topic Re: Killing users in Operating System - HP-UX

Killing users

Vibert Hart — Thu, 05 Jul 2001 12:04:54 GMT

I have been allowing my Operators to kill users through restricted SAM for the past few months, but it now fail when they use their login. It seem to only work when I login as root and execute kill -9 or through sam. The permissions are OK on the kill script. What them?

Re: Killing users

vtpaulson — Thu, 05 Jul 2001 13:26:59 GMT

Hi

Use scmd command instead....Its very simple to configure....

You can see the man page or docs.hp.com for more details...

Re: Killing users

A. Clay Stephenson — Thu, 05 Jul 2001 13:44:21 GMT

Hi,

However you kill processes, you should only use
kill -9 as a weapon of absolute last resort. Kill -9 does not cleanup and leaves shared memory segments and other IPC structures hanging around among other bad things. Start with kill -15, then kill -1, then kill -2. If those fail do a kill -11. Kill -11 is almost as sure a kill as kill -9 but does cleanup.

Regards, Clay

Re: Killing users

Vibert Hart — Thu, 05 Jul 2001 14:01:26 GMT

I am using HP-UX 10.20, I cannot find the command scmd, neither a man of it.

Re: Killing users

Vibert Hart — Thu, 05 Jul 2001 14:19:38 GMT

I tried all the suggestions but none of the kill options worked, I am still getting "permission denied". Some how I feel it's some file that is to written to does not have the right permissions.

Need futher help?

Thanks
Vibert

Re: Killing users

Jared Westgate_1 — Thu, 05 Jul 2001 17:47:17 GMT

Hello Vibert,

Has this ever worked? Just to confirm what you're doing:

1. a non-root user is logging in
2. they try to kill a session they don't own
3. an "permission denied" error is returned.

If I understand correctly, unless you are root, you can only kill processes that you own.

Is the error you are receiving like this?
kill: : Permission denied.

If it is, then it is the kill command that saying you don't have permission to kill someone else's process.

Hope this helps,

Jared

Re: Killing users

A. Clay Stephenson — Thu, 05 Jul 2001 17:53:38 GMT

Hi:

You can use sudo to allow a process (including kill) to run as root.
Use this link: http://hpux.cs.utah.edu/hppd/hpux/Sysadmin/sudo-1.6.2b1/

Normally, it is a very bad thing to allow non-root users to kill another user's process. The bad news, it that they could kill init, cron,
inetd, and other vital processes.

Clay

Re: Killing users

Vibert Hart — Thu, 05 Jul 2001 18:36:27 GMT

Jared:
The thing is that it was working before and is working on another of my servers. Besides the Operators are doing this through restricted SAM.

Clay:

I really don't want to use a third party tool for this

Thanks
Vibert

Re: Killing users

Mark Vollmers — Thu, 05 Jul 2001 18:45:07 GMT

If it was working before, and works on other servers, you might want to consider the very real possibility that one of the operators actually did take out some important file that is now affecting SAM or the kill command. If your servers are all the same, maybe you could compare them to see if there are any missing files. Just a thought.

Mark

Re: Killing users

Mark Vollmers — Thu, 05 Jul 2001 19:20:03 GMT

Also, have you rebooted since it stopped working? If a needed process was killed, rebooting will get it back up and running.

Mark

Re: Killing users

Vibert Hart — Thu, 05 Jul 2001 20:30:15 GMT

Tried all of the above, none worked.

Re: Killing users

Paula J Frazer-Campbell — Fri, 06 Jul 2001 06:30:00 GMT

Hi
If it worked before and does not now then changes have been made.

As said before have your operators deleted/changed SAM files?

Has the passwd file been changed?
Do a diff against your backup passwd -
You do have one I hope.

Do a full backup and then go to a last known good ignite backup and recover to that, does it now work? If so what has changed.

HTH

Paula

Re: Killing users

Vincent Stedema — Fri, 06 Jul 2001 06:54:41 GMT

Hi,

Can you please post the output of

samlog_viewer -u -l V -n

Regards,

Vincent

Re: Killing users

Alexander M. Ermes — Fri, 06 Jul 2001 07:20:54 GMT

Hi there.
Perhaps this script can help :

----------------------------------------------
script accessible by users
( /usr/local/bin/kill_em.sh ) :

#!/bin/sh
# this should kill off those goners who shut of their PC's
# in an not-so-ok fashion......
#
# rm /usr/tmp/kill_em
tput clear
echo "Please enter User-Id ! "
read userid
export userid
echo "exec >> /var/tmp/kill_proc.log 2>&1" >> /var/tmp/kill_em1.sh
ps -ef | grep ${userid} | grep -v daemon | grep -v root

--------------------------------------------
and add this line to the crontab of root

00,5,10,15,20,25,30,35,40,45,50,55 * * * * /usr/local/bin/kill_proc1.sh

---------------------------------------------
this is the script started by crontab of root
( /usr/local/bin/kill_proc1.sh )
#!/bin/sh
# this should kill off those goners who shut of their PC's
# in an not-so-ok fashion......
#
touch /var/tmp/kill_em1.sh
chmod 777 /var/tmp/kill_em1.sh
/var/tmp/kill_em1.sh
rm /var/tmp/kill_em1.sh

------------------------------------------

Rgds
Alexander M. Ermes

Re: Killing users

Alexander M. Ermes — Fri, 06 Jul 2001 07:38:00 GMT

Hi there.
Sorry, first script is not complete and wrong name
should be
--------------------------------------------
/usr/local/bin/kill_proc.sh

#!/bin/sh
# this should kill off those goners who shut of their PC's
# in an not-so-ok fashion......
#
# rm /usr/tmp/kill_em
tput clear
echo "Please enter User-Id ! "
read userid
export userid
echo "exec >> /var/tmp/kill_proc.log 2>&1" >> /var/tmp/kill_em1.sh
ps -ef | grep ${userid} | grep -v daemon | grep -v root |
sort| awk '{print "kill -9 " $2}' >> /var/tmp/kill_em1.sh
chmod 777 /var/tmp/kill_em1.sh
---------------------------------------------
Rgds
Alexander M. Ermes

Re: Killing users

John Waller — Fri, 06 Jul 2001 11:09:27 GMT

Did the permission of your kill script have a sticky bit on the user bit e.g -rwsr-xr-x. Also another possible answer, have you installed any patches which may have tightend a security loop hole. Some commands could be run by writting a script then have the SETUID set , but the commands they ran changed to look at the real and not effective User ID , e.g.the mount command was one which has effected me in the past.