1

I tried this:

pkill -KILL -u root

It turns out that wasn't what I wanted. Now I can't log in by SSH.

What is the correct way?

Edit - I've added the word "safely" to the question. I know that you should not kick out root users because they might be doing something important. But suppose that user is a customer service agent at a large hosting company who is charging you about $5 per minute as long as they are logged into your machine. Suppose you've told them the problem is solved and they can log out now and stop billing you, but they pretend not to get your emails because your boss already authorized two hours of work and they'd like to bill 100% of that. Suppose you aren't the average soulless corporate slave and you'd like to save your boss some money. So anyway, I kicked them out. I did it the wrong way, but no harm was done and I learned a few things, and I saved my boss at least $100.

Buttle Butkus
  • 1,741
  • 8
  • 33
  • 45
  • 2
    I don't understand why this is being downvoted. No explanation whatsoever. You shouldn't downvote a question just because you happen to think kicking out root users is a bad idea. Downvoting doesn't teach anyone that either. It's a valid question, and just because you can't imagine a valid reason for performing such an action, doesn't mean it's universally wrong. So, why the downvotes? – Buttle Butkus Jan 03 '13 at 07:28
  • 1
    Nobody has an obligation to explain votes, whether they are up or down. Voting itself is a personal thing and not everyone does so for the same reasons. That's life. BTW, I chuckled when I read your question but I didn't feel the need to downvote it. – John Gardeniers Jan 03 '13 at 09:38
  • @JohnGardeniers It starts to make these stack sites seem silly. Perhaps downvoting should be allowed only for those of the same rep magnitude. – Buttle Butkus Jan 03 '13 at 09:43
  • 5
    No, that is most definitely not a genius idea and it's not the site that's looking silly. – John Gardeniers Jan 03 '13 at 09:47
  • @JohnGardeniers Funny, I didn't say it was a genius idea. But now that you mention it, you're right! Here's an even better one: give askers rep based on the upvotes of the answers they get. How bad could a question be that gets thousands of views and dozens of upvotes for its answers? And yet you see that all the time. Silly, nitpicking nerds and grammar police bring these sites down. – Buttle Butkus Jan 03 '13 at 09:54
  • Actually you did say "Now tell me that's not a genius idea" but then edited it back out but I posted my comment before you did the edit. – John Gardeniers Jan 03 '13 at 09:57
  • I have a few more questions. Tell me if they're too dumb and should be downvoted, so I'll know not to ask them. Should servers be turned off at night? How is fire spread in servers and datacenters? Can you mount a network switch upside down? – Buttle Butkus Jan 03 '13 at 10:08
  • 1
    1) Should servers be turned off at night? It can save a lot of energy if they're not needed. 2) How is fire spread in servers and datacenters? Varies based on too many factors to be a worthy question, hire a pro to answer that and 3) Can you mount a network switch upside down? Some you can, some you can't - depends on the model due to heat dispersion, read the documentation or call the manufacturer - I've done it ONCE with a Cisco 3750E for a few months as it made sense, it was safe but it was temporary. Oh and don't get hung up about downvotes, seriously it doesn't matter a jot. – Chopper3 Jan 03 '13 at 17:28
  • Maybe you're getting downvotes because of your comments under your question. I don't understand your downvotes, too. The stackexchange community is generally very polite and helpful. Also, stackexchange adds negative rep points to the downvoters rep (I think it was 2 or 5 rep points). Maybe you're getting downvotes because you posted 2 similar questions with almost the same content. If you've two simple questions regarding the same problem, post them in one question. – wullxz Jan 03 '13 at 17:34
  • 1
    Maybe one should not doublepost – Imre L Jan 03 '13 at 18:47
  • The question itself is valid, but pretty duplicate to your other question, which you also updated with this info. – Oldskool Jan 03 '13 at 20:39

3 Answers3

14

Kicking people out who are using root access is a dangerous thing, who knows what they are in the middle of doing and what state a system will be left in if they suddenly find themselves disconnected.

It's better not to allow people to use root unless they absolutely have to, routine use of root leads (as you have discovered) to accidents some of which will take more than a simple reboot to fix.

If you need people who are logged in as root to log out, talk to them and ask them to do so. If you don't have voice try wall or email.

Don't go killing root user processes because you want them to log out it will likely end badly.

user9517
  • 115,471
  • 20
  • 215
  • 297
  • Thanks, I probably should have used wall. I told them to get off by email for 30 minutes and finally just decided to kick them. Couldn't I theoretically have checked to see what processes they were using, and if nothing critical then kick them? – Buttle Butkus Jan 03 '13 at 07:26
  • You shouldn't kick people, you should make sure they can't just log in as root. Use tools like sudo for instance. – Lucas Kauffman Jan 03 '13 at 07:28
  • @LucasKauffman Would it be safe to kick sudoers? Is it safe to kick anyone? – Buttle Butkus Jan 03 '13 at 07:30
  • 1
    nope, but you can see if they are using sudo or not, if they are not using sudo you have a smaller chance of making the system instable. What we are telling you is that you shouldn't be kicking anyone :) – Lucas Kauffman Jan 03 '13 at 07:36
  • 1
    "I don't know what someone is doing so how can I kick them out" is the same reasoning you see from Windows users that say "I don't know what this file is, so can I delete it". Usually followed by a post along the lines of "Help, I deleted a file and now my system won't boot". Same thing. – Rob Moir Jan 03 '13 at 08:51
  • @RobM `$ w `, `$ USER root TTY pts/3 FROM 64.235.98.15 LOGIN@ 23:12 IDLE 27.0m WHAT vi`. I would say it's pretty safe to kill him. But thanks for the amazingly intelligent sarcasm! – Buttle Butkus Jan 03 '13 at 09:41
  • 2
    @ButtleButkus: Not guaranteably safe at all. What if they were editing the firewall rules and had saved them in a partial state because they were called away and someone stupidly ran a command like `pkill -KILL -u root` which necessitated the system to be rebooted. It's quite possible that the partial firewall update would block ssh ... Ok it's equally possible or even more likely they were just editing a php file but you can't know this so shouldn't make assumptions. – user9517 Jan 03 '13 at 09:53
  • @lain There are questions, there are answers, and then there are elaborate scenarios that prove that questions should never have been asked in the first place. What if I know they're working on an .htaccess file and I have a backup of it anyway, and they are ignoring my emails, and they are costing me exactly $140 per hour? Is it ok then for me to kick them off? – Buttle Butkus Jan 03 '13 at 10:02
  • 6
    **I would say it's pretty safe to kill him** - I would say "I don't know". Keep in mind that you're not supposed to be using root unless you're doing something that requires it, so I wouldn't expect someone to be logged in as root for trivial matters to begin with. There's a reason why one of us has killed SSH on their system and needs to ask what to do here, and the other one of us is enjoying a productive day at work unencumbered by mistakes like that. Of course we all make mistakes, & I've done worse than this myself, but the key is to learn from mistakes instead of trying to justify them. – Rob Moir Jan 03 '13 at 11:01
  • @RobM With pretty much every hosting company I've used, whenever you submit a ticket they ask for the root password to your server. Not that they would always need it, but they always ask for it and they always log in as root. So I doubt I'm the only one dealing with this kind of issue. I think that from now on, I will just create a user for them, add it to sudoers, and tell them to use that. Of course, not sure if that would stop them from doing `sudo su -` – Buttle Butkus Jan 04 '13 at 03:31
8

You killed every process that is owned by root. That means, that you killed several services that are started with root as owner.

To kick a user who is logged in as root, you could kill his terminal session (tty/pty).
Look at ps -ef | grep -e 'pts\|tty'and find out the terminal where your user is logged in.
Then use something like skill -KILL pts/0

wullxz
  • 1,073
  • 2
  • 16
  • 29
6
[root@sgeorge-ld ~]# w | grep root
sgeorge  pts/7    :0.0             23:17    0.00s  0.11s  0.01s ssh root@localh
root     pts/10   sgeorge-ld.linke 23:21    2:22   0.09s  0.09s -bash
root     pts/11   sgeorge-ld.linke 23:21    0.00s  0.15s  0.00s w

[root@sgeorge-ld ~]# ps -ef | grep 'pts/11'
root     17313 17275  0 23:21 ?        00:00:00 sshd: root@pts/11
root     17317 17313  0 23:21 pts/11   00:00:00 -bash
root     17439 17317  1 23:24 pts/11   00:00:00 ps -ef
root     17440 17317  0 23:24 pts/11   00:00:00 grep pts/11

[root@sgeorge-ld ~]# ps -ef | grep 'pts/10'
root     17283 17275  0 23:21 ?        00:00:00 sshd: root@pts/10
root     17286 17283  0 23:21 pts/10   00:00:00 -bash
root     17443 17317  0 23:24 pts/11   00:00:00 grep pts/10

This way you can find out the pid number. Just kill that pid number if you really want to kill it.

Using tty command you can find out your current terminal's name.

Suku
  • 2,036
  • 13
  • 15