How to create a script that kills all processes started by a specific user?

Squerl101 · 02-13-2013, 05:44 PM

Hey guys, I was wondering if someone can help me create a script that runs every 5 minutes and kills all processes started by a specific user. I know nothing about scripting, so any help would be appreciated!

chrism01 · 02-13-2013, 07:17 PM

Can I ask why you would want to do this? Why not just lock or even delete the acct?

evo2 · 02-13-2013, 07:19 PM

Hi,

are you sure this is really what you want to do? If you give some information about the underlying problem we can probably find a better solution.

Anyway in answer to your question, an easy way to do this would be with killall and a crontab entry.

Evo2.

Squerl101 · 02-13-2013, 07:21 PM

Thanks. I am actually doing this for a project in class.

evo2 · 02-13-2013, 07:33 PM

Quote:

Originally Posted by Squerl101

Thanks. I am actually doing this for a project in class.

Ohh, homework question. Kind of ironic given your signature.

Evo2.

sundialsvcs · 02-13-2013, 08:25 PM

I'm sorta thinking that you should be somehow able to use the ps command to find the list of PIDs, then pipe that output into xarg which executes a kill.

I'm sorta thinking, also, that you can take it from there... mmm?

And you really do need to master this particular "fundamental Linux/Unix skill," because you're going to use it a lot. These operating systems give you a set of fairly primitive fundamental commands, most with quite a few options, plus the ability to string those commands together such that "the whole is greater than the sum of its parts." You need to spend some serious time exploring these possibilities, and I daresay that this is a lot of what your instructor has in mind. (Ask him or her.)

In fact ... you can even handle the entire assignment this way, if you ponder the list of available commands long enough ... (he said, cryptically).

chrism01 · 02-14-2013, 01:16 AM

What sundialsvcs said

Now we know why, it makes more sense (sort of)..

Anyway, I suggest you bookmark/read these
http://rute.2038bug.com/index.html.gz
http://tldp.org/LDP/Bash-Beginners-G...tml/index.html
http://www.tldp.org/LDP/abs/html/
http://www.adminschoice.com/crontab-quick-reference

sundialsvcs · 02-14-2013, 07:12 PM

Yeah, and let us repeat, Squerl101 ... take full advantage of this very "boots-on-the-ground important" exercise! Pay close attention to what can be done using these techniques, and learn them well. Ask your instructor about it, and listen to what he or she has to say. If you've ever wondered "what all the fuss was about," with regard to (originally...) "Unix in the 1970's," this is it.

jpollard · 02-18-2013, 10:57 AM

And consider what you might have to do in the presence of a fork bomb...

Killing multiple processes cannot be an atomic action.

Habitual · 02-18-2013, 05:19 PM

Code:

pkill -KILL -u $user

DO NOT USE THIS ON root AND
DO NOT ASK HOW I KNOW THIS.

"May" require sudo.

jpollard · 02-18-2013, 06:45 PM

Quote:

Originally Posted by Habitual

Code:

pkill -KILL -u $user

DO NOT USE THIS ON root AND
DO NOT ASK HOW I KNOW THIS.

"May" require sudo.

Does not work against a fork bomb. Fork bombs fork faster than pkill can find processes to kill...

Try this one: (NOTE THIS WILL CAUSE YOU PROBLEMS)

Code:

#include <unistd.h>

void main(void)
{
    while (1) fork();
}

In the time it takes pkill to kill one process, this application will fork several hundred, each new process will then fork several hundred while pkill kills the next (plus the several hundred generated by each of previous processes...)

It will eventually hang your system UNLESS you have reasonable ulimits set. (I have 1024 concurrent processes...).

For me to run it then there would be 1023 maximum number of processes (after that, the fork fails).

Then, for each process that pkill manages to kill, any one of the other 1022 processes will replace it...

So... how do you stop it?

It isn't a single step operation, and works best when there are reasonable ulimits to prevent the system from hanging.

1. pkill -SIGSTOP -u <user>

This will put all of the users processes in the suspended state. And that means they will no longer be running. It also means that new processes cannot be started (the ulimit has been reached).

2. pkill -SIGKILL -u <user>

Now that the user processes are stopped, pkill can find each one and kill it.

Note: pkill may not exist on all systems (linux yes, Solaris, should be, but AIX/BSD... don't know)

See also: killall

There are also other strategies available - look at the fuser command where you know the file being used to hold the fork bomb.

Habitual · 02-18-2013, 07:10 PM

It was a possible hint at the OP's topic opener " a script that runs every 5 minutes and kills all processes started by a specific user".

How fork bombs got put in the mix, I don't know.

jpollard · 02-19-2013, 07:09 AM

Quote:

Originally Posted by Habitual

It was a possible hint at the OP's topic opener " a script that runs every 5 minutes and kills all processes started by a specific user".

How fork bombs got put in the mix, I don't know.

Such a script doesn't work when the user process forks faster.