UNIX permissions to allow group users to kill each others' processes
Let's say we have a group (dev
) which has many users and a shared development directory with g+rwx
permissions on all contained files. Is this setup sufficient so that any dev
user can kill a process launched by any other dev
user (assuming the process was started with the default permissions)?
So for example, say we have file /opt/devfolder/bin/foo
owned by user1 (in group dev
) with group id dev
and permissions 0770. If user2 (in group dev
) starts an instance of "foo" from his shell, can user3 (in group dev
) kill it?
[Edit]
If not, how can we achieve this using sudo
or some other standard UNIX utility?
Solution 1:
The easiest way to do what you want is to create an entry in /etc/sudoers
like this:
%users localhost=(%users) NOPASSWD:/bin/kill
This will let anyone in the users
group run /bin/kill
as any other user in the users
group, and will not prompt for a password. I'm pretty sure this is exactly what you were asking for.
In this example I'm assuming that there exists a group named users
to which all of the members of your dev group belong. You will obviously need to modify this to match your local environment.
Solution 2:
Depending what your problem is, if you need the users of the dev group to be able to kill all of the processes of a specific type for some other user, then there might be a solution.
%users localhost=(%users) NOPASSWD:/bin/killall -u <username>
or
%users localhost=(%users) NOPASSWD:/bin/killall -u <username> perl
or whatever. you get the idea. This would allow the developers to kill all of the 'perl' processes, for one specific user. Remember that you can use the command aliases to shorthand writing out longs lists of apps, and you can also use regular expressions (be careful you don't allow too much)