dnebinger at joat.com
Sun Sep 11 22:52:59 UTC 2005
> If the user types
> nice -20 command
> an error is reported about lack of privileges.
This is a specific security measure that is in place to ensure the stability
of your box. Linux and unix in general will not support allowing users to
lower the priority of tasks.
Consider, for a moment, if this was possible and I'm a user on your system.
I can quite easily write a program that would consume CPU (i.e. calculating
pi to thousands of digits, running a crack program to decode passwords from
/etc/passwd, etc.). At the default levels it will wreak havoc on the box,
but if I have the ability to run the command at real time level (-20), I
would lock the box up entirely until the process finishes (if I even coded
it to finish).
Your only option at this point, because you most likely would not be able to
get a new root login or really do anything interactively, would be to cycle
You're looking at a special case in which you probably want a limited set of
users to issue a limited set of commands at real time level; to that end the
sudo command is appropriate, although I suspect that anyone that knew what
they were doing could still take advantage of the realtime level and grind
your box to a halt.
As an administrator I'd need to know what command you want the users to run
at realtime level and why it cannot be run at normal levels; we'd have to
thoroughly explore all of the alternatives before I would allow such a thing
on my boxen.
More information about the kde-linux