kent@tifsie.UUCP (Russell Kent) (02/20/88)
We are having problems with our /etc/rc, /etc/rc.local, and another
"rc" file called /etc/rc.atcs related to /bin/su and other setuid
programs. First, some background:
1. We are running a DEC MicroVAX-II with Ultrix 2.0
For the uninitiated, Ultrix is DEC's name for a predominately
4.2BSD based Unix with a bunch of SYSV-isms thrown in for
compatibility and a few VMS-isms for DEC-bashing fodder. :-)
2. We have a project called ATCS with its own user id (atcs).
The project consists of programs invoked by the user for a
limited time (report generators, etc.), and programs which
must be running all the time (ala daemons). These
"boot-time" processes obviously must be invoked by /etc/rc
or some descendant thereof. The tricky part is that they
(the boot-time programs) must run as userid atcs. The file
/etc/rc.atcs is intended to hold the boot-time commands for
the ATCS processes.
3. The atcs boot-time programs run forever. The scheduler has
the (usually convenient but in this case annoying) feature that
non-root processes which have "nice" values >= 0 (or perhaps
merely = 0, I'm not sure), and which have consumed approximately
> 10:00 of actual CPU time (or more) will have their "nice"
value bumped-up by 4. This (I believe) only happens once (ie
you can't be niced to death). "Adjusting" the scheduler is
not an option in removing this feature for the atcs processes.
We have, however solved this through the use of a setuid root
program which (after verifying that the target process(es) are
owned by atcs) renices them TO -1. Renicing the process to -1
will effectively preveent the scheduler from dorking with the
nice value while also not overly effecting the "fairness"
between atcs and other users. This program is named "hose"
by our SA (for reasons that are amusing to him). "Hose"
executes a "ps" command, trapping the output, in order to
get his info about the processes.
OK. Now for the things that DO NOT WORK:
1. Inserting the line at the bottom of /etc/rc.local:
su atcs -fc "/etc/rc.atcs"
Where /etc/rc.atcs is a file similar to /etc/rc.local. We want to
keep the processes associated with atcs (a project id) separate
from the stuff in rc.local, esp. since rc.local starts things
as root.
2. Inserting the line at the bottom of /etc/rc.local:
sh /etc/rc.atcs
-or-
/etc/rc.atcs
And changing /etc/rc.local to "su -fc program" each atcs program.
This would theoretically preserve the security.
3. Inserting the line at the bottom of /etc/rc:
^^ yech
su atcs -fc "/etc/rc.atcs"
This has the obvious unpleasant aspect of getting clobbered
if you load an upgrade tape.
Now for what does work:
Insert the line at the bottom of /etc/rc:
sh /etc/rc.atcs
and change the /etc/rc.atcs file to use "su -fc program".
Even still, we have these lines at the bottom of /etc/rc.atcs
to adjust the nice values:
sleep 20
/local/bin/hose prog1 prog2 prog3
But prog1, prog2, and prog3 are NOT reniced.
Now then, has anyone else seen this behavior? Any brave individual
care to hypothesize? Give hints? Show me where I've gone off the
deep end??
If so, please email direct. I will post a summary of responses.
This is driving me crazy, and "a mind is a terrible thing to waste."
--
Russell Kent Phone: +1 214 995 3501
Texas Instruments UUCP address:
P.O. Box 655012 MS 3635 ...!convex!smu!tifsie!kent
Dallas, TX 75265 ...!ut-sally!im4u!ti-csl!tifsie!kent