[PLUG] Allow Users to Kill Process
Terry Griffin
griffint at pobox.com
Wed Jan 23 23:01:48 UTC 2008
> At Wed, 23 Jan 2008 14:48:12 -0800,
> Mark Turner wrote:
>>
>> I am stumped with this one...
>> I would like to have a group of users that can kill processes on a linux
>> server without using sudo. I would like them to be able to just run
>> 'kill <processes ID>' and have it work for any processes.
>>
>> This does not sound secure... I know, trust me but its better than
>> putting everyone in the root group.
>>
>> Any idea how I would accomplish this?
>>
>> -Mark
>
> Can you make kill setuid root, or make a kill synonym that is setuid
> root and which calls kill with this privilege? Just a stab in the
> dark.
>
To limit this to a particular group you'd need a custom version of the
'kill' utility. It would check the group membership before allowing
the operation, and it would have to be setuid root. A small amount
of C programming would be required. Some sloppy C programming could
lead to some interesting exploit opportunities.
Terry
More information about the PLUG
mailing list