Hello list,
Have a problem that's highlighting gaps in my knowledge; can you assist?
We have a script that's tacked onto our trading application which allows branch managers etc. to kill off the sessions of other users at their branch. A menu option in the application spawns a shell running this script. As far as I can tell it's spawned in the same context as the user that logged in (no sudo ing or any other type of security context switching - as far as I can see).
The script itself doesn't have any sudo reference in it, nor does it call any other scripts, as far as I can tell.
Some detail on an example run of the script:
The script running, and the effective UID:
$ ps -fp 16974070
UID PID PPID C STIME TTY TIME CMD
kccah 16974070 25407552 0 16:21:08 pts/97 0:00 /bin/ksh /usr/hxscripts/brkill
$ ps -fp 16974070 -o ruser=
kccah
$
Some detail on the user:
$ lsuser kccah
kccah id=2957 pgrp=users groups=users,users,mail home=/usr/home/branch/users/kcc shell=/usr/bin/ksh gecos=Alex_Hawdon roles=
The function in the script that runs the kill, bits that do the killing are highlighted bold:
kill_user()
{
# To kill a user we have to do the following :
# kill the user is partition (unix nice kill)
# if they are still there, do a nasty kill
# clear the partition table of illegal entries
# if they were logged in from a spider, then kill that spider port
# (( if they were logged in from an annex, then kill that annex port ))
#
log "Killed a user : User Details"
log "USERID : ${USERID[$1]}"
log "USER NAME : ${USERNAME[$1]}"
log "USER PID : ${USERPID[$1]}"
log "USER TERMINAL : ${USERTERM[$1]}"
#
/usr/bin/kill -15 ${USERPID[$1]} 2>>/dev/null
sleep 1
#
case $UNIXTYPE
in
AIX) COMMAND=`who -u | awk -v pid=${USERPID[$1]} '$7==pid' | wc -l`;;
OSF1) COMMAND=`who -uM | awk -v pid=${USERPID[$1]} '$7==pid' | wc -l`;;
*) echo "Fatal error - unknown UNIX version"
pressreturn
cleanup;;
esac
if [ $COMMAND -eq 1 ]
then
/usr/bin/kill -9 ${USERPID[$1]} 2>>/dev/null
fi
$KCMLADDR/bkstat -C
TERMIDFILE=`echo "$USERHOME" | sed "s/user/termid.csv/"`
# TERMIDFILE=`echo "$USERHOME" | sed "s/users/termid.csv/"`
REMOTE=`awk -v term=${USERTERM[$1]} -F, '$2==term' $TERMIDFILE`
if [ ! "$REMOTE" = "" ]
then
SPIDER=`echo "$REMOTE" | awk -F, '{print $1}' | cut -c 2-9`
PORT=`echo "$REMOTE" | awk -F, '{print $1}' | cut -c 11-12 | sed "s/^0//"`
log "SPIDER INFO : $SPIDER - $PORT"
rsh -l eod saturn "/usr/users/tech/stu/scripts/SPIDER/linekill.exp $SPIDER.harcros.co.uk $PORT" > /dev/null
fi
case $UNIXTYPE
in
AIX) COMMAND=`who -u | awk -v pid=${USERPID[$1]} '$7==pid' | wc -l`;;
OSF1) COMMAND=`who -uM | awk -v pid=${USERPID[$1]} '$7==pid' | wc -l`;;
*) echo "Fatal error - unknown UNIX version"
pressreturn
cleanup;;
esac
if [ $COMMAND -eq 1 ]
then
echo "Unable to clear user - Please contact Service Desk"
fi
#
# NEED TO ADD CHECK FOR AN ANNEX AT THIS POINT
#
pressreturn
}
A copy of the script is attached. A note - the /etc/dirlist script just sets up variables - it doesn't do *anything* fancy at all.
Thanks for your time on this, folks! Sorry if I've hastily overlooked something obvious!
Any further information required - give me a shout.
Thanks and regards,
Alex