LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 07-15-2017, 07:26 AM   #1
NewtownGuy
LQ Newbie
 
Registered: May 2014
Posts: 14

Rep: Reputation: Disabled
kill works in script from command line but not when invoked by another script


I have a bash script in /var/www/cgi-bin that includes the kill command. This bash script works fine from the command line but the kill command does not execute when it's run from a perl script in the same folder. The permissions on the two scripts are:

-rwxr-xr-x 1 root root 1924 Jul 13 09:43 foo.pl
-rwxr-xr-x 1 root root 5043 Jul 14 21:09 bar.sh

The perl script is invoked by apache2. It processes the URL parameters and passes them on to the bash shell script to do things that are more easily done in bash than perl.

How do I fix this presumably-permissions problem ?

Thank you in advance.
 
Old 07-15-2017, 07:43 AM   #2
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 3,473
Blog Entries: 3

Rep: Reputation: 1527Reputation: 1527Reputation: 1527Reputation: 1527Reputation: 1527Reputation: 1527Reputation: 1527Reputation: 1527Reputation: 1527Reputation: 1527Reputation: 1527
Which account is it using when you launch it via the shell ("command line") in contrast to the account that Apache is using for CGI?
 
Old 07-15-2017, 09:48 AM   #3
NewtownGuy
LQ Newbie
 
Registered: May 2014
Posts: 14

Original Poster
Rep: Reputation: Disabled
I run it from root at the command line. I don't know what the default account is for apache2. I thought the run-from-all permissions that I have given the script would handle running it from any account, but the kill command appears to be different.
 
Old 07-15-2017, 09:50 AM   #4
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 3,473
Blog Entries: 3

Rep: Reputation: 1527Reputation: 1527Reputation: 1527Reputation: 1527Reputation: 1527Reputation: 1527Reputation: 1527Reputation: 1527Reputation: 1527Reputation: 1527Reputation: 1527
root can kill any process. Unprivileged accounts can only kill their own processes. So your script is probably running under one account and your target process another.

Can you give more details about how you are trying to use kill or pkill and what process is being launched by Apache?
 
Old 07-15-2017, 10:39 AM   #5
NewtownGuy
LQ Newbie
 
Registered: May 2014
Posts: 14

Original Poster
Rep: Reputation: Disabled
A web page sends a URL to foo.pl via Apache2. Apache runs foo.pl, which executes a system call to bar.sh and passes that parameter to it. bar.sh temporarily stops (/bin/kill -STOP <pid>) or resumes (/bin/kill -CONT <pid>) each of several applications depending upon the parameter and some local variables it maintains.
 
Old 07-15-2017, 10:46 AM   #6
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 3,473
Blog Entries: 3

Rep: Reputation: 1527Reputation: 1527Reputation: 1527Reputation: 1527Reputation: 1527Reputation: 1527Reputation: 1527Reputation: 1527Reputation: 1527Reputation: 1527Reputation: 1527
Who owns pid, the target of kill?

You can see that with ps like this:

Code:
ps -o user,pid,ppid,cmd $pid
where $pid is replaced with the actual process id of what you are looking at.

Also, which distro are you using, including version? That will help where to look to find out the user and group used by Apache2.
 
Old 07-15-2017, 10:57 AM   #7
NewtownGuy
LQ Newbie
 
Registered: May 2014
Posts: 14

Original Poster
Rep: Reputation: Disabled
The user is root. I'm using Raspian Wheezy 4.1.6+ on one machine and 4.4.10-v7+ on another machine. Both have the same problem.
 
Old 07-15-2017, 11:09 AM   #8
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 3,473
Blog Entries: 3

Rep: Reputation: 1527Reputation: 1527Reputation: 1527Reputation: 1527Reputation: 1527Reputation: 1527Reputation: 1527Reputation: 1527Reputation: 1527Reputation: 1527Reputation: 1527
If the account of the target process is root, only root can kill it. There is a way around that if you can identify your target process by exact name rather than pid.

You'll need to know the name of the account that runs the CGI script. I don't have Raspbian handy but there should be a directory full of Apache2 configuration files, maybe something like /etc/apache2/ Look there to see what Apache2 runs as.

Code:
grep -irE '^user|APACHE_RUN_USER|SuexecUserGroup' /etc/apache2/*
It is probably www-data.

Can you zap your target process manually using "pkill -x" instead of kill?
 
Old 07-15-2017, 11:26 AM   #9
NewtownGuy
LQ Newbie
 
Registered: May 2014
Posts: 14

Original Poster
Rep: Reputation: Disabled
You are right about www-data being the owner:

root@B-7:/var/www/cgi-bin# grep -irE '^user|APACHE_RUN_USER|SuexecUserGroup' /etc/apache2/*
/etc/apache2/apache2.062914.conf:User ${APACHE_RUN_USER}
/etc/apache2/apache2.conf:User ${APACHE_RUN_USER}
/etc/apache2/envvars:export APACHE_RUN_USER=www-data
/etc/apache2/envvars.072314:export APACHE_RUN_USER=www-data

How do I fix this ? Can I do this without messing up other things ? Why does my perl script, which is invoked by apache2, run ok ?

BTW, when I run my script from the command line, I get a return code of 0 from kill, which lines up with the fact that kill is working as intended. But when I run it via the other script and apache2, I get a return code of 1.

I need to suspend several processes so I can resume them. I don't want to destroy them. I looked up pkill but I don't see an equivalent to -STOP and -CONT, but if there is, what is that advantage ?
 
Old 07-15-2017, 11:34 AM   #10
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 3,473
Blog Entries: 3

Rep: Reputation: 1527Reputation: 1527Reputation: 1527Reputation: 1527Reputation: 1527Reputation: 1527Reputation: 1527Reputation: 1527Reputation: 1527Reputation: 1527Reputation: 1527
I'd keep the Apache process under www-data, that is fine. The perl script runs fine as www-data but it or any child script that it calls cannot kill anything other than processes owned by www-data -- until you can work out something with pkill.

The return code of 1 means that kill did not work. That is expected since only root can kill processes owned by root. www-data, not being root, can't kill root's processes.

You'd use pkill with other signals like this:

Code:
pkill --exact --signal STOP uniquetarget
pkill --exact --signal CONT uniquetarget
The string "uniquetarget" would be replaced with the exact name of the process you want to signal, if it is unique.
 
Old 07-15-2017, 11:38 AM   #11
michaelk
Moderator
 
Registered: Aug 2002
Posts: 17,614

Rep: Reputation: 2340Reputation: 2340Reputation: 2340Reputation: 2340Reputation: 2340Reputation: 2340Reputation: 2340Reputation: 2340Reputation: 2340Reputation: 2340Reputation: 2340
As stated only root can kill the process but the scripts are being run as www-data. You can allow www-data to run your scripts as root via /etc/sudoers.

Code:
www-data ALL = NOPASSWD: /var/www/cgi-bin/foo.pl
 
Old 07-15-2017, 11:43 AM   #12
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 3,473
Blog Entries: 3

Rep: Reputation: 1527Reputation: 1527Reputation: 1527Reputation: 1527Reputation: 1527Reputation: 1527Reputation: 1527Reputation: 1527Reputation: 1527Reputation: 1527Reputation: 1527
I wouldn't put the whole script under root. There's much that can go wrong that way. I'd say have the script call sudo to call pkill and lock that down so it can't get loose:

Code:
www-data ALL= (root:root) NOPASSWD: /usr/bin/pkill --exact --signal STOP uniquetarget, \
                        /usr/bin/pkill --exact --signal CONT uniquetarget
Then the script (being run by www-data) can call it verbatim:

Code:
sudo /usr/bin/pkill --exact --signal CONT uniquetarget

Last edited by Turbocapitalist; 07-15-2017 at 11:59 AM. Reason: comma
 
Old 07-15-2017, 11:57 AM   #13
michaelk
Moderator
 
Registered: Aug 2002
Posts: 17,614

Rep: Reputation: 2340Reputation: 2340Reputation: 2340Reputation: 2340Reputation: 2340Reputation: 2340Reputation: 2340Reputation: 2340Reputation: 2340Reputation: 2340Reputation: 2340
Your correct, much better plan...
 
Old 07-15-2017, 12:15 PM   #14
NewtownGuy
LQ Newbie
 
Registered: May 2014
Posts: 14

Original Poster
Rep: Reputation: Disabled
The processes that I'm trying to suspend and resume do not have unique names. One of the things my bash script does is figure out which process ID's to STOP and CONT.

I have a system call in foo.pl to run my bash script, bar.sh:

$my_command = '/var/www/cgi-bin/bar.sh on';
system($my_command);

To try to follow your recommendation about sudo, I changed this to:

$my_command = 'www-data ALL = NOPASSWD: /var/www/cgi-bin/bar.sh on';
system($my_command);

But the bash script no longer runs when apache runs my perl script. The error message I get is: Can't exec "www-data": No such file or directory ..."

Is my syntax wrong ?

Alternatively, in my bash script, can I have sudo call kill instead of pkill ?

Last edited by NewtownGuy; 07-15-2017 at 12:30 PM. Reason: additional information
 
Old 07-15-2017, 12:27 PM   #15
michaelk
Moderator
 
Registered: Aug 2002
Posts: 17,614

Rep: Reputation: 2340Reputation: 2340Reputation: 2340Reputation: 2340Reputation: 2340Reputation: 2340Reputation: 2340Reputation: 2340Reputation: 2340Reputation: 2340Reputation: 2340
You need to add the line that begins with www-data... as posted by Turbocapitalist to the /etc/sudoers file. One of the proper ways to edit the file is via visudo.

Add "sudo /usr/bin/pkill whatever..." line to your bash script.

Last edited by michaelk; 07-15-2017 at 12:32 PM.
 
  


Reply

Tags
kill, permissions


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Bash script - command works directly in command line but not in script raoulcousins Linux - Newbie 6 08-21-2013 07:43 PM
[SOLVED] perl script runs fine from command line but fails when invoked by nagios andrest964 Linux - Newbie 7 10-04-2012 09:04 AM
Command works when pasted at command line but not as bash script neild Programming 7 09-23-2012 07:30 AM
works on command line but not in bash script tara Linux - General 7 02-09-2009 03:57 AM
kill the process invoked from a shell script, when the script is killed kskkumar Linux - Software 8 05-23-2007 11:29 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 10:09 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration