28

I would like to start a process with a nice value of -20. This requires me to use a command like

sudo nice -n -20 matlab

However, this starts matlab as root too. Is there a way to have matlab as non-root?

My current approach is

sudo nice -n -20 sudo -u myusername matlab

which to me looks like a hack. Is there a direct approach to do this?

AdminBee
  • 22,803
Lord Loh.
  • 1,976
  • You should be able to just drop the sudo. root is not needed to nice your own process. – jordanm Apr 18 '13 at 19:45
  • 10
    If you want to set a higher priority than the default, you do need superuser. (-20 is the highest priority.) The only other way I can think of to do this would be to sudo renice after it is started. However, since you're running matlab interactively, that's easier said than done. – Alan Shutko Apr 18 '13 at 19:50
  • 2
    Not a hack, that's the way to go. – Hauke Laging Apr 18 '13 at 19:55
  • @jordanm - Without a sudo, this is the right command - nice -n -20 matlab and this is the output nice: cannot set niceness: Permission denied. Matlab starts up and the nice value is 0. – Lord Loh. Apr 18 '13 at 23:51
  • @AlanShutko - I could run system('sudo renice ...') in MATLAB, but matlab starts 2 processes - MATLAB and matlab_helper. I might have to do it on both. moreover I also want all my MATLAB processes to be of high priority - when I start matlabpool local for parallel processing.

    @HaukeLaging - I am beginning to think you are right.

    – Lord Loh. Apr 18 '13 at 23:55
  • Some things can be done too, with super user htop access to. – 41754 Jul 22 '14 at 12:02

7 Answers7

29

I would start it normally and use "renice" afterwards...

However I was able to make a quick hack together with "su" which works:

sudo nice -n -20 su -c command_to_run user_to_run_as

If you don't have to give sudo a password - perhaps because you've already just given it - you may add an & to put the whole thing in the background.

Since you already become root with the sudo-command, su won't ask you for a password. I was able to start a X-program from a terminal-emulator under X. If you want to run the X-program as another user than the user owning the X-session, you'll probably need to explicitly tell X to allow it (open for X-clients from that user).

AdminBee
  • 22,803
  • 1
    Thank you. So I think the way I figured was the only way to do about. – Lord Loh. Apr 19 '13 at 02:46
  • This works! The only thing I am encountering now is that I have no standard output. How to solve this? E.g. sudo nice -n 19 su -c $(echo "test") gives no output. – jaques-sam Oct 22 '18 at 08:46
  • My bad, you need to do sudo nice -n 19 su -c "echo 'test'"' When you want to run a function insu -c do`, see https://stackoverflow.com/a/3727572/2522849 – jaques-sam Oct 22 '18 at 09:03
15

I have found this could be done by modifying the file /etc/security/limits.conf (at least on some linux distros). In my case, I simply added:

#<domain>    <type>  <item>  <value>
my_user        -     nice       -20`

then you can execute

nice -n -20 matlab

Logout and back in after saving changes to /etc/security/limits.conf.

This answer explains why.

sup2069
  • 59
guyik
  • 151
  • 2
    After making this change, should log out/in again: https://unix.stackexchange.com/q/108603/247665 – shaneb Feb 07 '19 at 20:48
12

One step further @Jordan: Here's the elegant solution against sudo nice -n -xx su <username> -c matlab hack.

Note: Using username=sid, matlab meta-data dir=/var/lib/matlab, nice=-10 -- change at your will

  1. Create matlab meta-data dir
    sudo mkdir /var/lib/matlab
    
  2. Add specified user to launch matlab & right permission
    sudo useradd -d /var/lib/matlab sid
    sudo chown sid:sid /var/lib/matlab
    
  3. Set user password
    sudo passwd sid
    
  4. Append following to /etc/security/limits.conf
    sid - priority -10
    
  5. Setup & copy ssh-key to automate login (optional)
    ssh-keygen -t rsa #following key passwd misc   
    ssh-copy-id sid@localhost #using sid's passwd
    
  6. Create matlab shell wrapper (fix silent fail error)
    sudo -i
    cat &lt;&lt;EOF &gt;&gt;/usr/local/bin/wmatlab
    #!/bin/bash --
    # A wrapper to launch matlab
    /usr/local/MATLAB/&lt;version&gt;/bin/matlab -desktop
    EOF
    chmod +x /usr/local/bin/wmatlab
    
  7. Adjust "sid"'s login shell
    sudo usermod -s /usr/local/bin/wmatlab sid
    
  8. Start matlab using ssh with Xforward
    ssh -X sid@localhost
    
AdminBee
  • 22,803
Jiahao D.
  • 181
2

pam allows you to set limits on nice per group its configuration file:

@grnice hard priority -20

@grnice hard nice -20

And make sure the group the process runs in grnice.

Jordan
  • 21
1

Add the user to sudoers (actually, a new file in /etc/sudoers.d, but its the same premise):

niceuser ALL=NOPASSWD:/usr/bin/nice

Then, as the "niceuser":

niceuser@localhost $ sudo nice -n -10 command...

and it does what I need (that is, my user can now increase the priority of {command ...}). It supports multiple users, etc. - use man 5 sudoers for details.

X Tian
  • 10,463
squeegee
  • 119
  • 4
    That still runs command as root, which is what the poster is trying to avoid. – Kyle Butt Aug 12 '16 at 20:52
  • I agree with @KyleButt - we should run the command under the same user and from the same directory, etc, same environment, etc, rather then under root which will require "setuser" or whatsoever – Maxim Masiutin Dec 30 '22 at 19:19
1

As @jordanm said drop sudo. You can nice your own processes to give them a lower priority:

nice -20 matlab

No sudo.

John
  • 143
  • This did not work. system('ps a -o pid -o comm -o nice') got me 13580 MATLAB 19 - MATLAB is running with the lowest priority instead of the highest. My question was on how to increase the priority and not reduce it. – Lord Loh. Apr 18 '13 at 23:47
  • 1
    Without a sudo, this is the right command - nice -n -20 matlab and this is the output nice: cannot set niceness: Permission denied. Matlab starts up and the nice value is 0. – Lord Loh. Apr 18 '13 at 23:51
  • 4
    OP wants not increase priority (negative nice), ie. "nice --20 mathlab" (double -) in the old notation, "nice -n -20 mathlab" in the new. Only root may use negative nice-values. – Baard Kopperud Apr 19 '13 at 01:15
  • 1
    CAP_SYS_NICE would also allow the OP to do this without root privileges, but involves delving into Linux capabilities (something not a lot of people understand and might be more work than it's worth). I just mention it for the sake of completeness. – Bratchley Apr 19 '13 at 12:21
  • http://stackoverflow.com/questions/7635515/how-to-set-cap-sys-nice-capability-to-a-linux-user – Lord Loh. Apr 20 '13 at 13:45
  • @LordLoh I'm assuming you're responding to me. That post isn't saying the CAP_SYS_NICE doesn't work or whatever you're thinking, it's talking about a process that's dropped a capability never being able to re-attain it, which is very true. It's still possible to give a non-root user CAP_SYS_NICE and then that account can renice PID's to the heart's content (assuming it never gives it up) without being given root permissions. – Bratchley Apr 22 '13 at 12:46
  • I just put the link of the closest post I found on the topic as a reference for anyone who might come across this thread :-) – Lord Loh. Apr 22 '13 at 18:40
0

Another possible option (simple, but less secure) is to enable setuid/setgid permission for nice executable.

sudo chmod +s /usr/bin/nice

setuid assign any user who can execute the file the effective UID of the file owner's (in this case root) when executing the file, thus is equivalent as running as that user. setguid does the same for effective GID.


Or you can do it more securely:

# create a system group named `nice'
groupadd -r nice

# set the owner group for `nice' executable
chgrp nice /usr/bin/nice

# disallow other users to run `nice`
chmod o-x /usr/bin/nice

# allow anyone who are able to execute the file gain a setuid as root
chmod u+s /usr/bin/nice

# add your user to the group
usermod -a -G nice <your-user-name>

Beware you need to re-login your account for new group to take effect.

shouya
  • 111