Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

kill processes of another user

Posted on 2001-08-30
17
Medium Priority
?
348 Views
Last Modified: 2013-12-26
We have multiple users.  For example "crt100", "crt101", "crt102".  We need to have user "crt100"  kill any running processes associated with "crt101" and "crt102".  Do you have any suggestions?  I can't just change them all to be "root" in /etc/passwd because then I loose the true user ID that I need for other things.
0
Comment
Question by:dorinda
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 3
  • +2
17 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6442636
ps aux|awk '($1=="ah"){print "kill -9 "$2}'|sh
# or (depending on your OS)
ps -ef|awk '($1=="ah"){print "kill -9 "$2}'
0
 

Author Comment

by:dorinda
ID: 6442652
Could you explain what your doing.  I am familiar with the ps -ef, and pipe, but what/how are is "crt100" able to kill "crt102" processes?
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6442668
oops, please replace "ah" by "crt100", was typo, sorry
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:dorinda
ID: 6442711
What is in $2
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6442729
$2 in awk's input should be PID (produced by ps)
0
 
LVL 4

Expert Comment

by:newmang
ID: 6442955
ahoffmann

I understand your code but how can a user kill a task he does not own. Unless the user is root then he cannot kill tasks other than his own. At least this is the case on all the Unixes I administer (Solaris / AIX / Linux).

dorinda

You face a dilemma here. You can grant each user root access by changing their UID/GID in /etc/passwd to 0 (this is what gives the user root priveleges not the name of the account) but this is VERY dangerous to do as it destroys any concept of security in your system. It is not the way to go!

I suspect the best way out of this is to write a program that the user can invoke which would examine the task that the user wants to kill, check that it is a task invoked by another user, not root, and the kill that task. This program would be made setuid so it operates as a root authority program thus temporarily granting a non-root user the power of root just to do this particular function.

This is the method employed by the passwd program which allows non root users to update the password files which are not accessible by non-root users.

Cheers - Gavin
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6444415
newmang, you're right: must be done by root. That's obvious, so I didn't mention it, simle use my commands as follows:
   su root -c "command from previous comment"
(keep in mind to excape " inside su)

dorinda,
to allow crt100 to kill processes of user crt101 (and vice versa), you may use rsh (or better ssh) and do what you like.
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6445121
Another good solution here is sudo, which lets you specify exactly who's allowed to do what to whom.
0
 
LVL 4

Expert Comment

by:newmang
ID: 6449377
ahoffmann

Surely if you invoke su root -c "command" then the user has to know the root password thereby still bypassing security.

sudo could do the job but if you give sudo access to the kill command then there is nothing to stop the user from accidentally or maliciously killing a process you don't really want killed - such as a system process.

If you create a script and then let the user use sudo to run that then you have the security problems associated with running scripts under root access.

I still think that a carefully written setuid program would be the answer as it addresses both the root problem and the ability of the user to do things you would rather not allow them to do while they have temporary root access.

Cheers - Gavin
0
 
LVL 5

Expert Comment

by:Droby10
ID: 6451889
you could write a wrapper to perform the necessary checks on the process prior to killing it, then allow the user to run the wrapper with sudo.

0
 

Author Comment

by:dorinda
ID: 6453509
I agree that setting the UID to root is not a good solution that is the reason I posted the question.  I guess I need more info on "sudo"  since I am not familiar with using that.  Or does anyone have a "wrapper" to change the setuid temporary so that the user can kill a process?
0
 
LVL 5

Expert Comment

by:Droby10
ID: 6454030
i think i wasn't as clear as i could have been.  the wrapper i was refering to was not a setuid wrapper. (sudo takes care of that)  i just meant a binary/script component that encapsulates the call to kill.

if you set the script with run only permissions for root and add the desired users to run that script within sudo then the script will execute as root and allow them access to kill...it's no different that running kill under sudo except that you can create your own checks and balances on what processes can and can't be killed prior to sending the actual signal.
0
 

Author Comment

by:dorinda
ID: 6454164
How do you use sudo?  I tried doing a man page on sudo but it didn't come back with anything.  I am using AT&T Unix System 5
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6454557
nothing to say against sudo, but setting up rsh/ssh would be a quick solution too.
0
 
LVL 4

Expert Comment

by:newmang
ID: 6454960
SUDO is not a standard part of Unix - you would have to load it down from the net and install it.

Droby10's suggestion about creating a script executable by root and then allowing certain users to run it unser sudo exposes a security weakness in that once the user is executing the shell script under sudo (as root) they can break out of the script and then they become a root user and can do what they like on the system (rm -rf / springs to mind!)

The problems inherent with such processes are the reasons why I suggested a c program to tackle the problem, this gives you control over what the user can do as long as the program is well written and assumes root capabilities for as short a time as possibel within the code.

Cheers - Gavin
0
 

Author Comment

by:dorinda
ID: 6471829
Does anyone have a "C" routine that will do this?
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 1000 total points
ID: 6472468
system("ps -ef|awk '($1==\"crt101\"){print \"kill -9 \"$2}|sh'");
/*  :-))  */
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I'll describe -- and show pictures of -- some of the significant additions that have been made available to programmers in the MFC Feature Pack for Visual C++ 2008.  These same feature are in the MFC libraries that come with Visual …
Introduction: Finishing the grid – keyboard support for arrow keys to manoeuvre, entering the numbers.  The PreTranslateMessage function is to be used to intercept and respond to keyboard events. Continuing from the fourth article about sudoku. …
This video will show you how to get GIT to work in Eclipse.   It will walk you through how to install the EGit plugin in eclipse and how to checkout an existing repository.
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question