General :: Setuid Process Cannot See Processes Owned By That User
Nov 2, 2010
I would like to give a non-root user (nicollet) the ability to detect and send a signal to processes started by Apache2 (those processes are FastCGI scripts and the signal tells them to empty their cache). The processes are owned by the web user (www-data), and I'm running on Debian unstable.
I can't find any way to have the nicollet user see those processes.
The processes are running and can see by both root and www-data:
root@linux-01:~# ps -Af | grep baryton
www-data 17649 17648 0 10:27 ? 00:00:00 baryton
www-data 28145 1 0 Nov01 ? 00:00:12 baryton --bot
root 18701 18700 0 10:46 pts/0 00:00:00 grep baryton
root@linux-01:~#
[Code]....
The most surprising is that the grep process is indeed run by www-data (because it's started from a setuid executable) and is visible, but the baryton process isn't.
What's going on here? Why can ps run by www-data show those processes, but ps run by a setuid executable running as www-data cannot, when it's started by nicollet?
View 1 Replies
ADVERTISEMENT
Apr 9, 2011
I'm trying to jail a sftp user. All I want is for my daughter-in-law to be able to download pictures of my grandson on his step-uncle's motorcycle. But I don't want her browsing around. She's not a techie, but she's smart enough to catch on how WinSCP is looking at my files. I've set up the jail using jk_init, adding ssh, sftp, bash, netutils, basicshell, jk_lsh.
The physical root of the jail is owned by root, as are all the binaries loaded by the jk_init. The user's home directory is owned recursively by the user and is writable only by the owner. The passwd and group files are in the jailed /etc and populated by the user's lines. Shell is bash, and bash is there too. The error message must be coming from some other problem that's not notifying, but what?
View 4 Replies
View Related
Aug 18, 2010
I have a root process (on linux) that forks a child and the child process then drops privileges by doing a setuid() to a normal user. After the child setuid()'s, it is of course impossible for it to gain root again by itself. But since the main process is still running as root, i was wondering if there was a simple/smart way of getting the root-master-process to elevate the child back to root (or maybe just to another non-privi uid). Is there some way to do a setuid() on another pid? or maybe something can be done through /proc/<pid>/? Killing the child is not an option (because its what it does today and im trying to find a smarter way). (The program is apache2's mpm-itk worker and the "child" is the actual apache2 process serving a page.)
View 11 Replies
View Related
Jul 13, 2011
Is possible (by root of course) to run a command from console, that will be executed on X-session owned by another user on the same linux box/machine ? Example: Can root open xclock for another local user logged into X11 ?
View 2 Replies
View Related
Sep 14, 2010
I have to monitor the %MEM that processes are using, so I use the ps and sort command like this ....
ps -aux | sort -nk4
So this will sort by column 4 so I can see the all the processes that are using the highest %MEM. What I really want is to be able to just display the process name and the %MEM next to it. how to do this?
View 2 Replies
View Related
Oct 24, 2009
Optimum number of processes for procesor In Linux based os are there a optimum number of process for a processor that gives 'maximum performance' for system(or process range depend on cpu speed,cache etc...)? By 'maximum performance' I mean better performance?
View 5 Replies
View Related
Jun 18, 2010
How to tell the kill command to ignore processes if that process is not alive?
For example: 3453 is an alive process but 44534 is not.
kill -9 3453 44534
View 4 Replies
View Related
Jul 22, 2010
I am facing an issue where the process starts hanging. When I closely look at the logs I come to know that some of the child processes that are forked by the parent process are not finished.
1) Is it possible that the child processes that are not finished occupy the socket memory of the parent process and ultimately a point is reached where no socket memory is available to fork new child processes.
2) What is the standard limit of socket memory in linux?
3) What is the fate of such child processes (as I have mentioned above)?
4) How to debug such cases so that the exact problematic area is identified?
View 2 Replies
View Related
Feb 15, 2011
well i have just started with shell scripting...how to find all child processes of a parent process given to script as argument.
View 10 Replies
View Related
Apr 13, 2011
When i do the following with logged in with root:
Code:
i get
Code:
When i login with user1 and do ulimit -a
i get
Code:
Why is the max user processes different for the same user? And how can i change this. I need for this user more then 20 processes...
View 2 Replies
View Related
May 21, 2009
I am studying for the LPIC-1 exam, and reading a book that they recommend: "Introduction to Linux: A Hands-on Guide", by Machtelt Garrels. There's one question on the 4th chapter (Processes), that I found confusing: Question: Based on process entries in /proc, owned by your UID, how would you work to find out which processes these actually represent?
What does he mean? If I run the command (considering that my username is sl33p):
Code:
$ps -u sl33p
...gives me the right answer?
The ps man page says:
-u userlist
Select by effective user ID (EUID) or name.
This selects the processes whose effective user name or ID is in userlist. The effective user ID describes the user whose file access permissions are used by the process (see geteuid(2)). Identical to U and --user.
View 8 Replies
View Related
Jun 15, 2010
user@host$ killall -9 -u user Will it definitely kill all processes owned by user (including forkbombs)?
No new processes is spawned to user from other users. No user's processes are in D-sleep and unkillable.No processes are trying to detect and ptrace or terminate this started killall (but they can ptrace or do other things with each other) There is ulimit that prevents too much processes (but killall is already started and allocated it's memory)
E.g. if killall will finish untampered and successfully is it 100% that no processes are left with this uid? If no, how to do it properly (with standard commands and no root access). Will SysRq+I definitely kill all things (even replicating)?
View 2 Replies
View Related
Nov 18, 2010
All the kill idle user processes scripts I've seen don't take into account that the user might have multiple sessions open. Such is the case with one of our clients. Currently, every hour or two I need to do the following:
This will get the TTY and idle time for all users.
For each idle time over a half hour, I do the following (TTY is the TTY from the previous command with a space.
I then kill those processes.
There must be a way to do this automatically in a bash or perl script. I've tried both, but can't seem to get things to work properly.
View 2 Replies
View Related
Jul 15, 2010
I have just installed an SSD as a secondary hard drive and formatted as ext4. (the Ubuntu installation is on a different drive)how I would go about creating a directory on the SSD that is owned by the user 'Test user'.
View 8 Replies
View Related
Feb 2, 2009
Few days ago, the server did not respond to a ssh request from a user at night. A user tried to check what went wrong with computer and tried to login from terminal next morning. As the computer was unresponsive, he somehow decided to boot it by turning the power off. To make the story short, the server rebooted; however, he can't login to his account. Actually, the server could not start some processes; but was able to ask user to enter his account username. Even though, he enters the correct username and password, server does not accept the request. I also could not login as root.
I just checked the server logs by booting it in single user mode. Here are some interesting lines:
Before the reboot:
irqbalance : can't balance irqs on a uniprocessor system: failed
After the reboot:
irqbalance : can't balance irqs on a uniprocessor system: failed
fsck:
fsck /: (this is repeated 900+ times)
[code]....
View 1 Replies
View Related
Oct 5, 2010
Normally all I/O goes through the kernel so that it can schedule the operations and prevent processes from stepping on each other. A few special user processes are allowed to slide around the kernel, usually by being given direct access to I/O ports. X servers are the most common example of this isn't it ? give examples for any other processes that are allowed to slide around the kernel ?
View 3 Replies
View Related
Mar 11, 2010
I've setup a Moodle server on 9.10 server, and have been able to share user folders back to the windoze machines on the home net. What I'd like to do is share the Moodle main folder (and descendents) likewise. The problem is that it's owned by root. For ther user folders, as long as the owning user was logged in they were able to mark the folder as shared and everything worked very smoothly. When I try to mark the moodle folder as shared, no suprise I get a permission error. Is there a way of doing a "sudo su" from the GUI desktop to allow this to happen? Or do I have to set up the share from a command line (after having done a sudo su)? Can anyone give me the magic commands needed to do such?
View 1 Replies
View Related
Jul 15, 2010
I have just installed an SSD as a secondary hard drive and formatted as ext4. (the Ubuntu installation is on a different drive) Im very new to linux, Could someone inform me how I would go about creating a directory on the SSD that is owned by the user 'Test user'
Im sorry if this is a daft question, im just moving from windows to linux and struggling a lot.
View 3 Replies
View Related
Mar 6, 2011
I'm trying to get the end result to have the same format as this as well:
1 bin
2 daemon
67 erozner
[code]....
Where the numbers are the number of processes being run by the user (the name right next to it).if I input the command egrep myFile into the terminal, it should look for every line with the letter x in myFile, right?
View 5 Replies
View Related
May 25, 2010
Running 9.10 now, I'd like to do a clean install of 10.04 on my dual-boot (with XP) Compaq notebook. As a test, I burned an ISO image onto a 1-GB stick and booted to 10.04 from it. It works just fine, except that the directories in the Documents folder on my hard drive are owned by "user 1000", and "he" grants me access to only about half of them.
Is this problem likely to persist if I actually install 10.04 rather than just running it from the stick? If so, what can I do about it? Second question: am I correct in understanding that if I still need to access my Ubuntu partition from XP, I'd better stick with ext3 for this install rather than going to ext4?
View 2 Replies
View Related
Apr 10, 2011
I'm using the IDE Netbeans (text editor) on my /home/michael Ubuntu account. I'm trying to open a file with Netbeans that's owned by root, I can't do this as I expected. So is there a way to run NetBeans as root, or is there a way to give netbeans permission to open/save files owned by root
View 1 Replies
View Related
Jan 14, 2010
the script should take as input in the begginig the username of the user and then deletes all the files and folders from the user in every place he has them. script must also check if the parameters have been given correctly (only one and that one must be a username) Doesnt all the files of a user exist on a folder with his name? what if i delete this folder? Will something like this work?
Quote:
E_NOARGS=65
if [ -z "$1" ] # Exit if no argument given.
then
echo "Usage: `basename $0` directory-to-copy-to"
[code].....
View 7 Replies
View Related
Nov 2, 2010
Are there any tools to view/edit user space memory of running processes on Linux?
It would be a great learning tool.
View 1 Replies
View Related
Jan 24, 2010
setuid bit allows the process to execute the file with the uid of the file. But, what is the purpose of setting setuid without execute bit? The man page tells that if a file is setuid without execute flag, the permission will be displayed as 'S' (capital s) in ls command. Why should anyone set the setuid without execute flag? Does setting setuid without execute flag have any special meaning?
View 1 Replies
View Related
Jun 3, 2011
How do you list processes, get a process's std(in|out|err) stream, or wait until a process is finished in C?
View 3 Replies
View Related
Aug 18, 2009
I have p1,p2,p3,p4 some processes created by me in C. p1, p2, p3 are started individually from several consoles. And I want process p4 to terminates processes p1, p2, p3 if they are running. Which is the easiest way to accomplish that? put all processes in the same process group and send from p4 a kill signal to the group. But I couldn't do that because I cannot call successfully setpgid(getpid(), 15000) from p1-p4. It's there some way to put them in the same group? the processes don't have a child-parent relationship, they are launched manually from consoles.
View 1 Replies
View Related
May 18, 2010
I would like to set process in background in such a way that it will be running.For example, I started vim editor and pressed CTRL+Z command to put the process in background. But this process is in stopped status, which I can check with 'jobs' command.Is there any way that stopped job can be put into running background process?
View 1 Replies
View Related
Jan 12, 2010
I list the process with
Code:
ps -ef | grep java
and I got:
Code:
user1 24041 ....
Here the user1 should the process name.
My question: Is this name the same as the user name?
View 2 Replies
View Related
Feb 24, 2010
I've three user in my machine ,and i want to make sure that the process created by the user1 can be killed by other user and vice-versa ,is there any way i can do that without using root password or sudo
View 4 Replies
View Related
Sep 30, 2010
I want to write the sequence of operation of a user interactive process (Question asked by the process and answers user entered) in to a log file.
I used tee command, Precess1 | tee -a FileName
This write only the Question asked by the process. Does anybody know how to write the user inputs also to the same file, synchronized?
View 2 Replies
View Related
