For example, I would like to start running a process in the background SECRETLY on a Ubuntu server , but whenever anybody except me logins to the server, the process must be killed by that user. Is it possible to create a process like this? (I have the sudo account and can modify /etc/bash.bashrc)
Thanks!
Please note that what follows may compromise your system security in various ways.
Create a script which takes care of killing that process of yours (let us call it process P). Then give all users permission to run this script in sudoers. Finally add suitable call for this script with sudo into /etc/bashrc.
Lets for the sake of example assume that you know your process is started from /usr/local/sbin/myproc and that you want to kill all those processes immediately someone logs in, so you'll going to use simple grep and kill strategy for killing them.
So, first put the following into /usr/local/sbin/killmyprocs:
#!/bin/sh
ps auxw|grep [m]yproc|awk '{ print $2 }'|xargs kill -TERM > /dev/null 2>&1
# end of file.
You probably want to so something slightly more sophisticated if you actually proceed and implement this. So make sure to create a script which traps appropriate signals and in general does things in a secure way.
Second give all users permission to run this script in /etc/sudoers by adding into it:
ALL ALL = (root) NOPASSWD: /usr/local/sbin/killmyprocs
Third, and final step, is to add a sudo call to your script in /etc/bashrc:
[ "`id -n -u`" != "<my_username>" ] && sudo /usr/local/sbin/killmyprocs
Replace with your own account in order to avoid killing your "secret" processes when logging in yourself.
To sum it up: 1) create a script which produces no output but kills processes you wan to kill, 2) add appropriate entry to /etc/sudoers for every user on your system to be able to execute that script as root, 3) add a call to your script via sudo to /etc/bashrc (or /etc/profile).
A caveat: /etc/bashrc (or /etc/profile for that matter) get sourced only for interactive shells. This means it's rather easy for a user to do ssh yourhost 'ps auxw' and find your process from the process table, it will not get killed with the mechanism introduced above because shell initialization files are not consulted. There is a way around that, using ForceCommand in ´sshd_config` but that's left as an exercise for the reader.
To conclude I'd like to remind again that there are obvious security implications with this. This also sounds very much like trying to backdoor a system which you don't have a complete access to but that is not really my concern here (if you have to ask these things on Super User, you'll get caught soon enough anyway).
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments