*BSD News Article 44707


Return to BSD News archive

Path: sserve!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.uwa.edu.au!classic.iinet.com.au!news.uoknor.edu!news.ecn.uoknor.edu!paladin.american.edu!gatech!howland.reston.ans.net!spool.mu.edu!news.nd.edu!infoserv.illinois.net!news.cic.net!locust.cic.net!pauls
From: pauls@locust.cic.net (Paul Southworth)
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: Killing processes
Date: 28 May 1995 23:38:55 GMT
Organization: CICNet, Inc.
Lines: 38
Message-ID: <3qb1if$gfe@spruce.cic.net>
References: <3qarhc$f92@news.bu.edu>
NNTP-Posting-Host: locust.cic.net

In article <3qarhc$f92@news.bu.edu>, Mikhail Teterin <mi@cs.bu.edu> wrote:
>Is it possible (must be, then how?) to set permitions so that people from
>specified group will be able to kill process started by root (or another 
>user)?

Yes, by making a setuid wrapper for the script doing the signalling.

>Example: file netdown, says:
>	kill `cat /var/run/ppp0.pid`
>(Just that one line)
>When non-root executes it, the result is :
>kill: <pid> : Operation not permitted
>I tried permissions [0-7]755 on  it with no success. I must be missing 
>something really stupid )-:

Exactly.  Filesystem permissions have nothing to do with who owns the
process.  The process is owned by the invoking user, and Unix has no
conception of group ownership of processes.

So, for example, we have a group "dns" on our DNS server, and they
can edit all the zone files and the boot file.  But when they need
to send a signal to named (using the "ndc" script, part of the bind 4.9.3
distribution) they call a setuid C program which is a wrapper for
"ndc".  Look at the execl(3) man page for syntax.  Here's the code:

#include <sys/types.h>
main (argc, argv)
int argc;
char **argv;
{
     setuid(0);
     execl ("/usr/etc/in.ndc", "/usr/etc/in.ndc", "restart", (char *)0 );
}

--
Paul Southworth
CICNet Systems Support
pauls@cic.net