feat: Add newgrp command (#94)

[Niloyyy]

-This PR implements the newgrp command requested in #94.

-It uses LookupAccountNameW and SetTokenInformation to modify the primary group of the process token, then spawns a new shell (%SHELL% or cmd.exe), conforming to standard POSIX-like expectations on Windows.

-It is implemented as a local workspace crate (uu_newgrp) since GNU coreutils does not natively provide it.

[Niloyyy]

@microsoft-github-policy-service agree

[lhecker]

The -c/--command arg is missing.

[lhecker]

The original newgrp command does not respect a SHELL environment variable. Where did you find this behavior?

[lionelconswork]

The original newgrp command does not respect a SHELL environment variable. Where did you find this behavior?

Cygwin/MSYS2

[lhecker]

I'm a bit conflicted on whether we should port that behavior. Other tools so far have generally followed the GNU coreutils behavior, so I would assume that newgrp would follow the util-linux behavior. But we don't have login(1), so...

[lhecker]

You don't want to change the token of newgrp but the token of the created process. I believe CreateProcessAsUserW would be the appropriate API for that.

[lionelconswork]

You don't want to change the token of newgrp but the token of the created process. I believe CreateProcessAsUserW would be the appropriate API for that.

That should be fine, because the token is then inherited by the new process.

[lhecker]

You're right, but I prefer the suggested approach because it expresses the intent better. I think it's a good idea if we treat this like Microsoft reference code to at least a certain extent. And at least conceptually speaking, newgrp does not really modify its own group, right?

I.e.:

duplicate = DuplicateTokenEx(TokenPrimary)
SetTokenInformation(duplicate, TokenPrimaryGroup)
CreateProcessAsUserW(duplicate, shell + command)

[lhecker]

Check how grep handles this. You're missing #[uucore::main(no_signals)] and should be returning an UResult<()>. Same for the function below. You can use an io::Error to GetLastError.

[mlwege]

Security: The newgrp/sg tools should ONLY allow switching to a group which is listed in TOKEN_GROUPS (read https://learn.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-token_groups) and has the SE_GROUP_ENABLED flag set.

This is what https://github.com/kofemann/ms-nfs41-client/blob/master/tests/winsg/winsg.c , SFU newgrp.exe, Cygwin newgrp.exe are doing. This prevents users from switching to a "random" group for which the admin or system didn't give them access to.

[mlwege]

IMO the tool should be aliased to sg.exe too:

SG(1)                     User Commands                     SG(1)

NAME
       sg - execute command as different group ID

SYNOPSIS
       sg [-] [group [-c ] command]

DESCRIPTION
       The sg command works similar to newgrp but accepts a
       command. The command will be executed with the /bin/sh
       shell. With most shells you may run sg from, you need to
       enclose multi-word commands in quotes. Another difference
       between newgrp and sg is that some shells treat newgrp
       specially, replacing themselves with a new instance of a
       shell that newgrp creates. This doesn't happen with sg, so
       upon exit from a sg command you are returned to your
       previous group ID.

[mlwege]

IMO also useful:
SFU newgrp.exe and winsg.exe (https://github.com/kofemann/ms-nfs41-client/blob/master/tests/winsg/winsg.c) have a -L option to list all groups from TOKEN_GROUPS which have the SE_GROUP_ENABLED flag set.
That is IMO useful in the absence of a id.exe tool.