On Tue, Jul 13, 2004 at 11:00:07AM -0600, Michael L Torrie wrote: > On Tue, 2004-07-13 at 10:55, Andrew Jorgensen wrote: > > Except that it's conceivable that someone would execute something > > outside of a shell, using ssh or something similar. I'd be interested > > in hearing other ideas. It seems like this is something that should > > be part of the various security services. A non-root user can't give > > his processes higher priorities, for instance, so apparently there's > > something limiting the highest priority a user can have. This same > > mechanism ought to be able to so something her. > > Since niced_bash is the login shell, there is no way to get around > it. It is the first thing ssh executes when you log in. Of course > you are correct in stating that a user can arbitrarily bump his > priority back up to normal with the renice command.
No, he can't. See man renice.
Mike
> Michael
>
>
> >
> > On Mon, 12 Jul 2004 15:21:47 -0500, Michael Halcrow <[EMAIL PROTECTED]> wrote:
> > > On Mon, Jul 12, 2004 at 03:05:33PM -0600, J. Troy Carpenter wrote:
> > > > Is there a away to set up a particular user such that every command
> > > > they perform from the command line is scheduled with a specific
> > > > priority (be it low or high)?
> > >
> > > There are a couple different ways to go about it. Personally, I would
> > > just write a wrapper shell:
> > >
> > > [EMAIL PROTECTED]:~$ cat niced_bash.c
> > > #include <unistd.h>
> > >
> > > int main( int argc, char** argv, char** envp )
> > > {
> > > nice( 19 );
> > > execve( "/bin/bash", argv, envp );
> > > }
> > >
> > > Copy it to /bin/niced_bash, then edit the passwd to use your wrappered
> > > shell:
> > >
> > > demoted:x:1005:100::/home/demoted:/bin/niced_bash
> > >
> > > I wrote this up really quick and tested it, and everything seemed to
> > > go smoothly on my box. Depending on exactly what you need to do, this
> > > may need some tweaking.
> > >
> > > Mike
> > > .___________________________________________________________________.
> > > Michael A. Halcrow
> > > Security Software Engineer, IBM Linux Technology Center
> > > GnuPG Fingerprint: 05B5 08A8 713A 64C1 D35D 2371 2D3C FDDA 3EB6 601D
> > >
> > > I didn't say it was your fault. I only said I was going to blame
> > > you.
> > >
> > >
> > >
> >
> > ____________________
> > BYU Unix Users Group
> > http://uug.byu.edu/
> > ___________________________________________________________________
> > List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
--
.___________________________________________________________________.
Michael A. Halcrow
Security Software Engineer, IBM Linux Technology Center
GnuPG Fingerprint: 05B5 08A8 713A 64C1 D35D 2371 2D3C FDDA 3EB6 601D
I stole this Sig.
pgp3xBwO6mVGr.pgp
Description: PGP signature
____________________ BYU Unix Users Group http://uug.byu.edu/ ___________________________________________________________________ List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
