Linux – How to find and kill remote processes in Linux

killlinuxprocessremote

I am developing a daemon that is acting up and I am now unable to create any new processes (ie. I cannot start a new process to kill the other rogue processes). So, I need to be able to kill the processes from a remote machine. How do I do "kill" remotely without admin privileges? If I cannot kill my own process from a remote machine as a normal user then tell me so I can mark it as the correct answer.

Best Answer

In order to kill a process running on a machine, some local process (or the kernel) has to emit the killing signal. So you need a way to cause a process to emit that signal, and since you can't create a new process, you need to find a way that relies exclusively on already-running processes.

There is no standard daemon that can help you there. They would all process your authentication, then fork a new process (such as a shell) running as you. So if you have no console access and have no existing interaction with the machine, you're out of luck.

From your comments, it sounds like you still have a shell on the machine. Then there are things you can do. You can't run any external process, such as ls or ps. But you can run built-in commands such as echo, read, and kill (kill is not a built-in in all shells, but it is one in all shells that support job control, such as bash and zsh).

Each process has an associated directory under /proc: /proc/12345 where 12345 is the process id. Thus you can get some information on exising by exploring /proc. echo with wildcards is helpful here, e.g. cd /proc; echo [0-9]* shows the process ids of all running processes. If the shell is zsh, you can do a lot with glob qualifiers; for instance echo /proc/*(u$UID) shows only the processes running under your user id.

A way to display the contents of a file without forking is

while read -r line; do
  echo "$line"
done </path/to/file

You can kill many processes at once by passing them all to kill. If you've identified a process that belongs to your daemon, try killing its process group with kill -9 -PGID where PGID is the process id of the group leader. You can find the process group id of process 123 with </proc/123/stat read pid tcomm state ppid pgrp sid more; echo $pgrp. (The same information exists in a more readable form in /proc/123/ but you're not in a good condition to read it.) You can also try send a signal to all your processes (including the originating shell) with

trap : NUM
kill -NUM -1

Pick values of NUM other than KILL (9) so that the trap command does cause your shell to ignore the signal (KILL cannot be trapped).

Related Question