Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: C program to kill root processes
Top Forums Programming C program to kill root processes Post 38356 by TioTony on Monday 14th of July 2003 07:26:50 PM
Old 07-14-2003
C program to kill root processes
Hello,
First let me start by saying I have searched the forum and read all the SUID stuff but it is not in the neighborhood I am looking for.

Here is the problem. We want to grant a non super-user permission to kill root processes but only if the process matches certain criteria. This particular userID is what we use to run several maintenance and data gathering scripts on our systems. The approach we have been taking is to write a C program that is owned by root with the SUID bit set for the user we want to have access to kill root processes.

The program accepts a PID and hostname. It then verifies the PID is owned by root and is a remsh to the given hostname. If it is, it will send a signal to the PID to kill it. I am on Solaris 9 and have tried usign both kill() and sigsend() with no success.

I have been reading on the web and I realize there have been some security changes in this area in the last few years. I do not see anything that would prevent this from working if the effective user is super-user.

Anyone have any ideas? If you have something similar I would love to see some code snippets, especially if you are setting the UID in the program. If anyone can give a reference stating this is not possible, that is cool to. We will explore sudo if that is the case.

Thanks,
Tony
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

kill all processes

i have a very short file that has in it a line for a find command. now, when i run this script and I kill the script later, using the ps -ef | grep scriptname. i noticed kill -9 kills the script itself but does not kill the internal find command that it gave birth to. say theres a file... (0 Replies)
Discussion started by: Terrible
0 Replies

2. Shell Programming and Scripting

Unix Kill processes

Hi guys, I am new to Unix shell scripting. Can anyone of you tell me how to kill all the processes at a time for a particular user?(No listing the process ID of each process in the kill -9 command). Thanks in Advance, -Hary (5 Replies)
Discussion started by: tadi18
5 Replies

3. Solaris

how do I kill defunct processes?

mqm 17700 16815 0 0:00 <defunct> kill -9 does not work, even as root (10 Replies)
Discussion started by: csaunders
10 Replies

4. Solaris

kill processes

how to kill the processes of aperticular user? because i have nearly 25000 process are there for perticular user. i need to kill. Please provide the information? Regards, Rajesh (3 Replies)
Discussion started by: pmrajesh21
3 Replies

5. Solaris

kill the processes seen under ptree

Hi, How to kill the processes running under ptree ? I am noticing lot of processes running under ptree with ssh ? I tried to kill with -9 option which is not working ? Thanks, Radhika. (2 Replies)
Discussion started by: radhirk
2 Replies

6. UNIX for Dummies Questions & Answers

Need help to kill parent and all of its sub processes

Hi, I am writing korn shell script. My requirement is, i have to kill the parent process and all of its child processes. Can some one please help me on this? Thanks in advance for your help.. (1 Reply)
Discussion started by: Sheethal
1 Replies

7. Shell Programming and Scripting

Kill processes

for i in 'ps -f | grep textedit' do kill $i done I wrote this but it wont work. I am trying to find processes and kill them. Any help would be welcome. (1 Reply)
Discussion started by: hawaiifiver
1 Replies

8. Shell Programming and Scripting

kill all user processes

Hi there, i've been searching all over and i thought i had understood the way i should go to kill all the processes related to a user. But i'm getting more confused then i was. By lunch time i have to make a database backup, and for that all the users shoul logout. The problem is that many users... (4 Replies)
Discussion started by: vascobrito
4 Replies

9. Shell Programming and Scripting

kill multiple processes by name

Want to kill multiple processes by name. for the example below, I want to kill all 'proxy-stagerd_copy' processes. I tried this but didn't work: >> ps -ef|grep proxy_copy root 991 986 0 14:45:34 ? 0:04 proxy-stagerd root 1003 991 0 14:45:49 ? 0:01... (2 Replies)
Discussion started by: catalinawinemxr
2 Replies

10. AIX

Kill multiple processes ran by root

Hi all, I have about 5-6 daemons specific to my application running in the background. I am trying to write a script to stop them. Usually, I run them as a non-root ID, which is fine. But for some reason the client insists on using root. I do have sudo. I just tried something like this ... (4 Replies)
Discussion started by: jeffs42885
4 Replies

LEARN ABOUT OSF1

kill

kill(2) 							System Calls Manual							   kill(2)

NAME

       kill - Sends a signal to a process or to a group of processes

SYNOPSIS

       #include <signal.h>

       int kill(
	       pid_t process,
	       int signal );

       Application  developers	may  want  to  specify an #include statement for <sys/types.h> before the one for <signal.h> if programs are being
       developed for multiple platforms. The additional #include statement is not required on Tru64 UNIX systems or by ISO  or	X/Open	standards,
       but may be required on other vendors' systems that conform to these standards.

STANDARDS

       Interfaces documented on this reference page conform to industry standards as follows:

       kill():	XSH5.0

       Refer to the standards(5) reference page for more information about industry standards and associated tags.

PARAMETERS

       Specifies the process or group of processes.  Specifies the signal. If the signal parameter is a value of 0 (the null signal), error check-
       ing is performed but no signal is sent. This can be used to check the validity of the process parameter.

DESCRIPTION

       The kill() function sends the signal specified by the signal parameter to the process or group of processes specified by the process param-
       eter.

       To  send  a signal to another process, at least one of the following must be true: The real or the saved set-user-ID of the sending process
       matches the real or effective user ID of the receiving process.	The process is trying to send the SIGCONT signal to one of  its  session's
       processes.  The calling process has root privileges.

       Processes can send signals to themselves.

       Sending	a  signal  does  not  imply that the operation is successful. All signal operations must pass the access checks prescribed by each
       enforced access control policy on the system.

       If the process parameter is greater than 0 (zero), the signal specified by the signal parameter is sent to the process that has	a  process
       ID equal to the value of the process parameter.

       If  the	process  parameter  is equal to 0 (zero), the signal specified by the signal parameter is sent to all of the processes (other than
       system processes) whose process group ID is equal to the process group ID of the sender.

       If the process parameter is equal to -1, the signal specified by the signal parameter is sent to all of the  processes  other  than  system
       processes  for  which  the process has permission to send that signal.  For example, if the effective user ID of the sender has root privi-
       leges, the signal specified by the signal parameter is sent to all of the processes other than system processes.

       If the process parameter is negative but not -1, the signal specified by the signal parameter is sent to all of the processes which have  a
       process group ID equal to the absolute value of the process parameter.

RETURN VALUES

       Upon successful completion, the kill() function returns a value of 0 (zero). Otherwise, a value of -1 is returned and errno is set to indi-
       cate the error.

NOTES

       Some applications and scripts depend on the process ID of the init program being 1 (one):  do not depend  on  it.   Instead,  use  standard
       methods, such as the ps and grep commands, to obtain all process IDs.

ERRORS

       The kill() function sets errno to the specified values for the following conditions: The signal parameter is not a valid signal number.

	      [Tru64  UNIX]  The  signal parameter is SIGKILL, SIGSTOP, SIGTSTP or SIGCONT and the process parameter is the process ID of the init
	      program.	No process or process group can be found corresponding to that specified by the process parameter.  The real or saved user
	      ID  does	not match the real or effective user ID of the receiving process, the calling process does not have appropriate privilege,
	      and the process is not sending a SIGCONT signal to one of its session's processes.  [Tru64 UNIX]	The calling process does not  have
	      appropriate privilege.

RELATED INFORMATION

       Functions: getpid(2), killpg(2), raise(3), setpgid(2), sigaction(2), sigvec(2)

       Standards: standards(5) delim off

																	   kill(2)
All times are GMT -4. The time now is 12:54 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy