------------------------------------------------------------------------------------------------------------------------------------
Overview of process related control - specifically PID, PPID, PGID, SID:
------------------------------------------------------------------------------------------------------------------------------------
When the system starts, we launch "initd", or "systemd", as the "mother of all processes",
and it has a PID (process ID) of 1 and a PPID (parent process of 0)
The PPID, or parent process ID is what the process group refers to.
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 2014 ? 00:04:42 /sbin/init
root 2 0 0 2014 ? 00:00:01 [kthreadd]
At a high level we have a SESSION, that contains a number of PROCESS GROUPS.
A SESSION can have a controlling TTY (or PTS)
A PROCESS GROUP contains a number of PROCESSES.
A PROCESS contains a number of THREADS.
The process group leader is the owner of the processes for a session.
setsid runs a program in a new session.
setsid - creates a session and sets the process group ID
A child created via fork inherits its parent's session ID.
(below PPID 2385 is the session ID for bash (edited to show the relationship)
PPID 2385 is owned by init... this is normal as the console is controlled by init processes.
PPID 2385 has several PIDs associated with it. If you wanted to kill the sessions on the console
a kill command to 2385 would likely terminate all console activity... not sure how cleanly other processes
would terminate. You'd have to analyze the process tree. (pstree)
--> ps -ef | grep bash
UID PID PPID C STIME TTY TIME CMD
john 2391 2385 0 Jan27 pts/0 00:00:00 bash
john 2482 2385 0 Jan27 pts/1 00:00:00 bash
john 2991 2385 0 Jan27 pts/2 00:00:00 bash
john 30025 2385 0 Feb02 pts/3 00:00:00 bash
------------------------------------------------
--> ps -ef | grep 2385
UID PID PPID C STIME TTY TIME CMD
john 2385 1 0 Jan27 ? 00:02:45 mate-terminal
john 2390 2385 0 Jan27 ? 00:00:00 gnome-pty-helper
john 2391 2385 0 Jan27 pts/0 00:00:00 bash
john 2482 2385 0 Jan27 pts/1 00:00:00 bash
john 2991 2385 0 Jan27 pts/2 00:00:00 bash
john 30025 2385 0 Feb02 pts/3 00:00:00 bash
------------------------------------------------
the pstree command shows bash under init, and then ssh controlled from there... makes sense, I'm ssh'd out of this system to
the server I'm editing this page on... so if I killed bash I would only kill the terminal sessions. firefox and other functions
would continue as they are not part of that session group.
--> pstree
init---NetworkManager---dhclient
| |-dnsmasq
| |-2*[{NetworkManager}]
|-bash---ssh
|-SystemToolsBack
|-acpid
|-at-spi-bus-laun---dbus-daemon
| |-3*[{at-spi-bus-laun}]
|-at-spi2-registr---{at-spi2-registr}
|-atd
|-avahi-daemon---avahi-daemon
|-clock-applet---{clock-applet}
|-console-kit-dae---64*[{console-kit-dae}]
|-cron
|-cupsd
|-3*[dbus-daemon]
|-2*[dbus-launch]
|-dconf-service---2*[{dconf-service}]
|-dhclient
|-firefox---36*[{firefox}]
|-gconfd-2
|-mate-screensave
|-mate-settings-d---{mate-settings-d}
|-mate-terminal---bash---ssh
| |-bash---pstree
| |-2*[bash---sudo---su---bash]
| |-gnome-pty-helpe
| |-2*[{mate-terminal}]
|-matecomponent-a---2*[{matecomponent-a}]
|-mateconfd-2
|-mdm---mdm---Xorg
| |-x-session-manag---applet.py
| |-caja---{caja}
| |-marco---{marco}
| |-mate-bluetooth----2*[{mate-bluetooth-}]
| |-mate-panel---{mate-panel}
| |-mate-power-mana---{mate-power-mana}
| |-mate-volume-con---{mate-volume-con}
| |-mintupdate-laun---sh---mintUpdate---2*[{mintUpdate}]
| |-nm-applet---2*[{nm-applet}]
| |-polkit-mate-aut---{polkit-mate-aut}
| |-ssh-agent
| |-2*[{x-session-manag}]
|-mintmenu---mate-screensave
| |-2*[{mintmenu}]
|-modem-manager
|-nmbd
|-notification-ar---{notification-ar}
|-nxserver.bin---nxd---5*[{nxd}]
| |-nxserver.bin---nxnode.bin---nxclient.bin---10*[{nxclient.bin}]
| | | |-16*[{nxnode.bin}]
| | |-{nxserver.bin}
| |-3*[{nxserver.bin}]
|-polkitd---{polkitd}
|-pulseaudio---gconf-helper
| |-2*[{pulseaudio}]
|-rsyslogd---3*[{rsyslogd}]
|-rtkit-daemon---2*[{rtkit-daemon}]
|-smbd---smbd
|-sshd
|-system-tools-ba---{system-tools-ba}
|-udevd---2*[udevd]
|-udisksd---3*[{udisksd}]
|-upowerd---2*[{upowerd}]
|-upstart-socket-
|-upstart-udev-br
|-winbindd---winbindd
|-wnck-applet---{wnck-applet}
------------------------------------------------
setuid() sets the effective user ID of the calling process. (see also: http://www.tuxation.com/setuid-on-shell-scripts.html)
getuid() returns the real user ID of the calling process.
geteuid() returns the effective user ID of the calling process.
setreuid() sets real and effective user IDs of the calling process.
setpgid, getpgid, setpgrp, getpgrp - set/get process group
setpgid() sets the PGID of the process specified by pid to pgid.
getpgid() returns the PGID of the process specified by pid.
If pid is zero, the process ID of the calling process is used.
Process ID (PID)
-----------------
The PID is an arbitrary number that identifies the process. Every process has a unique ID,
after the process exits and the parent process retrieves the exit status, the process ID may be used by a new process.
Parent Process ID (PPID)
-----------------
The parent process ID is the PID of the process that started the process.
Process Group ID (PGID)
-----------------
The PID of the process group leader. If PID == PGID, then this is a process group leader.
Session ID (SID)
-----------------
This is the PID of the session leader. If PID == SID, then this process is a session leader.
Sessions and process groups are just ways to manage a number of related processes.
All the members of a process group always belong to the same session, but a session may have multiple process groups.
A shell will normally be a session leader, and every pipeline executed by that shell will be a process group.
This is to make it easy to kill the children of a shell when it exits.
------------------------------------------------------------------------------------------------------------------------------------
QUESTIONS:
--------------------------------------------------------------------------------------
#########################################################################################################
1) What does Setuid do? (man pages say "If the calling process is not a process group leader, setsid() creates a new session.".)
setuid() sets the effective user ID of the calling process.
#########################################################################################################
2) Can you explain what a process group leader is?
The process group leader is the owner of the processes for a session.
#########################################################################################################
3) What happens when setsid(); is called after a fork.
setsid - creates a new session and sets the new process group ID, with the current process as both session leader and process group leader.
--------------------
REASON FOR CALLING AFTER A FORK:
----------------
It is called after a fork in order to separate the session id calling the new process so that existing proceesses do not lose their "parent".
Once the system is forked and setsid is called a new session id is established as the PPID. This allows for cleaner control of processes
and threads from that session.
-----------------
from the man page on line at http://linux.die.net/man/2/setsid
-------
setsid() creates a new session if the calling process is not a process group leader.
The calling process is the leader of the new session, the process group leader of the new process group, and has no controlling terminal.
The process group ID and session ID of the calling process are set to the PID of the calling process.
The calling process will be the only process in this new process group and in this new session.
-----------------------------------------------------------------
It gets mildly complicated if the calling PID is 0, or root.
The control of root is unique and when explained in "programmerese" gets somewhat obsfucated.
FROM: http://linux.die.net/man/2/setuid :
-------
This allows a set-user-ID (other than root) program to drop all of its user privileges, do some un-privileged work,
and then reengage the original effective user ID in a secure manner.
If the user is root or the program is set-user-ID-root, special care must be taken.
The setuid() function checks the effective user ID of the caller and if it is the superuser,
all process-related user ID's are set to uid. After this has occurred, it is impossible for the program to regain root privileges.
Thus, a set-user-ID-root program wishing to temporarily drop root privileges, assume the identity of an unprivileged user, and then
regain root privileges afterward cannot use setuid(). You can accomplish this with seteuid(2).
#########################################################################################################
------------------------------------------------------------------------------------------------------------------------------------
FROM man on ps - headings (show up with options -l or -f or -a for all) (displayed in an order of "interest")
UID (f,l) The user ID number of the process owner; the login name is printed under the -f option.
PID (all) The process ID of the process; it is possible to kill a process if this datum is known.
PPID (f,l) The process ID of the parent process.
STIME (f) Starting time of the process.
CMD (all) The command name; the full command name and its arguments are written under the -f option.
TTY (all) The controlling terminal for the process.
TIME (all) The cumulative execution time for the process.
SZ (l) The size in blocks of the core image of the process.
PRI (l) The priority of the process; higher numbers mean lower priority.
NI (l) Nice value; used in priority computation.
F (l) Flags (octal and additive) associated with the process.
S (l) The state of the process.
C (f,l) Processor utilization for scheduling.
ADDR (l) The address of the process.
WCHAN (l) The event for which the process is waiting or sleeping; if blank, the process is running.
---------------------------------------------------------------------------------
The following names are recognized in the POSIX locale:
ruser The real user ID of the process. This shall be the textual user ID, if it can be obtained
and the field width permits, or a decimal representation otherwise.
user The effective user ID of the process. This shall be the textual user ID, if it can be
obtained and the field width permits, or a decimal representation otherwise.
rgroup The real group ID of the process. This shall be the textual group ID, if it can be
obtained and the field width permits, or a decimal representation otherwise.
group The effective group ID of the process. This shall be the textual group ID, if it can be
obtained and the field width permits, or a decimal representation otherwise.
pid The decimal value of the process ID.
ppid The decimal value of the parent process ID.
pgid The decimal value of the process group ID.
pcpu The ratio of CPU time used recently to CPU time available in the same period, expressed as
a percentage. The meaning of "recently" in this context is unspecified. The CPU time
available is determined in an unspecified manner.
vsz The size of the process in (virtual) memory in 1024 byte units as a decimal integer.
nice The decimal value of the nice value of the process; see nice() .
etime In the POSIX locale, the elapsed time since the process was started, in the form:
[[dd-]hh:]mm:ss
where dd shall represent the number of days, hh the number of hours, mm the number of minutes,
and ss the number of seconds. The dd field shall be a decimal integer. The hh, mm, and ss fields
shall be two-digit decimal integers padded on the left with zeros.
time In the POSIX locale, the cumulative CPU time of the process in the form:
[dd-]hh:mm:ss
The dd, hh, mm, and ss fields shall be as described in the etime specifier.
tty The name of the controlling terminal of the process (if any) in the same format used by
the who utility.
comm The name of the command being executed ( argv[0] value) as a string.
args The command with all its arguments as a string. The implementation may truncate this value
to the field width; it is implementation-defined whether any further truncation occurs. It
is unspecified whether the string represented is a version of the argument list as it was
passed to the command when it started, or is a version of the arguments as they may have
been modified by the application. Applications cannot depend on being able to modify their
argument list and having that modification be reflected in the output of ps.
------------------------------------------------------------------------------------------------------------------------------------
|