[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

SSH cycle process, bound to current user not process ID 1, if I su - user1, su - root then the process is bound to process id 1

Posted on 2004-11-18
10
Medium Priority
?
395 Views
Last Modified: 2013-12-23
Hi,

1) I connect to my server as ROOT using SSH, and cycle a process, the process the is bound to my current shell. (Don't want this)
2) If I connect using RSH, cycle a process it is bound to process ID 1 (which is how it is supposed to work)
3) If I connect using SSH, su - someuser, then from that user su - root, I can cycle the process and it is bound to process id 1 (Want)

What do I need to add to my environment to have it work with /bin/sh ? If I change my default shell to /bin/csh it also resolves it, however I need /bin/sh for other reasons...
0
Comment
Question by:java_programmer
  • 4
  • 4
9 Comments
 
LVL 62

Expert Comment

by:gheist
ID: 12628905
1) is completely insecure
2) -"-
3) I do not understand

What do you mean by "bound" ???? - are you binding keys for line editor ??? or binding address to socket ???

What is that IT taht has to work with sh ???

If you add #!/bin/sh at the beginning of script it works with /bin/sh, even when you use csh as shell, changing via chsh or chfn.
0
 
LVL 2

Author Comment

by:java_programmer
ID: 12629065
SSH is quite secure . This posting is not to argue about security.

When I say bound I am talking about being bound to a process (the owning process) (do a ps),  when I say it is bound to SH, when my process restarts, instead of it's parent process being 1 (system) it is the current sh (shell) process.
0
 
LVL 62

Expert Comment

by:gheist
ID: 12629392
then this simply is parent process, all works as expected....
PPID of 1 means that process has no parent in interpretation of your system

"set +m" disables sh's job control.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 10

Accepted Solution

by:
Nukfror earned 2000 total points
ID: 12636166
You didn't mention what flavor of *nix you are using.  So I'll discuss Solaris and how it works ... maybe other *nix's are similar.

On Solaris, sh doesn't understand job control.  As such, when a parent forks off a child process its in the same process group as the parent process.  In Solaris, signals are propegated to *all* processes within a process group.  You can see this by playing with sh in an xterm window.  Just fork off a child process that doesn't do anything but loop or something - don't use nohup when forking it to background.  Then in the parent process press <CNTRL>-C, the child process should die - but wait, you did this in the parent process and the child process died !!  Ahhh signal propegation.

Using nohup can sometimes allow a child process to survive when the parent sh process dies - but don't count on it.

On Solaris, You should always use a shell that understands job control (jsh, csh, ksh, bash) and use nohup when forking to background.

<on my soap box>
On one project I was called into, they were using root to startup BEA Weblogic - basically start script did a su to the BEA login to start things up - but the login used sh as the default shell.  They had to do some really CRAZY script hacks so that Weblogic wouldn't die when the su parent process went away.  My 5 second fix - change the default shell to ksh.  Problem disappeared and all the complicated don't-let-the-process-die-script logic was taken out.  8 hour minimum at $200/hr and travel expenses because they wouldn't believe me over the phone.
</on my soap box>
0
 
LVL 2

Author Comment

by:java_programmer
ID: 12644363
Hi,

the set +m does nothing .. I am using SCO Unixware 7.1.0 and 7.1.3

The "work around" is to either switch to a different shell (csh for example) or to su - someuser, then su - root then it works (with the same default shell you connect as)

The way our application works, is that I send a message to a "process manager" via IPCS queues, so in theory, I no not physicially start the process, so it gets restarted, again it is indirect.

If I rsh in, it all works ...  if I telnet in , as some user and su to ROOT it works.. what I do not understand is why ssh is giving me a problem, it has to be something specific to the way ssh is creating the initial environment ...

so it comes back down to something weird. Any other ideas?

Thanks,
Derek
0
 
LVL 62

Expert Comment

by:gheist
ID: 12645146
ssh does not use /sbin/login
you cna force it to use that login, but that will posibly cause problems.
0
 
LVL 2

Author Comment

by:java_programmer
ID: 12645204
so when I su - root, it uses /sbin/login?
0
 
LVL 62

Expert Comment

by:gheist
ID: 12648330
maybe

read "man login su" to find out.


0
 
LVL 2

Author Comment

by:java_programmer
ID: 12843467
Personally I feel that no one has supplied a satifactory answer to my issue. however I will award someone some points since I am forced to
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question