When multiple developers collaborate on a shared UNIX system with group permissions (dev in this case), file access control is straightforward through g+rwx. However, process management presents a different challenge. By default, UNIX systems restrict process termination (kill) to either:

• The process owner
• The root user

Consider our example:

$ ls -l /opt/devfolder/bin/foo
-rwxrwx--- 1 user1 dev 12345 Jan 1 10:00 /opt/devfolder/bin/foo

Even with 0770 permissions:

$ ps -ef | grep foo
user2   12345     1  0 10:00 ?        00:00:00 /opt/devfolder/bin/foo

User3 (also in dev group) cannot kill PID 12345:

$ kill 12345
bash: kill: (12345) - Operation not permitted

Option 1: Sudoers Configuration

Create a controlled sudo rule in /etc/sudoers.d/dev-group:

%dev ALL=(user1,user2,user3) NOPASSWD: /bin/kill

Usage becomes:

$ sudo -u user2 kill 12345

Option 2: POSIX ACL Extension

For systems supporting ACLs (Linux, BSD):

$ setfacl -m g:dev:rwx /opt/devfolder/bin/foo
$ setfacl -m m::rwx /opt/devfolder/bin/foo

Option 3: Custom Wrapper Script

Create /usr/local/bin/dev_kill:

#!/bin/sh
if ps -p $1 -o group= | grep -q '^dev$'; then
    kill $1
else
    echo "Error: Process not owned by dev group" >&2
    exit 1
fi

Set permissions:

$ chown root:dev /usr/local/bin/dev_kill
$ chmod 4750 /usr/local/bin/dev_kill

• Always prefer principle of least privilege
• Log all kill operations (auditd or syslog)
• Consider process namespaces for stronger isolation

For modern systems:

$ sudo cgcreate -g cpu,memory,pids:/dev
$ sudo chown root:dev /sys/fs/cgroup/{cpu,memory,pids}/dev
$ sudo chmod 775 /sys/fs/cgroup/{cpu,memory,pids}/dev

Then launch processes within the cgroup:

$ cgexec -g cpu,memory,pids:dev /opt/devfolder/bin/foo

---

When dealing with shared development environments, process management becomes crucial. The key question is whether standard UNIX file permissions (g+rwx) automatically grant process termination rights between group members.

While your setup with 0770 permissions on executables allows group members to execute each other's programs, it doesn't automatically grant permission to terminate those processes. The ability to kill a process depends on:

1. Process owner's effective UID
2. Sending user's effective UID
3. System-specific process permission rules

Here's how to implement group-based process killing via sudo:

# /etc/sudoers.d/dev-group
%dev ALL=(ALL) NOPASSWD: /bin/kill -9 *

This allows any dev group member to run kill commands without password prompts.

For more granular control, consider process groups (PGIDs):

# When starting processes:
setsid ./your_program &

# For group members to kill:
pkill -g $PGID

Here's a complete workflow demonstrating both approaches:

# Create test group and users
sudo groupadd dev
sudo useradd -G dev user1
sudo useradd -G dev user2

# Configure sudo (as root)
echo "%dev ALL=(ALL) NOPASSWD: /bin/kill" >> /etc/sudoers.d/dev-group
chmod 440 /etc/sudoers.d/dev-group

# Test scenario (as user1)
./long_running_process &
ps -ef | grep long_running_process

# As user2:
sudo kill -9 [pid_from_user1]

While this solution works, consider these security implications:

• Any dev member can kill any process on the system
• For production systems, consider more restrictive patterns like:

%dev ALL=(%dev) NOPASSWD: /bin/kill -9 *

For better auditing and control:

#!/bin/bash
# /usr/local/bin/dev_kill
if [[ $(ps -o user= -p $1) == $(id -un) ]] || \
   [[ $(ps -o group= -p $1) == $(id -gn) ]]; then
    kill -9 $1
else
    echo "Error: Cannot kill process $1" >&2
    exit 1
fi