on Sun, May 23, 2004 at 01:18:01AM -0600, Bob Proulx (bob@proulx.com) wrote:
> Karsten M. Self wrote:
> > while sleep 600
> > do
> > ps aux | awk '/[w]hois/ {print $2}' | ( sleep 30; xargs kill )
> > done
>
> Clever. I like the concept. But I don't like the ps side of the
> implementation. The format is slightly different depending upon the
> state of the process. Also the search can match too much and kill
> similarly named processes.
The ps side is actually simplified from the command I've been using. I
wanted to illustrate the sleep pipe rather than the expressions used to
limit the process list. In practice, I filter out a few patterns which
*will* match (parents of the actual whois process), and I run the
command as a nonprivileged user (so the 'a' is unnecessary). So at best
I can shoot myself in my own foot.
The sleep actually provides additional insurance. The idea is to kill
long-lived processes. Most of the potential collateral damange will
have terminated from other causes before the kill is issued.
> Personally I am more familiar with the SysV format rather than the BSD
> format. 'ps aux' is roughly equivalent to 'ps -ef'. But you don't
> generally want the full output output for what you are doing. Is
> there an equivalent to SysV 'ps -e' in the BSD format? In any case
> that is a better format for looking for processes by name. Then we
> can make the awk test a little more precise.
>
> ps -e | awk '$NF == "whois" {print $1}' | ( sleep 30; xargs kill )
>
> That avoids the collateral damage from similarly named processes. It
> avoids needing the [w]hois workaround nicely.
That is pretty cool, yeah ;-)
> But a process which is named exactly the same can still be killed.
Again: sleep pretty much assures that this either won't happen, or
wouldn't be a bad thing.
Remember: the whole idea of running this is to clear out any processes
which are too long lived. A decent WHOIS query should return in 1-20
seconds, unless something's wrong. My 30 second sleep is a little on
the short side, but will be pretty safe in practice. Doubling that
would almost certainly avoid unintentional damage.
> I assume you are running this process as root and killing user
> processes would be undesireable.
No. We practice the principle of least privilege here.
> Of course if it is run as a unique non-root user then the system
> permissions will prevent it from actually killing other proceses. But
> we can avoid it even trying. Let's select only our own processes with
> 'ps -u userid'
>
> ps -u root | awk '$NF == "whois" {print $1}' | ( sleep 30; xargs kill )
Right.
> That avoids killing other user's processes. It uses only standard
> utilities which is rather nice. But there is a procps utility which
> can shorten things up a little.
>
> pgrep -xu root whois | ( sleep 30; xargs kill )
Nice.
> Personally I would probably leave the ps | awk in any script that I
> would write. It uses only standard utilities and would work on other
> systems without change. But on the commandline knowing it was
> available I would probably use the pgrep since it is simpler to type.
>
> Bob
>
> P.S. I really enjoyed your title.
;-)
Peace.
--
Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/
What Part of "Gestalt" don't you understand?
Bush/Cheney '04: Putting the "con" in conservatism
Attachment:
signature.asc
Description: Digital signature