Hi,
I am using the korn shell script to check the particular process is running or not in Soloris.But this script started in my login and if I give ps -ef | grep 'pname' it is showing the user as root.I am not using any where the root login access.It is miserable why the root login is coming.
Can you post what you typed and the response?
A process started by a root cron will be owned by root.
Maybe your process has the same name as a normal root process?
To confine the "ps" to your username:
ps -fu<username> | grep "pname"
My script name :rep_check_start.sh
It contains
nohup ksh rep_check &
after starting the script rep_check_start.sh ,if I check using ps -ef | grep -i rep_check it is showing,
root 9085 1 0 11:10:36 ? 0:00 ksh rep_check
Are you sure that you have not used sudo command , other wise it would be cron daemon of root ( methyl said ).
Probably your script has become orphaned and root has taken over it.
Ok.that is the case ,how to check the running process is orphan or not.I am not finding any clue regarding this.
Thanks for your help.
How was this background job started?
What was the user at the time?
Is "cron" or "at" involved?
Also, check to make sure that the setuid is not set for that script.
The background process started in the same way which I specified.
nohup ksh rep_check &
I am not starting the rep_check_start.sh(parent) in background mode.If I execute nohup ksh rep_check & in command prompt it is started fine and it is showing my user name in ps -ef.The problem is coming when I am executing thru rep_check_start.sh script.
---------- Post updated at 09:38 AM ---------- Previous update was at 09:36 AM ----------
No there is no setuid.
Try putting a shebang line at the top of rep_check.
#!/bin/ksh
Then invoke the script from rep_check_start.sh as:
nohup rep_check &
Is this a system you built or inherited? Is RBAC or Trusted Solaris Extensions being actively used on the system?
Cheers,
Keith
OK could you check few of the things.1
ptree or pstree to see the process tree
>> So we know who is the parent of that process.
try lsof to see what the process is doing ... may be some fork some where..
>> Now we could get more on what the process is calling
Check all the commands in the script for suid/guid bit .
Also check if you have permission to sudo/su or you are part of group which can make you root. (example wheel group)
Re-reading post 1.
I wonder. Is this script being run from /etc/profile or the user's $HOME/.profile perhaps?
I was guessing that even when a script is executed during login it might have forked a child process. Please correct me if I am wrong.
I guess since your script was running in background as
nohup ksh rep_check &
and maybe after that the session was somehow killed, so your script was running under root.
ps -ef -o stat will give the current status of the process.
Z for zombie and S for sleep and so on..
What is rep_check? What's the output of
file rep_check
and
ls -la rep_check
Seems as if it's a setuid binary.
As I recall, (I'm not adminitrator of that application now)
I had a similar accident.
when calling the compilation with the command "nohup" the process we see as acting as a "root".
I found that when the compiler creates a new shared library, and therefore the author of the compile script authorized special user to run as root.
Normally, only moments compilation libraries could see it.
Note. libraries were created after compiled with chown special user.
By contrast, when start the command with nohup, it was immediately apparent as root always.
Its the initd process which inherites whose pid == 1. The root is just a user profile id which happens to be the default superuser of a system and NOT a process.
What does that mean? What do you mean by "orphaned"? Elevating a process to root privileges isn't the sort of thing your system should do.