[kde-linux] nice

Dave Nebinger dnebinger at joat.com
Sun Sep 11 22:52:59 UTC 2005

> If the user types
>             nice -20 command
> an error is reported about lack of privileges.

This is a specific security measure that is in place to ensure the stability 
of your box.  Linux and unix in general will not support allowing users to 
lower the priority of tasks.

Consider, for a moment, if this was possible and I'm a user on your system. 
I can quite easily write a program that would consume CPU (i.e. calculating 
pi to thousands of digits, running a crack program to decode passwords from 
/etc/passwd, etc.).  At the default levels it will wreak havoc on the box, 
but if I have the ability to run the command at real time level (-20), I 
would lock the box up entirely until the process finishes (if I even coded 
it to finish).

Your only option at this point, because you most likely would not be able to 
get a new root login or really do anything interactively, would be to cycle 
the box.

You're looking at a special case in which you probably want a limited set of 
users to issue a limited set of commands at real time level; to that end the 
sudo command is appropriate, although I suspect that anyone that knew what 
they were doing could still take advantage of the realtime level and grind 
your box to a halt.

As an administrator I'd need to know what command you want the users to run 
at realtime level and why it cannot be run at normal levels; we'd have to 
thoroughly explore all of the alternatives before I would allow such a thing 
on my boxen.

More information about the kde-linux mailing list