UNIX permissions to allow group users to kill each others' processes

Let's say we have a group (dev) which has many users and a shared development directory with g+rwx permissions on all contained files. Is this setup sufficient so that any dev user can kill a process launched by any other dev user (assuming the process was started with the default permissions)?

So for example, say we have file /opt/devfolder/bin/foo owned by user1 (in group dev) with group id dev and permissions 0770. If user2 (in group dev) starts an instance of "foo" from his shell, can user3 (in group dev) kill it?

[Edit]

If not, how can we achieve this using sudo or some other standard UNIX utility?


Solution 1:

The easiest way to do what you want is to create an entry in /etc/sudoers like this:

%users localhost=(%users) NOPASSWD:/bin/kill

This will let anyone in the users group run /bin/kill as any other user in the users group, and will not prompt for a password. I'm pretty sure this is exactly what you were asking for.

In this example I'm assuming that there exists a group named users to which all of the members of your dev group belong. You will obviously need to modify this to match your local environment.

Solution 2:

Depending what your problem is, if you need the users of the dev group to be able to kill all of the processes of a specific type for some other user, then there might be a solution.

%users localhost=(%users) NOPASSWD:/bin/killall -u <username>

or

%users localhost=(%users) NOPASSWD:/bin/killall -u <username> perl

or whatever. you get the idea. This would allow the developers to kill all of the 'perl' processes, for one specific user. Remember that you can use the command aliases to shorthand writing out longs lists of apps, and you can also use regular expressions (be careful you don't allow too much)