On 2023-02-03 at 11:12, Greg Wooledge wrote: > On Fri, Feb 03, 2023 at 04:27:06PM +0100, Nicolas George wrote: > >> - crontabs or atjobs that download instructions from the web; >> >> - .procmailrc or “|something” in .forward; >> >> - probably one or two mechanisms I forgot about. > Any process currently running under that user's UID. Wouldn't the 'sudo -u user kill -9 -1' address that? According to kill(1), passing '-1' as the PID parameter means to kill "all processes except the kill process itself and init". The examples section specifically lists 'kill -9 -1' as a way to "kill all processes you can kill". I read this as indicating that the given sudo command should result in having the user kill all processes which are running as that user, which should leave none of those processes running afterwards. -- The Wanderer The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. -- George Bernard Shaw
Attachment:
signature.asc
Description: OpenPGP digital signature