![]() Therefore, I was thinking to create a process running as root which receives the request to kill processes from a user, checks if the user is allowed to start/stop the process and kills the process. ![]() If a second user allowed to do that wants to kill the process I'd like it to be allowed to do that but I don't want it to be sudoers. What I have is a list of users allowed to start the process, defined in the database, before starting the process I check that the current user in the list and, if yes, I start the process with the current user. Other users that are not in the group will not be able to start a second parallel process. The fact is that concurrent instances of the same process can be started from different users, that is why it is not convenient for me to set the group id to the process. In short: sudo -HE ssh userhost (success) sudo -HE -u otheruser ssh userhost Permission denied (publickey). When used with the -i option, sudo run an interactive. The only way I can think of is adding my key to authorizedkeys of otheruser and 'ssh otheruserlocalhost', but thats cumbersome to do for every user and server combination I may have. Running sudo su - and then typing the user password has the same effect the same as running su - and typing the root password. If the user is granted with sudo assess, the su command is invoked as root. ![]()
0 Comments
Leave a Reply. |