- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Limiting "sudo kill" to killing only user proc...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-21-2011 09:06 AM
07-21-2011 09:06 AM
Re: Limiting "sudo kill" to killing only user processes
Apparently I should have asked this way back at the beginning of this, but do you really want general users to be able to kill of the process of other general users? I think you may end up with a revolt on your hands.
If not, then why re-write what the kill command itself already restricts them to? As is, they can kill their own processes.
Pete
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-21-2011 09:31 AM
07-21-2011 09:31 AM
Re: Limiting "sudo kill" to killing only user processes
@TheJuiceman wrote:Just one last piece.....is there a way to prevent wildcards? ... Is there a way to restrict the input to accept only numerical entries and no wildcards?
Hi:
You might use this as an intialization step to valid and otherwise reduce the input arguments to only numeric values:
#!/bin/sh typeset LIST='' for PID in $@ do if [ $(expr "${PID}" : '[0-9]*') -ne $(expr "${PID}" : '.*') ]; then echo "PID value = '${PID}' is invalid" else LIST=$(echo ${LIST} ${PID}) fi done echo "Using: ${LIST}" exit 0
This would look like:
./pidlist 123 456 a 7fff 7890 PID value = 'a' is invalid PID value = '7fff' is invalid Using: 123 456 7890
Regards!
...JRF...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-21-2011 10:24 AM
07-21-2011 10:24 AM
SolutionThank you for the help everyone!!!
I have a script that looks like it would work. The reason for the need for such a script is for some developers. They occassionally will need to kill a user process when testing or troubleshooting. This will allow them to do it without putting the system in harms way.
The group ID that is applicable to what is needed is "20". Below is what has been assembled by your contributions:
#!/usr/bin/sh
for pid in $*; do
if [ $(expr "${pid}" : '[0-9]*') -ne $(expr "${pid}" : '.*') ]; then
echo "Variable constraint is invalid. "
echo "You must use a numeric process ID with this command" && exit
fi
ps -p $pid >/dev/null 2>&1
[[ $? != 0 ]] && echo "Process doesn't exist: $pid" && continue
gid=$(UNIX95=EXTENDED_PS ps -p $pid -ogid= )
if [ $gid != "20" ]; then
echo "Cannot kill system process: $pid" 2>&1
continue
fi
kill $pid
done
Testing by echoing the $pid and trying various possible variables looks promising. I have it terminating if it picks up a non-numeric entry, which seems to work better than letting it continue. What do you all think? See any problems or gotchas?
Thanks again for your help!!!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-21-2011 11:00 AM
07-21-2011 11:00 AM
Re: Limiting "sudo kill" to killing only user processes
@TheJuiceman wrote:Thank you for the help everyone!!!
I have a script that looks like it would work.
Below is what has been assembled by your contributions:
What do you all think? See any problems or gotchas?
Hi (again):
This looks reasonable. Instead of :
[[ $? != 0 ]] && echo "Process doesn't exist: $pid" && continue
...my preference (in part for clarity) would be:
[[ $? != 0 ]] && { echo "Process doesn't exist: ${pid}"; continue; }
Regards!
...JRF...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-21-2011 05:54 PM
07-21-2011 05:54 PM
Re: Limiting "sudo kill" to killing only user processes
And one last refinement:
[[ $? != 0 ]] ...
vs
[[ $? -ne 0 ]] ...
The comparison != is for strings, while -ne is for numbers. For simple cases like this, the two methods produce the same results. But consider magnitude comparisons where 12 is less than 9 when comparing strings. By using the numeric comparisons (-lt -le -eq -gt -ge -ne) errors with variables that have non-numeric characters will be caught rather than producing an unpredictable result.
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-22-2011 03:59 AM - edited 07-22-2011 02:03 PM
07-22-2011 03:59 AM - edited 07-22-2011 02:03 PM
Re: Limiting "sudo kill" to killing only user processes
>Is there a way to restrict the input to accept only numerical entries and no wildcards?
The script has no idea if there were wildcards but it can validate the input.
You could use pattern matching to check:
if [[ "$pid" != [0-9][0-9]* ]]; then
echo "Invalid PID: $pid"
continue
fi
And you can optimize the pattern match with:
if [[ "$pid" != +([0-9]) ]]; then
>The comparison != is for strings, while -ne is for numbers.
Right. If you like != so much, you can always use:
(( $? != 0 ))
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-22-2011 09:30 AM
07-22-2011 09:30 AM
Re: Limiting "sudo kill" to killing only user processes
- « Previous
- Next »