[SunHELP] [Q] grant user kill the process privilege?
David Eisner
sunhelp at sunhelp.org
Fri Feb 23 17:33:50 CST 2001
I'd be curious to know the answer too. I'm not sure if the Unix
security model is expressive enough to accomplish this easily.
One possibility: Write a suid root program, call it "safe_kill",
which checks its arguments to make sure it's only killing a process you've
decided it's OK to kill (depending on the name of the process and/or the
owner of the process, say), and then sends that process the signal.
You could make a special "killer" group, and set the perms like this
-r-sr-x--- 1 root killer 6548 Feb 23 18:12 safe_kill*
Then put the oracle admin into the killer group.
This seems pretty kludgey, though.
-David
On Fri, 23 Feb 2001, L wrote:
> We have SUn Ultra computer with Solaris 2.7 installed. This server ONLY
> work as ORACLE database server. We have 100 users connect through MS NT
> terminal server to access ORACLE DB on this SUN server. Their have some
> problem happen on NT terminal server due to the session hang. The ORACLE
> DATA administrr need right to kill user process on UNIX side before he can
> clear on NT termineral server. I don't want him the
> "root" password. Does their has way I can just grant "kill other user
> process" privilege to him under Solaris?
>
>
>
> Thank you for help.
>
More information about the SunHELP
mailing list