlady Jo Warne as Peggy Mitchell (1991) Family Family Mitchell Father Jack Martin Mother Lily Martin Sisters Aunt ...
            Read more

            Palaiologos

            Image
            Palaiologos Παλαιολόγος Palaeologus, Palaeologue Imperial Family Double-headed eagle with the family cypher Country Byzantine Empire, Duchy of Montferrat (remaining lineage after Empire annexed by Ottomans) Founded 11th century  ( 11th century ) Founder Nikephoros Palaiologos (first known) Final ruler Constantine XI Palaiologos (Byzantine Empire) Margaret Paleologa (Montferrat) Titles Byzantine Emperor Marquess of Montferrat Style(s) "Augustus" "Basileus" "Autokrator" Traditions Greek Orthodoxy (predominantly) Roman Catholicism (remaining lineage in Montferrat) Dissolution 1533  ( 1533 ) Cadet branches Claimants: House of Kastrioti (defunct) House of Rurik (defunct) Palaiologan dynasty Chronology Michael VIII 1259–1282 with Andronikos II as co-emperor, 1261–1282 Andronikos II 1282–1328 with Michael IX (1294–1320) and Andronikos III (1321–1328) as co-emperors Andronikos III 1328–1341 John...
            Read more

            The Forum (Inglewood, California)

            Image
            The Forum "LA Forum" Prairie Ave. façade of The Forum in 2014 Full name The Forum, presented by Chase Former names The Forum (1967–1988) Great Western Forum (1988–2003) Address 3900 W. Manchester Blvd Location Inglewood, California Coordinates Coordinates: 33°57′29″N 118°20′31″W  /  33.95806°N 118.34194°W  / 33.95806; -118.34194 Public transit     Downtown Inglewood station Owner The Madison Square Garden Company Operator MSG Entertainment Seating type Reserved Capacity 17,500 Half-bowl: 8,000 Construction Broke ground July 1, 1966  ( 1966-07-01 ) Opened December 30, 1967  ( 1967-12-30 ) Renovated 1988, 2012–2014 Construction cost $16 million Renovation: 2014: $76.5 million Architect Charles Luckman Associates (original) Brisbin Brook Beynon (renovation) Structural engineer Johnson & Nielsen Associates (original) Severud Associates (renovation) Genera...
            Read more