Re: Allowing a script to kill a process

Tony Nugent (tony@trishul.sci.gu.edu.au)
Sun, 17 Nov 1996 14:23:47 +1000

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jeff Lightfoot: "Nagle Algorithm aggrivations"

Apparently Richard J. Sears <rsears@webcc.net> asked, and
David H Dennis <david@amazing.com> replied:

[Sorry, I haven't seen the original message from Richard.]

> > My thought was to create a script like this one:
> > (Called kill.ra)
> >
> > #!/bin/bash
> > kill `ps -x | grep -w lta | cut -c1-6`
> > /etc/restart.ra

Did you try this in parts to see what the output would be?
It's obviously not what you are expecting.

Ok, let me explain. (However, I've got no idea what `lta' is...)

% ps -x | grep -w lta
PID TTY STAT TIME COMMAND
14511 ? S 0:01 lta
30297 4 S 0:00 grep -w lta

Assuming that you've only got one `lta' process running, you'll
actually "capture" the actual `grep' command that you are using to
search for your other process! Doh! Catch-22.

So, how to cope with this probem?

Try doing it like this:

% ps -x | grep -w lt\[a\]
PID TTY STAT TIME COMMAND
14511 ? S 0:01 lta

Ahh, that's better, n'est-pas? :-)

Neat trick. I use it often myself. ` ps -x | grep -w "lt[a]" ' will
also work - the idea is to "mask" the name of the process that you are
looking for.

Now, to get at the process numbers, try it like this:

% ps -x | grep -w lt\[a\] | cut -d\ -f1
^^^note the escaped space here

This will reliably give you what you want. (`cut -c1-6' will work,
but I would feel safer to specify a space as the delineator and simply
grab the first field).

> > Everything seems to kinda work except I keep getting an error about
> > attempting to kill a process.

Yeah, because by the time you've grabbed the process ID of the grep
command, it has already terminated :-)

> > It seems that the script dosn't have the
> > authority to kill a process. So I tried sudo and still could not get it to
> > work. Then I tried to setuid root on the script and still it did not work.

Linux does not allow suid shell scripts. Even if it did, in this case
it still wouldn't work :)

> > Does anyone have ANY suggestions or ideas about how I might
> > accomplish this seemingly simple task?

Try my suggestion, I'm sure you'll have better luck.

> I think the problem is that set UID scripts are disabled on most machines,
> due to potentially hideous security problems.

This behaviour is certainly NOT a problem! :-)

> I believe you can create Setuid scripts in perl with substantially
> fewer security pitfalls. You might want to try going that route.

Can anyone confirm if this is the case with perl scripts?

Cheers
Tony

Next message: Jeff Lightfoot: "Nagle Algorithm aggrivations"