Is it possible to complete a long-running program launched from under the root of a program, say, launched from under some of Vasya? Self-written programs in c.

While "floating" in such things as sigaction , SIGTERM . I know that the SIGTERM signal is sent for the "polite" completion of the process and it can probably be processed in the root program. But how to implement all this in practice is not yet clear. Anyone can throw a simple example in C?

  • gist.github.com/aspyct/3462238 - KoVadim
  • one
    root is a user, a shell is a command interpreter program. Thus, the shell can be launched both as a regular user and as root. Sending signals to other programs can be either a program running under the root or under the same user under which the one to which the signal is sent is running. And signals can be processed in any program, and not only in root. - Mike
  • Read not as a shell interpreter, but as a shell user, or Vasya, steppe, etc. and do not carp at the words.` ls -la ... drwx ------ shell shell 1970-01-03 20:45 shell` - ilw
  • And from the program launched by Vasya, there is no way to influence the program running as root. programs running as root signals can only programs that also work with root rights. (Note: "running as root" is not equal to "having root rights", although in principle it is the same subtleties of terminology). Specifically, in the case of a program, with the file rights that you showed, only the user who starts the program will be able to send an effect on it or not, it will be able to send a signal (call kill() ) to the program as root only if it is started by root - Mike
  • one
    no signal to the root process can be sent if the program starts not root. If it were possible, then any user could do anything with the system. you just try, run as root any program and from the shell under Vasya with the kill command try sending a signal to it (by default, kill sends TERM), get "permission denied". And the kill program only prints an error on the screen, returns its kernel to any kill() system call, so it doesn’t matter what the program will send your own signal or kill, the rights work the same way - Mike

1 answer 1

You cannot send signals to processes of other users, in general. It does not matter if the program runs as root or under another user. Therefore, do not count on them. You need some other way to interact with that program.

If you want to do with less blood, you can make a wrapper for running under sudo from your user. The wrapper is needed to limit the user's ability to complete any other programs, as well as to run programs with root privileges harder than one line.

The file /usr/local/bin/kill-root-service , provided that your program is called exampled :

 #!/bin/sh killall exampled # или ищем ID процесса и посылаем сигнал ему

Then:

 sudo chmod +x /usr/local/bin/kill-root-service sudo visudo

Add a line:

 %users ALL = NOPASSWD: /usr/local/bin/kill-root-service

With this line, all members of the users group will have the right to run kill-root-service without entering a password like this:

 sudo kill-root-service

Thus, launching this command will do everything you want.

They will not have the right to execute any other commands. Just as there will be no right to change that file, unless, of course, you yourself explicitly allow it.

This method is also the most reliable. With other seemingly simple options, including creating some kind of common file, as suggested in the comments, a lot can go wrong. For example, ended inodes on disks and the file was not created. You need to not only create and track files, but also take into account all sorts of erroneous situations, which complicates the whole scheme. It may even be easier to arrange communication between processes by regular means (pipes, TCP, and so on).

  • It now remains to add rm -rf to / usr / local / bin / kill-root-service. - Andrio Skur
  • Well, yes, only an ordinary user can not do this. - sanmai