From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.comp.sysutils.supervision.general/793 Path: news.gmane.org!not-for-mail From: Ian Stokes-Rees Newsgroups: gmane.comp.sysutils.supervision.general Subject: Using chpst to block setpgrp? Date: Thu, 12 May 2005 16:27:24 +0100 Message-ID: <428375DC.7020504@physics.ox.ac.uk> NNTP-Posting-Host: main.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Trace: sea.gmane.org 1115911268 6985 80.91.229.2 (12 May 2005 15:21:08 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Thu, 12 May 2005 15:21:08 +0000 (UTC) Original-X-From: supervision-return-1029-gcsg-supervision=m.gmane.org@list.skarnet.org Thu May 12 17:21:06 2005 Return-path: Original-Received: from antah.skarnet.org ([212.85.147.14]) by ciao.gmane.org with smtp (Exim 4.43) id 1DWFTQ-0005uJ-ES for gcsg-supervision@gmane.org; Thu, 12 May 2005 17:19:40 +0200 Original-Received: (qmail 30333 invoked by uid 76); 12 May 2005 15:27:48 -0000 Mailing-List: contact supervision-help@list.skarnet.org; run by ezmlm List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Archive: Original-Received: (qmail 30327 invoked from network); 12 May 2005 15:27:48 -0000 User-Agent: Mozilla Thunderbird 0.9 (Windows/20041103) X-Accept-Language: en-us, en Original-To: supervision@list.skarnet.org X-Scan-Signature: 48c298bcf39d064b34496522131659df X-Sentinel-Whitelist: X-Sentinel-Score: -5.7 X-Sentinel-Report: -5.7/5.0 ---- SA results ALL_TRUSTED,AWL,INDICATE_SCAM,P_GROUP,P_PHYSICSSUB,P_PHYSICS_URL,RECEIVED_TRUSTED,STOCK_SYMBOL_WEAK autolearn=disabled Xref: news.gmane.org gmane.comp.sysutils.supervision.general:793 X-Report-Spam: http://spam.gmane.org/gmane.comp.sysutils.supervision.general:793 Hi, I am pretty sure the answer to this question is "no way", but is there any mechanism that can be used to block "setpgrp"? I can't see that there is. Basically we are using runit to start arbitrary user "processes" but we want to keep track of them. If they "daemonize" or change their process group they can get away from us. The (quasi) inverse of "chpst -P" would be nice. This is all for a batch scheduler -- people can circumvent the system through daemons and process groups so that their processes keep executing beyond their allocated time either to get a bigger slice or for more malicious reasons such as to snoop on the subsequent jobs which run. I suppose in any case there is nothing to stop a user from doing a regular "fork and kill" which would immediately invalidate the PPID, but I am less clear on what would happen to the PGID in this case. We would like to have PGID fixed for all processes started by a single user process so that we can "corral" them and then kill them all when the original process exits/dies or the alotted time expires. Cheers, Ian -- Ian Stokes-Rees i.stokes-rees@physics.ox.ac.uk Particle Physics, Oxford http://www-pnp.physics.ox.ac.uk/~stokes