LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-08-2017, 06:12 AM   #1
slayer_1994
Member
 
Registered: Feb 2017
Posts: 38

Rep: Reputation: Disabled
Checking Processes Are Started with Correct User


Hi There

I am trying to create a script with will allow me to check if a specific process is being run by the correct user (in this case this would be root).
I have tried a few scripts but hasn't worked so far, my last attempt was:

process_count=`pgrep -u root -x Introscope_WebView.lax;echo $?`

if [ "$process_count" -eq 0]
then
process_user="Root"
else
process_user="Not Root"
fi

echo "<metric type="LongCounter" name="OS Processes|WebView User Process:Process Count" value="$process_count"/>"
echo "<metric type="StringEvent" name="OS Processes|WebView User Process:Process User" value="$process_user"/>"

exit 0

"Introscope_Webview.lax" is the process i want to ensure is being run by root

Many Thanks
Alex
 
Old 02-08-2017, 08:50 AM   #2
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,820
Blog Entries: 15

Rep: Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664
You're not really getting a process count but to do it the way you have it you just need to redirect the output of the pgrep command to /dev/null:

Code:
process_count=`pgrep -u root -x Introscope_WebView.lax >/dev/null;echo $?`

if [ "$process_count" -eq 0]
then
process_user="Root"
else
process_user="Not Root"
fi

echo "<metric type="LongCounter" name="OS Processes|WebView User Process:Process Count" value="$process_count"/>"
echo "<metric type="StringEvent" name="OS Processes|WebView User Process:Process User" value="$process_user"/>"

exit 0
The reason is that without the redirect successful pgreps are giving 2 lines of output rather than the 1 you're expecting from the return code (echo $?).
 
Old 02-08-2017, 09:31 AM   #3
slayer_1994
Member
 
Registered: Feb 2017
Posts: 38

Original Poster
Rep: Reputation: Disabled
@MensaWater

Thank you for your response

I have tried your solution but it still comes back "not as root" I have double checked the ps- efl|grep java and it is defiantly ran by root as shown below:

0 S root 12003 1 6 80 0 - 1735348 futex_ Feb06 ? 02:37:01 ./jre/bin/java -Xms2048m -Xmx2048m -Djava.awt.headless=true -Dorg.owasp.esapi.resources=./config/esapi -Dsun.java2d.noddraw=true -Dorg.osgi.framework.bootdelegation=org.apache.xpath -javaagent:./product/webview/agent/wily/Agent.jar -Dcom.wily.introscope.agentProfile=./product/webview/agent/wily/core/config/IntroscopeAgent.profile -Dcom.wily.introscope.wilyForWilyPrefix=com.wily -Djetty.home=./ com.zerog.lax.LAX /opt/ca/APM/Introscope10.2.0.27/Introscope_WebView.lax /tmp/env.properties.12003

Cheers
Alex
 
Old 02-08-2017, 09:40 AM   #4
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7
Posts: 3,019

Rep: Reputation: 1275Reputation: 1275Reputation: 1275Reputation: 1275Reputation: 1275Reputation: 1275Reputation: 1275Reputation: 1275Reputation: 1275
What gets returned when you just run:
Code:
pgrep -u root -x Introscope_WebView.lax
 
Old 02-08-2017, 09:42 AM   #5
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,820
Blog Entries: 15

Rep: Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664
The "-x" flag is specifying command name. In your latest post you're showing the command name is actually "java" and the Introscope stuff is just part of the command line but not actually the name. Use the "-f" flag instead of "-x" so it looks at the entire command line:

Code:
process_count=`pgrep -u root -f Introscope_WebView.lax >/dev/null;echo $?`
 
1 members found this post helpful.
Old 02-08-2017, 09:44 AM   #6
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,078
Blog Entries: 4

Rep: Reputation: 3179Reputation: 3179Reputation: 3179Reputation: 3179Reputation: 3179Reputation: 3179Reputation: 3179Reputation: 3179Reputation: 3179Reputation: 3179Reputation: 3179
The output of cat proc/pid/status provides a lot of information including UID(s).

Remember that /proc, although it appears to be a directory containing subdirectories and files, is in fact an operating-system API.
 
Old 02-08-2017, 09:51 AM   #7
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,820
Blog Entries: 15

Rep: Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664
Quote:
Originally Posted by sundialsvcs View Post
The output of cat /proc/pid/status provides a lot of information including UID(s).
True enough but then the OP would first have to find the pid then look at /proc/pid which would add possibly unnecessary steps. What he is trying to do to find the basic answer works with pgrep and the appropriate flags for his conditional. (I'm not sure what the intent of the echos after that are.)
 
Old 02-08-2017, 09:54 AM   #8
slayer_1994
Member
 
Registered: Feb 2017
Posts: 38

Original Poster
Rep: Reputation: Disabled
@TenTenths
When I run the command nothing appears:
[rp1cem@wycvlapph036 ca]$ pgrep -u root -x Introscope_WebView.lax
[rp1cem@wycvlapph036 ca]$

@MensaWater
Yes this worked and returned root! Fantastic
Any chance I can get it to return the PID of root as well?

Thanks for the responses guys!
Alex
 
Old 02-08-2017, 09:56 AM   #9
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7
Posts: 3,019

Rep: Reputation: 1275Reputation: 1275Reputation: 1275Reputation: 1275Reputation: 1275Reputation: 1275Reputation: 1275Reputation: 1275Reputation: 1275
Quote:
Originally Posted by slayer_1994 View Post
@TenTenths
When I run the command nothing appears:
[rp1cem@wycvlapph036 ca]$ pgrep -u root -x Introscope_WebView.lax
[rp1cem@wycvlapph036 ca]$
What MW said is what I was hoping you get to after seeing that your pgrep wasn't returning anything. I just wasn't going to give the full answer
 
1 members found this post helpful.
Old 02-08-2017, 04:10 PM   #10
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,820
Blog Entries: 15

Rep: Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664
Code:
PID=$(pgrep -u root -f Introscope_WebView.lax)
RC=$?
if [ $RC -eq 0 ]
then echo process_user="Root" and PID is $PID
else echo process_user="Not Root and PID is $PID"
fi
In the above I'm using $() to encapsulate the command rather than ``. The latter still works but is deprecated and less useful than the former especially where you need to nest commands.

The first line just gets the Process ID (PID) reported by the pgrep.
The second line gets the return code of the first line.
If return code is 0 is prints your original echo and adds the PID to it.
If return code is not 0 it prints your original echo but doesn't show the PID (because there won't be one since the first line only returns a PID if it is being run as root).
 
1 members found this post helpful.
Old 02-09-2017, 04:48 AM   #11
slayer_1994
Member
 
Registered: Feb 2017
Posts: 38

Original Poster
Rep: Reputation: Disabled
@MensaWater

Thank you so much for your help on this!

Not just with the code but also explaining it as well, great stuff

Cheers
Alex
 
Old 02-09-2017, 10:56 AM   #12
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,820
Blog Entries: 15

Rep: Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664
Glad I could help.

Please go to Thread Tools and mark this as Solved. It helps others in future with similar questions more quickly find solutions in web searches.
 
Old 02-13-2017, 05:16 AM   #13
slayer_1994
Member
 
Registered: Feb 2017
Posts: 38

Original Poster
Rep: Reputation: Disabled
Hi guys

Any reason why this is coming back with no result?

- webview_process_user=`ps -efl | grep 'Introscope_Webview.lax' | grep -v grep | awk '{print $3}'`

-rw-r--r--. 1 root root 5014 Jan 25 18:17 Introscope_WebView.lax

[rp1cem@wycvlapph036 enterprisemanager]$ ps -efl | grep 'Introscope_Webview.lax' | grep -v grep | awk '{print $3}'
[rp1cem@wycvlapph036 enterprisemanager]$

Cheers
Alex
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to create a script that kills all processes started by a specific user? Squerl101 Linux - General 12 02-19-2013 08:09 AM
Checking what processes are hidden pallinger Linux - Security 1 01-13-2010 11:51 AM
Need help with checking if opensuse 10.2 password is correct through php derekalan18 SUSE / openSUSE 2 02-03-2008 12:03 PM
Checking a daemon has started SteveGodfrey Linux - Software 1 06-01-2004 05:33 AM
several processes started more than once at boot j-ray Linux - General 2 05-13-2004 01:37 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 07:02 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration