In a bash script, I'm using kill -0 to test if I have permission to kill a process. There are 3 cases:
the process exists and I have permission: OK
the process doesn't exist and it's OK (because I decided to ignore processes that are already dead).
I don't have permission and I want to raise an error.
If I use ps $pid , I cannot tell the difference between a process that does not exist and a process I cannot "see":
santiago@alphard:~$ ps 1 > /dev/null && echo OK || echo ERR
ERR
santiago@alphard:~$ sudo ps 1 > /dev/null && echo OK || echo ERR
OK
If I use kill -0 $pid , I could tell the difference reading stderr but it would be language specific:
santiago@alphard:~$ for pid in 1 123; do for lc in C fr_FR.utf-8; do LC_ALL=$lc; kill -0 $pid; echo Status is $?; done; done
-su: kill: (1) - Operation not permitted
Status is 1
-su: kill: (1) - Opération non permise
Status is 1
-su: kill: (123) - No such process
Status is 1
-su: kill: (123) - Aucun processus de ce type
Status is 1
Question: How can I programmatically tell if a process exists and if I have permission on it?
Thanks rovf,
That would mostly work I think but beside the language barrier, I don't like relying on error messages that could vary from one implementation to another. But that's the best answer so far.
Thanks MadeInGermany,
My problem is that on some systems, there are some processes that I just don't see as a normal user (not only no permission, really don't see) so I cannot rely on ps . Take the following example:
santiago@alphard:~$ ps 1; echo $?
PID TTY STAT TIME COMMAND
1
It looks like process 1 does not exists but kill and sudo prove otherwise:
santiago@alphard:~$ kill -0 1
-bash: kill: (1) - Operation not permitted
santiago@alphard:~$ sudo ps 1; echo $?
PID TTY STAT TIME COMMAND
1 ? Ss 2:55 init [2]
0
santiago@alphard:~$ uname -srv
Linux 3.14.32-xxxx-grs-ipv6-64 #9 SMP Thu Oct 20 14:53:52 CEST 2016
santiago@alphard:~$ cat /etc/debian_version
7.11
santiago@alphard:~$ bash --version | head -1
GNU bash, version 4.2.37(1)-release (x86_64-pc-linux-gnu)
santiago@alphard:~$ ps --version
procps-ng version 3.3.3
I have many Debian and they all work fine except 2 of them. It is kernel related I think.
Here is a list of some of the kernels working fine (they are all Debian distribution kernels):
2.06.26-2-686
2.06.32-5-686
2.06.32-5-amd64
3.02.00-4-686-pae
3.02.00-4-amd64
3.16.00-4-amd64
Here are the 2 kernels that do NOT work as I wish (they are OVH Dedicated Server Debian custom kernel):
2.06.21.05-grsec-xxxx-grs-ipv4-32
3.14.32-xxxx-grs-ipv6-64
Unfortunately, I failed to upgrade the kernel because (according to the hosting company), the hardware is incompatible.
I can live with a non standard kernel but if anyone knows where I can tweak the setting that makes other users processes invisible, I'd take some help with great gratitude.
All I was hiding from stderr is the non-existing stuff you mentioned. I only wanted to show process directories (starting with a digit). This is the full content of my /proc . Sorry for the long listing. Just wanted you to "see" the problem:
santiago@alphard:~$ ls -l /proc/
total 0
dr-xr-x--- 7 santiago root 0 Jun 29 11:02 7476
dr-xr-x--- 7 santiago root 0 Jun 29 11:02 7477
dr-xr-x--- 7 santiago root 0 Jun 29 11:02 7506
dr-xr-xr-x 2 root root 0 Jun 29 11:02 acpi
-r--r--r-- 1 root root 0 Jun 29 11:02 buddyinfo
dr-xr-xr-x 4 root root 0 Jun 29 11:02 bus
-r--r--r-- 1 root root 0 Jun 29 11:02 cgroups
-r--r--r-- 1 root root 0 Jun 29 11:02 cmdline
-r-------- 1 root root 22624 Jun 29 11:02 config.gz
-r--r--r-- 1 root root 0 Jun 29 11:02 consoles
-r--r--r-- 1 root root 0 Jun 29 11:02 cpuinfo
-r--r--r-- 1 root root 0 Jun 29 11:02 crypto
-r--r--r-- 1 root root 0 Jun 29 11:02 devices
-r--r--r-- 1 root root 0 Jun 29 11:02 diskstats
-r--r--r-- 1 root root 0 Jun 29 11:02 dma
-r--r--r-- 1 root root 0 Jun 29 11:02 drbd
dr-xr-xr-x 2 root root 0 Jun 29 11:02 driver
-r--r--r-- 1 root root 0 Jun 29 11:02 execdomains
-r--r--r-- 1 root root 0 Jun 29 11:02 fb
-r--r--r-- 1 root root 0 Jun 29 11:02 filesystems
dr-xr-xr-x 12 root root 0 Jun 29 11:02 fs
dr-xr-xr-x 4 root root 0 Jun 29 11:02 ide
-r--r--r-- 1 root root 0 Jun 29 11:02 interrupts
-r--r--r-- 1 root root 0 Jun 29 11:02 iomem
-r--r--r-- 1 root root 0 Jun 29 11:02 ioports
dr-xr-xr-x 2 root root 0 Jun 29 11:02 ipmi
dr-xr-xr-x 32 root root 0 Jun 29 11:02 irq
-r--r--r-- 1 root root 0 Jun 29 11:02 kallsyms
-r--r--r-- 1 root root 0 Jun 29 11:02 key-users
-r-------- 1 root root 0 Nov 29 2016 kmsg
-r--r--r-- 1 root root 0 Jun 29 11:02 loadavg
-r--r--r-- 1 root root 0 Jun 29 11:02 locks
-r--r--r-- 1 root root 0 Nov 29 2016 mdstat
-r--r--r-- 1 root root 0 Jun 29 11:02 meminfo
-r--r--r-- 1 root root 0 Jun 29 11:02 misc
lrwxrwxrwx 1 root root 11 Jun 29 11:02 mounts -> self/mounts
dr-xr-xr-x 2 root root 0 Jun 29 11:02 mpt
-r--r--r-- 1 root root 0 Jun 29 11:02 mtd
-rw-r--r-- 1 root root 0 Jun 29 11:02 mtrr
lrwxrwxrwx 1 root root 8 Jun 29 11:02 net -> self/net
-r--r--r-- 1 root root 0 Jun 29 11:02 pagetypeinfo
-r--r--r-- 1 root root 0 Jun 29 11:02 partitions
dr-xr-xr-x 3 root root 0 Jun 29 11:02 scsi
lrwxrwxrwx 1 root root 0 Nov 29 2016 self -> 7506
-r-------- 1 root root 0 Jun 29 11:02 slabinfo
-r--r--r-- 1 root root 0 Jun 29 11:02 softirqs
-r--r--r-- 1 root root 0 Jun 29 11:02 stat
-r--r--r-- 1 root root 0 Jun 29 11:02 swaps
dr-xr-xr-x 1 root root 0 Apr 15 18:46 sys
--w------- 1 root root 0 Jun 29 11:02 sysrq-trigger
dr-xr-xr-x 2 root root 0 Jun 29 11:02 sysvipc
-r--r--r-- 1 root root 0 Jun 29 11:02 timer_list
dr-xr-xr-x 4 root root 0 Jun 29 11:02 tty
-r--r--r-- 1 root root 0 Jun 29 11:02 uptime
-r--r--r-- 1 root root 0 Jun 29 11:02 version
-r-------- 1 root root 0 Jun 29 11:02 vmallocinfo
-r--r--r-- 1 root root 0 Jun 29 11:02 vmstat
-r--r--r-- 1 root root 0 Jun 29 11:02 zoneinfo
When I don't know how to undo something, I often search how to DO it. It worked today with linux hide processes from other users - Recherche Google.
So if hidepid allows you to hide processes, it should do the opposite if deactivated.
Apparently hidepid is not in use though and I can only see 4 processes wether I use ls /proc or ps :
santiago@alphard:~$ sudo mount | grep proc
proc on /proc type proc (rw,relatime)
santiago@alphard:~$ ls -ld /proc/{0..9}* 2> /dev/null | wc -l
4
santiago@alphard:~$ ps x -o pid= | wc -l
4
But I'm still going to try to tweak hidepid and indeed I can see more processes with ls /proc but not with ps :
santiago@alphard:~$ sudo mount -o remount,hidepid=1 /proc
santiago@alphard:~$ sudo mount | grep proc
proc on /proc type proc (rw,relatime,hidepid=1)
santiago@alphard:~$ ls -ld /proc/{0..9}* 2> /dev/null | wc -l
202
santiago@alphard:~$ ps x -o pid= | wc -l
4
Surprisingly, hidepid level 1 gives me more permission but levels 0 and 2 are exactly the same:
santiago@alphard:~$ (echo -e "mount opt\tls /proc\tps" | sed 'p;s/[^\t]/-/g'; for h in 0 1 2; do echo -e "hidepid=$h\t$(sudo mount -o remount,hidepid=$h /proc; ls -ld /proc/{0..9}* 2> /dev/null | wc -l)\t$(ps x -o pid= | wc -l)"; done) | column -tns$'\t'
mount opt ls /proc ps
--------- -------- --
hidepid=0 7 7
hidepid=1 201 7
hidepid=2 7 7
I'm still investigating but level 0 should give me all permissions like in old behavior.
To me this looks like the result of /proc having rather weird permissions. What does
ls -ld /proc
show? Because if it is flagged "0" (oct) for "others" you can't even see directory entries in there except for the ones you are directly permitted to (by their own permissions).
I just checked with a system running kernel "3.0.101-97-default" (according to uname , some old SLES, i believe) and the output was
# ls -ld /proc
dr-xr-xr-x 182 root root 0 Jun 27 20:03 /proc
So users are able to see the directory entries in there, even if they are not permitted to access them.
Yes, default should be hidepid=0 and all processes readable.
You have a special kernel.
--
For my special interest:
does somebody happen to know how to set mount options if /proc is not in /etc/fstab??