Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: C program to kill root processes
Top Forums Programming C program to kill root processes Post 38356 by TioTony on Monday 14th of July 2003 07:26:50 PM
Old 07-14-2003
C program to kill root processes
Hello,
First let me start by saying I have searched the forum and read all the SUID stuff but it is not in the neighborhood I am looking for.

Here is the problem. We want to grant a non super-user permission to kill root processes but only if the process matches certain criteria. This particular userID is what we use to run several maintenance and data gathering scripts on our systems. The approach we have been taking is to write a C program that is owned by root with the SUID bit set for the user we want to have access to kill root processes.

The program accepts a PID and hostname. It then verifies the PID is owned by root and is a remsh to the given hostname. If it is, it will send a signal to the PID to kill it. I am on Solaris 9 and have tried usign both kill() and sigsend() with no success.

I have been reading on the web and I realize there have been some security changes in this area in the last few years. I do not see anything that would prevent this from working if the effective user is super-user.

Anyone have any ideas? If you have something similar I would love to see some code snippets, especially if you are setting the UID in the program. If anyone can give a reference stating this is not possible, that is cool to. We will explore sudo if that is the case.

Thanks,
Tony
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

kill all processes

i have a very short file that has in it a line for a find command. now, when i run this script and I kill the script later, using the ps -ef | grep scriptname. i noticed kill -9 kills the script itself but does not kill the internal find command that it gave birth to. say theres a file... (0 Replies)
Discussion started by: Terrible
0 Replies

2. Shell Programming and Scripting

Unix Kill processes

Hi guys, I am new to Unix shell scripting. Can anyone of you tell me how to kill all the processes at a time for a particular user?(No listing the process ID of each process in the kill -9 command). Thanks in Advance, -Hary (5 Replies)
Discussion started by: tadi18
5 Replies

3. Solaris

how do I kill defunct processes?

mqm 17700 16815 0 0:00 <defunct> kill -9 does not work, even as root (10 Replies)
Discussion started by: csaunders
10 Replies

4. Solaris

kill processes

how to kill the processes of aperticular user? because i have nearly 25000 process are there for perticular user. i need to kill. Please provide the information? Regards, Rajesh (3 Replies)
Discussion started by: pmrajesh21
3 Replies

5. Solaris

kill the processes seen under ptree

Hi, How to kill the processes running under ptree ? I am noticing lot of processes running under ptree with ssh ? I tried to kill with -9 option which is not working ? Thanks, Radhika. (2 Replies)
Discussion started by: radhirk
2 Replies

6. UNIX for Dummies Questions & Answers

Need help to kill parent and all of its sub processes

Hi, I am writing korn shell script. My requirement is, i have to kill the parent process and all of its child processes. Can some one please help me on this? Thanks in advance for your help.. (1 Reply)
Discussion started by: Sheethal
1 Replies

7. Shell Programming and Scripting

Kill processes

for i in 'ps -f | grep textedit' do kill $i done I wrote this but it wont work. I am trying to find processes and kill them. Any help would be welcome. (1 Reply)
Discussion started by: hawaiifiver
1 Replies

8. Shell Programming and Scripting

kill all user processes

Hi there, i've been searching all over and i thought i had understood the way i should go to kill all the processes related to a user. But i'm getting more confused then i was. By lunch time i have to make a database backup, and for that all the users shoul logout. The problem is that many users... (4 Replies)
Discussion started by: vascobrito
4 Replies

9. Shell Programming and Scripting

kill multiple processes by name

Want to kill multiple processes by name. for the example below, I want to kill all 'proxy-stagerd_copy' processes. I tried this but didn't work: >> ps -ef|grep proxy_copy root 991 986 0 14:45:34 ? 0:04 proxy-stagerd root 1003 991 0 14:45:49 ? 0:01... (2 Replies)
Discussion started by: catalinawinemxr
2 Replies

10. AIX

Kill multiple processes ran by root

Hi all, I have about 5-6 daemons specific to my application running in the background. I am trying to write a script to stop them. Usually, I run them as a non-root ID, which is fine. But for some reason the client insists on using root. I do have sudo. I just tried something like this ... (4 Replies)
Discussion started by: jeffs42885
4 Replies

LEARN ABOUT OSX

kill

KILL(2) 						      BSD System Calls Manual							   KILL(2)

NAME

     kill -- send signal to a process

SYNOPSIS

     #include <signal.h>

     int
     kill(pid_t pid, int sig);

DESCRIPTION

     The kill() function sends the signal specified by sig to pid, a process or a group of processes.  Typically, Sig will be one of the signals
     specified in sigaction(2).  A value of 0, however, will cause error checking to be performed (with no signal being sent).	This can be used
     to check the validity of pid.

     For a process to have permission to send a signal to a process designated by pid, the real or effective user ID of the receiving process must
     match that of the sending process or the user must have appropriate privileges (such as given by a set-user-ID program or the user is the
     super-user).  A single exception is the signal SIGCONT, which may always be sent to any descendant of the current process.

     If pid is greater than zero:
	     Sig is sent to the process whose ID is equal to pid.

     If pid is zero:
	     Sig is sent to all processes whose group ID is equal to the process group ID of the sender, and for which the process has permission;
	     this is a variant of killpg(2).

     If pid is -1:
	     If the user has super-user privileges, the signal is sent to all processes excluding system processes and the process sending the
	     signal.  If the user is not the super user, the signal is sent to all processes with the same uid as the user, excluding the process
	     sending the signal.  No error is returned if any process could be signaled.

     For compatibility with System V, if the process number is negative but not -1, the signal is sent to all processes whose process group ID is
     equal to the absolute value of the process number.  This is a variant of killpg(2).

RETURN VALUES

     Upon successful completion, a value of 0 is returned.  Otherwise, a value of -1 is returned and errno is set to indicate the error.

ERRORS

     Kill() will fail and no signal will be sent if:

     [EINVAL]		Sig is not a valid, supported signal number.

     [EPERM]		The sending process is not the super-user and its effective user id does not match the effective user-id of the receiving
			process.  When signaling a process group, this error is returned if any members of the group could not be signaled.

     [ESRCH]		No process or process group can be found corresponding to that specified by pid.

     [ESRCH]		The process id was given as 0, but the sending process does not have a process group.

SEE ALSO

     getpgrp(2), getpid(2), killpg(2), sigaction(2)

STANDARDS

     The kill() function is expected to conform to IEEE Std 1003.1-1988 (``POSIX.1'').

4th Berkeley Distribution					  April 19, 1994					 4th Berkeley Distribution
All times are GMT -4. The time now is 05:00 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy